Cisco IOS Resilient Configuration

(1)

Cisco IOS Resilient Configuration

The Cisco IOS Resilient Configuration feature enables a router to secure and maintain a working copy of the running image and configuration so that those files can withstand malicious attempts to erase the contents of persistent storage (NVRAM and flash).

Feature History for Cisco IOS Resilient Configuration

Finding Support Information for Platforms and Cisco IOS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Restrictions for Cisco IOS Resilient Configuration

• This feature is available only on platforms that support a Personal Computer Memory Card International Association (PCMCIA) Advanced Technology Attachment (ATA) disk. There must be enough space on the storage device to accommodate at least one Cisco IOS image (two for upgrades) and a copy of the running configuration. IOS Files System (IFS) support for secure file systems is also needed by the software.

Release Modification

(2)

Cisco IOS Resilient Configuration Information About Cisco IOS Resilient Configuration

• It may be possible to force removal of secured files using an older version of Cisco IOS software that does not contain file system support for hidden files.

• This feature can be disabled only by using a console connection to the router. With the exception of the upgrade scenario, feature activation does not require console access.

• You cannot secure a bootset with an image loaded from the network. The running image must be loaded from persistent storage to be secured as primary.

• Secured files will not appear on the output of a dir command issued from an executive shell because the IFS prevents secure files in a directory from being listed. ROM monitor (ROMMON) mode does not have any such restriction and can be used to list and boot secured files. The running image and running configuration archives will not be visible in the Cisco IOS dir command output. Instead, use the show secure bootset command to verify archive existence.

Information About Cisco IOS Resilient Configuration

Before using Cisco IOS Resilient Configuration, you should understand the following concept:

• Feature Design of Cisco IOS Resilient Configuration, page 2

Feature Design of Cisco IOS Resilient Configuration

A great challenge of network operators is the total downtime experienced after a router has been compromised and its operating software and configuration data erased from its persistent storage. The operator must retrieve an archived copy (if any) of the configuration and a working image to restore the router. Recovery must then be performed for each affected router, adding to the total network downtime.

The Cisco IOS Resilient Configuration feature is intended to speed up the recovery process. The feature maintains a secure working copy of the router image and the startup configuration at all times. These secure files cannot be removed by the user. This set of image and router running configuration is referred to as the primary bootset.

The following factors were considered in the design of Cisco IOS Resilient Configuration:

• The configuration file in the primary bootset is a copy of the running configuration that was in the router when the feature was first enabled.

• The feature secures the smallest working set of files to preserve persistent storage space. No extra space is required to secure the primary Cisco IOS image file.

• The feature automatically detects image or configuration version mismatch.

• Only local storage is used for securing files, eliminating scalability maintenance challenges from storing multiple images and configurations on TFTP servers.

• The feature can be disabled only through a console session.

How to Use Cisco IOS Resilient Configuration

This section contains the following procedures:

• Archiving a Router Configuration, page 3

(3)

Cisco IOS Resilient Configuration

How to Use Cisco IOS Resilient Configuration

Archiving a Router Configuration

This task describes how to save a primary bootset to a secure archive in persistent storage.

SUMMARY STEPS

1. enable

2. configure terminal

3. secure boot-image

4. secure boot-config

5. end

6. show secure bootset

DETAILED STEPS

Command or Action Purpose

Step 1 enable

Example: Router> enable

Enables privileged EXEC mode.

• Enter your password if prompted.

Step 2 configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 secure boot-image

Example:

Router(config)# secure boot-image

Enables Cisco IOS image resilience.

Step 4 secure boot-config

Example:

Router(config)# secure boot-config

Stores a secure copy of the primary bootset in persistent storage.

Step 5 end

Example:

Router(config)# end

Exits to privileged EXEC mode.

Step 6 show secure bootset

Example:

Router# show secure bootset

(4)

Cisco IOS Resilient Configuration How to Use Cisco IOS Resilient Configuration

Examples

This section provides the following output example:

• Sample Output for the show secure bootset Command, page 4

Sample Output for the show secure bootset Command

The following example displays sample output from the show secure bootset command:

Router# show secure bootset

IOS resilience router id JMX0704L5GH

IOS image resilience version 12.3 activated at 08:16:51 UTC Sun Jun 16 2002 Secure archive slot0:c3745-js2-mz type is image (elf) []

file size is 25469248 bytes, run size is 25634900 bytes Runnable image, entry point 0x80008000, run from ram

IOS configuration resilience version 12.3 activated at 08:17:02 UTC Sun Jun 16 2002 Secure archive slot0:.runcfg-20020616-081702.ar type is config

configuration archive size 1059 bytes

Restoring an Archived Router Configuration

This task describes how to restore a primary bootset from a secure archive after the router has been tampered with (by an NVRAM erase or a disk format).

Note To restore an archived primary bootset, Cisco IOS image resilience must have been enabled and a primary bootset previously archived in persistent storage.

SUMMARY STEPS

1. reload

2. dir [filesystem:]

3. boot [partition-number:][filename]

4. no

5. enable

6. configure terminal

7. secure boot-config [restorefilename]

8. end

(5)

How to Use Cisco IOS Resilient Configuration

DETAILED STEPS

Command or Action Purpose

Step 1 reload

Example: Router# reload

(Optional) Enters ROM monitor mode, if necessary.

Step 2 dir [filesystem:]

Example:

rommon 1 > dir slot0:

Lists the contents of the device that contains the secure bootset file.

• The device name can be found in the output of the show secure bootset command.

Step 3 boot [partition-number:][filename]

Example:

rommon 2 > boot slot0:c3745-js2-mz

Boots up the router using the secure bootset image.

Step 4 no

Example:

System Configuration Dialog ---Would you like to enter the initial configuration dialog? [yes/no]: no

(Optional) Declines to enter an interactive configuration session in setup mode.

• If the NVRAM was erased, the router enters setup mode and prompts the user to initiate an interactive

configuration session.

Step 5 enable

Example: Router> enable

Enables privileged EXEC mode.

• Enter your password if prompted.

Step 6 configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 7 secure boot-config [restore filename]

Example:

Router(config)# secure boot-config restore slot0:rescue-cfg

Restores the secure configuration to the supplied filename.

Step 8 end

Example:

Router(config)# end

Exits to privileged EXEC mode.

Step 9 copy filename running-config

Example:

Router# copy slot0:rescue-cfg running-config

(6)

Cisco IOS Resilient Configuration Additional References

Additional References

The following sections provide references related to Cisco IOS Resilient Configuration.

Standards

MIBs

RFCs

Technical Assistance

Related Topic Document Title

Additional commands: complete command syntax, command mode, defaults, usage guidelines, and examples

The Cisco IOS Configuration Fundamentals and Network Management Command Reference, Release 12.3 T

Standards Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.

—

MIBs MIBs Link

No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

RFCs Title

No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.

—

Description Link

Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

(7)

Command Reference

Command Reference

This section documents only new commands.

• secure boot-config

• secure boot-image

(8)

Cisco IOS Resilient Configuration secure boot-config

secure boot-config

To take a snapshot of the router running configuration and securely archive it in persistent storage, use the secure boot-config command in global configuration mode. To remove the secure configuration archive and disable configuration resilience, use the no form of this command.

secure boot-config [restorefilename]

no secure boot-config

Syntax Description

Defaults No default behavior or values.

Command Modes Global configuration

Command History

Usage Guidelines Without any parameters, this command takes a snapshot of the router running configuration and securely archives it in persistent storage. Like the image, the configuration archive is hidden and cannot be viewed or removed directly from the command-line interface (CLI) prompt. We recommend that you run this command after the router has been fully configured to reach a steady state of operation and the running configuration is considered complete for a restoration, if required. A syslog message is printed on the console notifying the user of configuration resilience activation. The secure archive uses the time of creation as its filename. For example, the file named “.runcfg-20020616-081702.ar” was created July 16 2002 at 8:17:02.

The restore option reproduces a copy of the secure configuration archive as the supplied filename (disk0:running-config, slot1:runcfg, and so on). The restore operation will work only if configuration resilience is enabled. The number of restored copies that can be created is unlimited.

The no form of this command removes the secure configuration archive and disables configuration resilience. An enable, disable, enable sequence has the effect of upgrading the configuration archive if any changes were made to the running configuration since the last time the feature was disabled.

The configuration upgrade scenario is similar to an image upgrade. The feature detects a different version of Cisco IOS software and notifies the user of a version mismatch. The same command can be run to upgrade the configuration archive to a newer version after new configuration commands corresponding to features in the new image have been issued.

The correct sequence of steps to upgrade the configuration archive after an image upgrade is as follows:

• Configure new commands.

• Issue the secure boot-config command.

restorefilename (Optional) Reproduces a copy of the secure configuration archive as the supplied filename.

(9)

secure boot-config

Examples The following example shows the command used to securely archive a snapshot of the router running configuration:

secure boot-config

The following example shows the command used to restore an archived image to the file slot0:rescue-cfg:

Router(config)# secure boot-config restore slot0:rescue-cfg

ios resilience:configuration successfully restored as slot0:rescue-cfg

Related Commands Command Description

secure boot-image Enables Cisco IOS image resilience.

(10)

Cisco IOS Resilient Configuration secure boot-image

secure boot-image

To enable Cisco IOS image resilience, use the secure boot-image command in global configuration mode. To disable Cisco IOS image resilience and release the secured image so that it can be safely removed, use the no form of this command.

secure boot-image

no secure boot-image

Syntax Description This command has no arguments or keywords.

Defaults No default behavior or values

Command Modes Global configuration

Command History

Usage Guidelines This command enables or disables the securing of the running Cisco IOS image. The following two possible scenarios exist with this command.

• When turned on for the first time, the running image (as displayed in the show version command output) is secured, and a syslog entry is generated. This command will function properly only when the system is configured to run an image from a disk with an Advanced Technology Attachment (ATA) interface. Images booted from a TFTP server cannot be secured. Because this command has the effect of “hiding” the running image, the image file will not be included in any directory listing of the disk. The no form of this command releases the image so that it can be safely removed.

• If the router is configured to boot up with Cisco IOS resilience and an image with a different version of Cisco IOS is detected, a message similar to the following is displayed at bootup:

ios resilience :Archived image and configuration version 12.2 differs from running version 12.3.

Run secure boot-config and image commands to upgrade archives to running version.

To upgrade the image archive to the new running image, reenter this command from the console. A message will be displayed about the upgraded image. The old image is released and will be visible in the

dir command output.

Caution Be careful when copying new images to persistent storage because the existing secure image name might conflict with the new image. To verify the name of the secured archive, run the show secure bootset

command and resolve any name conflicts with the currently secured hidden image.

(11)

secure boot-image

Note After the Cisco IOS image is secured, the resilient configuration feature will deny any requests to copy, modify, or delete the secure archive and will even survive a disk format operation.

Examples The following example shows the activation of image resilience. router(config)# secure boot-image

Related Commands Command Description

dir Displays a list of files on a file system.

secure boot-config Saves a secure copy of the router running configuration in persistent storage.

show secure bootset Displays the status of image and configuration resilience.

(12)

Cisco IOS Resilient Configuration show secure bootset

show secure bootset

To display the status of Cisco IOS image and configuration resilience, use the show secure bootset

command in privileged EXEC mode.

show secure bootset

Syntax Description This command has no arguments or keywords.

Command Modes Privileged EXEC

Command History

Usage Guidelines Use the show secure bootset command instead of the dir command, the Cisco IOS directory listing command, to verify the existence of an image archive. This command will also display output that shows whether the image or configuration archive is ready for upgrade.

Examples The following is self-explanatory sample output from the show secure bootset command: Router# show secure bootset

%IOS image and configuration resilience is not active

Router# show secure bootset

IOS resilience router id JMX0704L5GH

IOS image resilience version 12.3 activated at 08:16:51 UTC Sun Jun 16 2002 Secure archive slot0:c3745-js2-mz type is image (elf) []

file size is 25469248 bytes, run size is 25634900 bytes Runnable image, entry point 0x80008000, run from ram

IOS configuration resilience version 12.3 activated at 08:17:02 UTC Sun Jun 16 2002 Secure archive slot0:.runcfg-20020616-081702.ar type is config

configuration archive size 1059 bytes

Related Commands

12.3(8)T This command was introduced.

Command Description

dir Displays a list of files on a file system.

secure boot-config Saves a secure copy of the router running configuration in persistent storage.

(13)

show secure bootset

CCIP, CCSP, the Cisco Arrow logo, the Cisco Powered Network mark, Cisco Unity, Follow Me Browsing, FormShare, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, Registrar, ScriptShare, SlideCast, SMARTnet, StrataView Plus, SwitchProbe, TeleRouter, The Fastest Way to Increase Your Internet Quotient, TransPath, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0403R)

(14)

Cisco IOS Resilient Configuration