INTRODUCTION

This document describes the how to use the RAT tool in Windows with
ActiveState Perl.


INSTALLATION

Follow the installation documentation for RAT on the Windows platform
in the file INSTALL.WIN32.txt.  Return to this document after you have
completed installation.


GETTING ROUTER CONFIG FILES


RAT is designed to audit and report on your Cisco router coniguration files,
providing output in HTML and ASCII text files.  RAT comes with a tool called
snarf that can automate the configuration download process, or you can
manually download the configuration files.  We have outlined some of the ways
to download your configuration files below:

Method #1

Use the snarf tool as part of RAT to download your configuration files.
This is done with the -a or --snarf flag:

        C:\Temp>perl c:\rat\bin\rat -a -u USERNAME -w VTYPASS -e ENABLEPASS 10.1.1.1
        snarfing 10.1.1.1...Using username USERNAME
        done.
        auditing 10.1.1.1...done.
        ncat_report: writing 10.1.1.1.ncat_fix.txt.
        ncat_report: writing 10.1.1.1.ncat_report.txt.
        ncat_report: writing 10.1.1.1.html.
        ncat_report: writing rules.html (cisco-ios-benchmark.html).
        ncat_report: writing all.ncat_fix.txt.
        ncat_report: writing all.ncat_report.txt.
        ncat_report: writing all.html.

If your router does not require a username, simply omit the -u options.
If your router does not require running "enable" to access privilege 15
options, use the --noenable option.


Method #2

Using a TFTP server on your Windows client, copy your router
configuration to your workstation then audit using RAT.

Step 1. Download and install a TFTP server for windows.
        Cisco makes a TFTP server for Windows available at
        http://www.cisco.com/cgi-bin/tablebuild.pl/tftp
        SolarWinds makes another TFTP server option for Windows,
        available for download at
        http://www.solarwinds.net/Tools/Free_tools/TFTP_Server/

Step 2. Start your TFTP server
        You may wish to set the download path to a directory off the
	root such as C:\TFTP-root.

Step 3. Copy your configuration files to the TFTP server
        Login to your router and run the following command in privileged mode:
        "copy running-config tftp"
        Provide the address of your TFTP server and a filename at the
	appropriate prompts.

Step 4. Run rat to audit your configuration file:

        The document doc\rat.html in your installation directory for
        rat describes all the options you can specify at the command
        line.  Many people will wish to use rat in the following
        fashion:

	"cd C:\TFTP-root" then

        "perl c:\rat\bin\rat cisco-router-confg"

        You can specify multiple configuration filenames at the
        command line if you wish to audit multiple configurations.


Method #3

Capture your configuration file through the logging option of your telnet client.

Step 1. Telnet/SSH/RSH into your router and go into privileged mode.

Step 2. On your router, turn of screen pagination by entering the
	command	"terminal length 0".

Step 3. Turn on the logging feature of your telnet program.  Capture
	the output to C:\TEMP\router-config.txt, for example.

Step 4. On your router, run the command "show running-config".

Step 5. Turn off the logging feature of your router.

Step 6. Run rat to audit your configuration file:

        The document doc\rat.html in your installation directory for
        rat describes all the options you can specify at the command
        line.  Many people will wish to use rat in the following
        fashion:
	"cd C:\TEMP" then
        "perl c:\rat\bin\rat router-config.txt"

        You can specify multiple configuration filenames at the
        command line if you wish to audit multiple configurations.


Method #4

There are several commercial tools available for downloading
configurations.  Purchase and use them at your own discretion.


WARNING

TFTP is a HIGHLY INSECURE protocol.  It uses NO AUTHENTICATION, not
even clear-text passwords.  Use it AT YOUR OWN RISK.  If you do use
it, be sure to take precautions such as applying firewall rules or
router access control lists in front of the machines running the TFTP
server to ensure that only authorized devices (your routers) can
access the TFTP server.

MOVING FILES FROM WINDOWS TO UNIX/END OF LINE DIFFERENCES

You should be aware that there may be problems with files that
have been moved from Windows system to Unix systems.  For instance,
if you download/save router configurations on a Windows system
and then copy it to a Unix system for checking, some of the rules
will fail.  This is because Unix and Windows use different characters
to mean "End Of Line" and some of the rules match on "End Of Line".

Send comments to rat-feedback@cisecurity.org.

$Id: README.WIN32.txt,v 1.3 2002/03/27 16:22:25 gmj Exp $
