Forum Discussion

ralph_ralf's avatar
ralph_ralf
Icon for Altostratus rankAltostratus
Jul 15, 2023

how to run the below bash file on f5

Hello,

I would like to extract a list of all virtual servers , profiles and certificates on my F5 ; I found the below script but I dont know how to run it on f5.Where should I place the cert-mapping file ? In which folder on f5 ?

  • Log on to the BIG-IP command line.

    Note: Command line access defaults to the bash shell.

  • Using a text editor, create the cert-mapping file.
  • Place the following bash script contents in the cert-mapping file:

    #!/bin/bash
    # Search /config and sub directories (partitions) for bigip.conf files
    LIST=`find /config -name bigip.conf |  xargs  awk '$2 == "virtual" {print $3}' 2> /dev/null | sort -u`
    echo "Virtual:          Profile:        Certificate:          Ciphers:"
    echo "__________________________________________________________"
    for VAL in ${LIST}
    do
    PROF=`tmsh show /ltm virtual ${VAL} profiles 2> /dev/null | grep -B 1 " Ltm::ClientSSL Profile:" | cut -d: -f4 | grep -i "[a-z]" | sed s'/ //'g| sort -u`
    test -n "${PROF}" 2>&- && {
    VIRTS=`expr $VIRTS + 1`
    for PCRT in ${PROF}
    do
    CERT=`tmsh list /ltm profile client-ssl ${PCRT} |  awk '$1 == "cert" {print $2}' 2> /dev/null | sort -u`
    test -n "${CERT}" 2>&- && {
    CIPHERS=`tmsh list /ltm profile client-ssl ${PCRT} ciphers | grep ciphers | awk '{print $2}'`
    echo "${VAL} ${PCRT} ${CERT} ${CIPHERS}"
    }
    done
    }
    done
    echo "Virtual server count: ${VIRTS}"

    Note: To alter this script to search for server-ssl profile certificates, replace client-ssl with server-ssl and Ltm::ClientSSL Profile: with Ltm::ServerSSL Profile:.

  • Close the text editor saving the file cert-mapping that contains the bash script.
  • To execute the script type the following command:

    bash ./cert-mapping

Thansk in advance.

 

Best Regards,

 

 

  • Notepad isn't your best option. Are you able to save the file locally with notepad++

    Also, can you post a cat from the file?

    Command on the cli is cat /temp/cert-mapping

  • Hi Ralph,

    If you only need it to run once you can place it in /tmp/.
    /shared/scripts would be a nice location of you are going to run it multiple times during the life of your BIG-IP.

    Do not forget to make it executable. (chmod u+x cert-mapping)

    Cheers,
    Kees

    • ralph_ralf's avatar
      ralph_ralf
      Icon for Altostratus rankAltostratus

      Thanks for your reply :

      Ive created the notepad file and transfered it to /tmp folder using filezilla.Then Ive changed the file to be an executable as advised.However after running it I got an error.

      Can you have a look on the below output and revert back.Thanks in advance

       

      [root@f5-IB-2:Standby:In Sync] tmp # chmod u+x cert-mapping
      [root@f5-IB-2:Standby:In Sync] tmp #
      [root@f5-IB-2:Standby:In Sync] tmp #
      [root@f5-IB-2:Standby:In Sync] tmp # ls -l
      total 580
      -r--r--r--. 1 root root 261660 2021-05-08 07:24 BigDB.dat.orig
      -rwxr--r--. 1 root root 914 2023-07-15 22:54 cert-mapping
      -r--r--r--. 1 root root 131 2022-08-20 22:57 dhclient.sh
      drwxr-xr-x. 2 root root 1024 2023-07-15 06:38 epsec
      -r--r--r--. 1 root root 206 2022-08-20 22:57 hosts_script
      drwxr-xr-x. 2 root root 1024 2022-08-27 03:33 hsperfdata_root
      drwxr-xr-x. 2 tomcat tomcat 1024 2022-08-20 22:58 hsperfdata_tomcat
      -rw-r--r--. 1 root webusers 304730 2023-07-15 22:49 running-config
      -rw-------. 1 apache apache 451 2023-07-15 15:08 sess_blttcb605qqnb26s65sg5v1jv2
      -rw-------. 1 apache apache 451 2023-07-15 15:08 sess_ec2mp7g390lvpeg07hcth2ap02
      -rw-------. 1 apache apache 451 2023-07-15 15:08 sess_n781lbebpi5ndb6ae7fa18m1q7
      -r--r--r--. 1 root root 355 2022-08-20 22:57 sshd_login.sh
      [root@f5-IB-2:Standby:In Sync] tmp #
      [root@f5-IB-2:Standby:In Sync] tmp #
      [root@f5-IB-2:Standby:In Sync] tmp # bash ./cert-mapping
      Virtual: Profile: Certificate: Ciphers:
      __________________________________________________________
      '/cert-mapping: line 7: syntax error near unexpected token `do
      '/cert-mapping: line 7: `do
      [root@f5-IB-2:Standby:In Sync] tmp #

      • KeesvandenBos's avatar
        KeesvandenBos
        Icon for MVP rankMVP

        Notepad isn't your best option. Are you able to save the file locally with notepad++

        Also, can you post a cat from the file?

        Command on the cli is cat /temp/cert-mapping