Re: [j-nsp] Restore M7 to initial state
sth...@nethelp.no wrote: mas...@voyager# load factory-default The problem with this is that it won't let you commit without setting a root password. Now if I want to create something which looks like a factory fresh router it I specifically don't want it to have a root password. So, a small request for enhancement here: JunOS should let you commit an *empty* configuration even if root password has not been set. You might also need to delete configuration archives nd logs. Have a look @ /config /var/db/config /var It would be nice to have a ready-made command to clean these (and any other directories that might have been written to). Steinar, you are right: it is impossible to restore the machine to true 'factory default' because the JUNOS doesn't allow to commit the config, after a load factory-default with no or empty root password. On the other side I was unable to create a root user with empty password via JUNOS regular commands. *am* - Andrea Montefusco iw0hdvhttp://www.montefusco.com tel: +393356992791 fax: +390623318709 - ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Restore M7 to initial state
Many thanks to all for answers. *am* - Andrea Montefusco iw0hdvhttp://www.montefusco.com tel: +393356992791 fax: +390623318709 - ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Restore M7 to initial state
Wondering I could format the cf card first, then the hard drive? Regards -mike On Jul 31, 2009, at 10:22 AM, "Kevin Oberman" wrote: Date: Fri, 31 Jul 2009 18:35:51 +0200 (CEST) From: sth...@nethelp.no Sender: juniper-nsp-boun...@puck.nether.net mas...@voyager# load factory-default The problem with this is that it won't let you commit without setting a root password. Now if I want to create something which looks like a factory fresh router it I specifically don't want it to have a root password. So, a small request for enhancement here: JunOS should let you commit an *empty* configuration even if root password has not been set. You might also need to delete configuration archives nd logs. Have a look @ /config /var/db/config /var It would be nice to have a ready-made command to clean these (and any other directories that might have been written to). And, as I keep reminding people, if you REALLY don't want to expose your passwords and configurations, the only safe solution is to drop into the shell, and 'dd if=/dev/zero of=/dev/ad1'. This erases the hard drive. I then pull the flash and plug it into my laptop and 'dd' over that, too. Then replace the CF card and boot up on the distribution media to install a clean JunOS. This will make sure RAS never gets a chance to read your config. :-) -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.netPhone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Restore M7 to initial state
> Date: Fri, 31 Jul 2009 18:35:51 +0200 (CEST) > From: sth...@nethelp.no > Sender: juniper-nsp-boun...@puck.nether.net > > > mas...@voyager# load > > factory-default > > The problem with this is that it won't let you commit without setting > a root password. Now if I want to create something which looks like a > factory fresh router it I specifically don't want it to have a root > password. > > So, a small request for enhancement here: JunOS should let you commit > an *empty* configuration even if root password has not been set. > > > You might also need to delete configuration > > archives nd logs. Have a look @ > > > > /config > > /var/db/config > > /var > > It would be nice to have a ready-made command to clean these (and any > other directories that might have been written to). And, as I keep reminding people, if you REALLY don't want to expose your passwords and configurations, the only safe solution is to drop into the shell, and 'dd if=/dev/zero of=/dev/ad1'. This erases the hard drive. I then pull the flash and plug it into my laptop and 'dd' over that, too. Then replace the CF card and boot up on the distribution media to install a clean JunOS. This will make sure RAS never gets a chance to read your config. :-) -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Restore M7 to initial state
> mas...@voyager# load > factory-default The problem with this is that it won't let you commit without setting a root password. Now if I want to create something which looks like a factory fresh router it I specifically don't want it to have a root password. So, a small request for enhancement here: JunOS should let you commit an *empty* configuration even if root password has not been set. > You might also need to delete configuration > archives nd logs. Have a look @ > > /config > /var/db/config > /var It would be nice to have a ready-made command to clean these (and any other directories that might have been written to). Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Restore M7 to initial state
Yes, booting from alternate media would be preferred if you were concerned about leaving something behind that may contain sensitive information. Recently I worked on a grey market M5 that contained all sorts of things that you would hope are never exposed outside a company. Truman On 31/07/2009, at 9:42 AM, Brandon Bennett wrote: In config mode either delete (to wipe the config) Or load factory-default (to load default config) Note that both of these just take care of only the configuration. To completly wipe the box clean I recommend booting from alternative media and issuing a 'request system partition' to repartion the primary boot media. Thanks, Brandon Bennett Accuvant Sent from my mobile. On Jul 31, 2009, at 7:06 AM, Andrea Montefusco wrote: It is possible to restore an M7i to 'brand new' state ? (Like ios write erase and reload) Thanks in advance *am* - Andrea Montefusco iw0hdvhttp://www.montefusco.com tel: +393356992791 fax: +390623318709 - ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Restore M7 to initial state
In config mode either delete (to wipe the config) Or load factory-default (to load default config) Note that both of these just take care of only the configuration. To completly wipe the box clean I recommend booting from alternative media and issuing a 'request system partition' to repartion the primary boot media. Thanks, Brandon Bennett Accuvant Sent from my mobile. On Jul 31, 2009, at 7:06 AM, Andrea Montefusco wrote: It is possible to restore an M7i to 'brand new' state ? (Like ios write erase and reload) Thanks in advance *am* - Andrea Montefusco iw0hdvhttp://www.montefusco.com tel: +393356992791 fax: +390623318709 - ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Restore M7 to initial state
mas...@voyager# load factory-default You might also need to delete configuration archives nd logs. Have a look @ /config /var/db/config /var Regards, Masood > It is possible to restore an M7i to 'brand new' state ? > (Like ios write erase and reload) > > Thanks in advance > > *am* > > - > Andrea Montefusco iw0hdv http://www.montefusco.com > tel: +393356992791 fax: +390623318709 > - > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Restore M7 to initial state
It is possible to restore an M7i to 'brand new' state ? (Like ios write erase and reload) Thanks in advance *am* - Andrea Montefusco iw0hdvhttp://www.montefusco.com tel: +393356992791 fax: +390623318709 - ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp