F5 BIG-IQ Centralized Management Lab > BIG-IQ Test Drive Labs Source | Edit on
Lab 1.6: Run Bash Scripts on Devices that BIG-IQ Manages¶
Note
Estimated time to complete: 5 minutes
This lab will show you how to create and deploy/run scripts on a managed device from BIG-IQ.
This feature can be used for various purposes, including deploying or modifying BIG-IP configuration that is not natively manageable by the BIG-IQ or running a standard device startup/provisioning script prior to import into BIG-IQ. Scripts can be bash or TMSH commands.
Official documentation about BIG-IQ Script Management can be found on the F5 Knowledge Center.
Lab environment access¶
If you have not yet visited the page Getting Started, please do so.
Tasks¶
- Login to BIG-IQ as david.
- Navigate to Device > Script Management > Scripts. Click on Add.
- Type a name (e.g.
CVE-2020-5902
), and copy the code below or copy the TMUI RCE vulnerability CVE-2020-5902 bash script and replace the credentials withCREDS=admin:purple123
instead ofCREDS=<username>:<password>
.
#!/bin/bash
# TMUI RCE vulnerability CVE-2020-5902
# Security Advisory Description
# The Traffic Management User Interface (TMUI), also referred to as the Configuration utility,
# has a Remote Code Execution (RCE) vulnerability in undisclosed pages. (CVE-2020-5902)
CREDS=<username>:<password>
IP=localhost
curl -u $CREDS -k https://$IP/mgmt/tm/sys/httpd -X PATCH -d '{"include":"\n <LocationMatch \\\";\\\">\n \
Redirect 404 /\n </LocationMatch>\n <LocationMatch \\\"hsqldb\\\">\n Redirect 404 /\n </LocationMatch>\n "}' \
-H content-type:application/json
sleep 10
curl -k -u $CREDS -H "Content-Type: application/json" -d '{"command":"save"}' https://$IP/mgmt/tm/sys/config
sleep 10
Device="$(uname -n)"
echo HOSTNAME:${Device/.*/}
URL="https://localhost/tmui/login.jsp/..;/login.jsp"
response=$(curl -k -s -w "%{http_code}" $URL)
http_code=$(tail -n1 <<< "$response") # get the last line
content=$(sed '$ d' <<< "$response") # get all but the last line which contains the status code
echo "$http_code"
#echo "$content"
echo "done"
Save & Close.
- After the script is saved, select it and click on Run.
- The script task properties opens, type a name (e.g.
execution-script-20202707
), and select the SEA-vBIGIP01.termmarc.com and SJC-vBIGIP01.termmarc.com BIG-IPs.
- Click on Run. The following window opens. Click on Script Logs.
- The link takes you to the script logs window where you can see the task running…
- When the task if completed, the status will show Finished.
- You can see the details of the task by clicking on it.
- View Output will also show you the output of the script for each devices.