Lab 1.6: Run Bash Scripts on Devices that BIG-IQ Manages

Note

Estimated time to complete: 5 minutes

This lab will show you how to create and deploy/run scripts on a managed device from BIG-IQ.

This feature can be used for various purposes, including deploying or modifying BIG-IP configuration that is not natively manageable by the BIG-IQ or running a standard device startup/provisioning script prior to import into BIG-IQ. Scripts can be bash or TMSH commands.

Official documentation about BIG-IQ Script Management can be found on the F5 Knowledge Center.


Lab environment access

If you have not yet visited the page Getting Started, please do so.

Tasks

  1. Login to BIG-IQ as david.
  2. Navigate to Device > Script Management > Scripts. Click on Add.
../../_images/lab-6-19.png
  1. Type a name (e.g. CVE-2020-5902), and copy the code below or copy the TMUI RCE vulnerability CVE-2020-5902 bash script and replace the credentials with CREDS=admin:purple123 instead of CREDS=<username>:<password>.
#!/bin/bash

# TMUI RCE vulnerability CVE-2020-5902
# Security Advisory Description
# The Traffic Management User Interface (TMUI), also referred to as the Configuration utility,
# has a Remote Code Execution (RCE) vulnerability in undisclosed pages. (CVE-2020-5902)

CREDS=<username>:<password>

IP=localhost

curl -u $CREDS -k https://$IP/mgmt/tm/sys/httpd -X PATCH -d '{"include":"\n <LocationMatch \\\";\\\">\n  \
Redirect 404 /\n </LocationMatch>\n <LocationMatch \\\"hsqldb\\\">\n Redirect 404 /\n </LocationMatch>\n "}'  \
-H content-type:application/json

sleep 10

curl -k -u $CREDS -H "Content-Type: application/json" -d '{"command":"save"}' https://$IP/mgmt/tm/sys/config

sleep 10

Device="$(uname -n)"
echo HOSTNAME:${Device/.*/}

URL="https://localhost/tmui/login.jsp/..;/login.jsp"

response=$(curl -k -s -w "%{http_code}" $URL)

http_code=$(tail -n1 <<< "$response")  # get the last line
content=$(sed '$ d' <<< "$response")   # get all but the last line which contains the status code

echo "$http_code"
#echo "$content"

echo "done"

../../_images/lab-6-22.png

Save & Close.

  1. After the script is saved, select it and click on Run.
../../_images/lab-6-32.png
  1. The script task properties opens, type a name (e.g. execution-script-20202707), and select the SEA-vBIGIP01.termmarc.com and SJC-vBIGIP01.termmarc.com BIG-IPs.
../../_images/lab-6-42.png
  1. Click on Run. The following window opens. Click on Script Logs.
../../_images/lab-6-52.png
  1. The link takes you to the script logs window where you can see the task running…
../../_images/lab-6-62.png
  1. When the task if completed, the status will show Finished.
../../_images/lab-6-72.png
  1. You can see the details of the task by clicking on it.
../../_images/lab-6-82.png
  1. View Output will also show you the output of the script for each devices.
../../_images/lab-6-91.png