Scripts and security

Aruba-certified scripts have been written and tested by Aruba. However, it is a good practice to examine all scripts before you upload them to understand what actions agents created from them will take on your switch.

It is also a good practice to save a switch checkpoint before you create and enable an agent for first time so that you can recover the switch configuration if an agent performs an undesirable action.

Reading the description of the script in the ASE or readme file on the GitHub repository can give you a good idea about what the script is intended to do, but to know what actions a script will take requires examining the Python code of the script for text phrases such as the following:

The text phrase ActionCLI or action("CLI"

Action CLI functions that execute a switch CLI command. The command is provided as an argument to that function. Commands that include the text "config" or "configure" can be an indicator that the function is making changes to the configuration of the switch.

The text phrase ActionShell or action("SHELL"

Action SHELL functions execute a command in the underlying operating system of the switch. The command is provided as an argument to that function.

The text phrase requests.

These functions can be REST API requests that use the requests library to make POST, PUT, or DELETE messages to the switch or to other network locations.