Scripts and security

Aruba-certified scripts have been written and tested by Aruba. However, it is a good practice to examine all scripts before you upload them to understand what actions agents created from them will take on your switch.

It is also a good practice to save a switch checkpoint before you create and enable an agent for first time so that you can recover the switch configuration if an agent performs an undesirable action.

Reading the description of the script in the ASE or readme file on the GitHub repository can give you a good idea about what the script is intended to do, but to know what actions a script will take requires examining the Python code. Look for text phrases such as the following (the lack of closing parentheses in the search string is intentional):

• action("CLI"

• ActionCLI

• action("SHELL"

• ActionShell

• requests.

Action CLI functions that execute a switch CLI command. The command is provided as an argument to that function. Commands that include the text config or configure can be an indicator that the function is changing the configuration of the switch.

Action SHELL functions execute a command in the underlying operating system of the switch. The command is provided as an argument to that function.

Functions that begin with the text requests. can be REST API requests that use the requests library to make POST, PUT, or DELETE messages to the switch or to other network locations.