Netpicker offers a collection of test suites based on common CVEs and CIS collections that you can use. This guide shows the steps in importing them into your local netpicker installation. It assumes that you have netpicker installed, and you need an active tenant.
Find your test suite
The test suites for Netpicker can be found at github:
https://github.com/netpicker/pytests-for-networking/
In order to import the CVEs you need to clone the git repository. Click on “Code” and copy the url you see. Open a terminal on your local system, go to a temporary directory (like /tmp) and run the git clone command to import it:
cd /tmp
git clone https://github.com/netpicker/pytests-for-networking/
Import Test Suites using git
You should now have access to the repository. Now we need to set up a way to talk to netpicker. All policies in Netpicker are stored in a git repository, so all you need to do is put the test suites you’re interested in in the correct directory. This action depends a bit on the way you have set up Netpicker. If it lives on a machine that is connected to the internet it’s easy: in the same /tmp directory you can run the command:
git clone git://localhost/rules/DefaultTenant.git
And you can just copy and paste the directories you’d like into the DefaultTenant directory:
cp -a pytests-for-networking/CIS ./DefaultTenant
Note that the names localhost and DefaultTenant might differ a bit depending on how you set up your Netpicker installation. Localhost is the address Netpicker lives on, and DefaultTenant is the name of your tenant, so update these values if you decided to use values that differ from the default values.
Now all you need is to commit the new files:
git add .git commit -am "Importing test suite"
git push origin
And when you open your netpicker GUI it should show your policies imported:
The name CIS_Cisco_IOS_17.x you see here is the name defined in the .metadata file of the test suite we used in this example. For you it’ll look different, but with this you can start testing your devices.
Importing Test suites on a closed system
If you are using Netpicker on a closed system that does not have connection to the internet you will need an extra step. You will need to retrieve the test suites on a machine that does have an online connection, and from there on transfer the Test suite files to the closed system using the policy it has dictated. On the closed system you can then create a git repository for Netpicker:
git clone git://localhost/rules/DefaultTenant.git
And then once you have moved the test suite files into the DefaultTenant directory you can commit it in the same way:
git add .
git commit -am "Importing test suite"
git push origin