Mike Eklund
2015-05-12 20:51:55 UTC
I found a couple of issues with rancid 3.2.
1) when control_rancid checks for a group specific rancid.conf it does not properly set error codes when using git.
2) password filtering does not work on Cisco ASA firewalls using ikev2
here is a patch:
diff -rupN rancid-3.2/bin/control_rancid.in rancid-3.2.new/bin/control_rancid.in
--- rancid-3.2/bin/control_rancid.in 2015-03-16 15:02:52.000000000 -0400
+++ rancid-3.2.new/bin/control_rancid.in 2015-05-11 14:38:49.942514742 -0400
@@ -236,6 +236,7 @@ if [ -f rancid.conf ] ; then
;;
git )
git status -s rancid.conf | grep '^?'
+ if [ $? -eq 0 ] ; then LN=1; else LN=0; fi
;;
esac
if [ $LN -eq 0 ] ; then
diff -rupN rancid-3.2/lib/ios.pm.in rancid-3.2.new/lib/ios.pm.in
--- rancid-3.2/lib/ios.pm.in 2015-03-16 15:02:52.000000000 -0400
+++ rancid-3.2.new/lib/ios.pm.in 2015-05-11 14:38:50.622544735 -0400
@@ -2125,6 +2125,16 @@ TOP:
ProcessHistory("","","","!$1 <removed> $'"); next;
}
# ASA/PIX keys in more system:running-config
+ if (/^(( ikev2)? remote-authentication pre-shared-key ).*/ &&
+ $filter_pwds >= 1) {
+ ProcessHistory("","","","!$1 <removed> $'"); next;
+ }
+ # ASA/PIX keys in more system:running-config
+ if (/^(( ikev2)? local-authentication pre-shared-key ).*/ &&
+ $filter_pwds >= 1) {
+ ProcessHistory("","","","!$1 <removed> $'"); next;
+ }
+ # ASA/PIX keys in more system:running-config
if (/(\s+ldap-login-password )\S+(.*)/ && $filter_pwds >= 1) {
ProcessHistory("","","","!$1 <removed> $'"); next;
}
Regards,
Mike Eklund | DealNews
1) when control_rancid checks for a group specific rancid.conf it does not properly set error codes when using git.
2) password filtering does not work on Cisco ASA firewalls using ikev2
here is a patch:
diff -rupN rancid-3.2/bin/control_rancid.in rancid-3.2.new/bin/control_rancid.in
--- rancid-3.2/bin/control_rancid.in 2015-03-16 15:02:52.000000000 -0400
+++ rancid-3.2.new/bin/control_rancid.in 2015-05-11 14:38:49.942514742 -0400
@@ -236,6 +236,7 @@ if [ -f rancid.conf ] ; then
;;
git )
git status -s rancid.conf | grep '^?'
+ if [ $? -eq 0 ] ; then LN=1; else LN=0; fi
;;
esac
if [ $LN -eq 0 ] ; then
diff -rupN rancid-3.2/lib/ios.pm.in rancid-3.2.new/lib/ios.pm.in
--- rancid-3.2/lib/ios.pm.in 2015-03-16 15:02:52.000000000 -0400
+++ rancid-3.2.new/lib/ios.pm.in 2015-05-11 14:38:50.622544735 -0400
@@ -2125,6 +2125,16 @@ TOP:
ProcessHistory("","","","!$1 <removed> $'"); next;
}
# ASA/PIX keys in more system:running-config
+ if (/^(( ikev2)? remote-authentication pre-shared-key ).*/ &&
+ $filter_pwds >= 1) {
+ ProcessHistory("","","","!$1 <removed> $'"); next;
+ }
+ # ASA/PIX keys in more system:running-config
+ if (/^(( ikev2)? local-authentication pre-shared-key ).*/ &&
+ $filter_pwds >= 1) {
+ ProcessHistory("","","","!$1 <removed> $'"); next;
+ }
+ # ASA/PIX keys in more system:running-config
if (/(\s+ldap-login-password )\S+(.*)/ && $filter_pwds >= 1) {
ProcessHistory("","","","!$1 <removed> $'"); next;
}
Regards,
Mike Eklund | DealNews