Gee-clough, Aaron (NIH/CIT) [C]
2007-02-21 19:29:35 UTC
Hello,
I'm running rancid against a number of Cisco PIXs quite happily,
but have noticed a problem with PIX 7 and rancid: PIX 7 stores the
TACACS server key differently than IOS. It's stored in the PIX 7 config
like this:
aaa-server tacacs host x.x.x.x
key xxxxxxxxx
So, the existing regex to remove the tacacs key in rancid aren't
catching this, since the "key" bit is on a new line. I'm thinking about
adding a regex to rancid that's just:
/^\s+key (\S+)$/
to catch the line with a starting space, then the word "key", but I'm
concerned that this would have a pretty high false positive rate and
might cut out other useful stuff. Does anyone have any better ideas as
to how to properly purge the TACACS key from a PIX config?
Thanks.
aaron
------------------
Aaron Gee-Clough
CIT/DNST/NEB/NSS
Contractor. Geek.
I'm running rancid against a number of Cisco PIXs quite happily,
but have noticed a problem with PIX 7 and rancid: PIX 7 stores the
TACACS server key differently than IOS. It's stored in the PIX 7 config
like this:
aaa-server tacacs host x.x.x.x
key xxxxxxxxx
So, the existing regex to remove the tacacs key in rancid aren't
catching this, since the "key" bit is on a new line. I'm thinking about
adding a regex to rancid that's just:
/^\s+key (\S+)$/
to catch the line with a starting space, then the word "key", but I'm
concerned that this would have a pretty high false positive rate and
might cut out other useful stuff. Does anyone have any better ideas as
to how to properly purge the TACACS key from a PIX config?
Thanks.
aaron
------------------
Aaron Gee-Clough
CIT/DNST/NEB/NSS
Contractor. Geek.