Post by Smaïne Kahlouch-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by Smaïne KahlouchHi everyone,
I just finished to install Rancid, everything works fine with CISCO
equipments but i still have some issue for backing up my Fortigate
firewalls.
I've seen these patches and wanted to know if it could be applied to the
current version 2.3.3
http://www.shrubbery.net/pipermail/rancid-discuss/2009-June/004005.html
I have the same problem as describe here
<http://www.shrubbery.net/pipermail/rancid-discuss/2009-April/003898.html>
What should i change to solve my problem ? My prompt is like
"FGT[model][s/n] # "
Attached are the fnrancid.diff and ftlogin.diff I wrote to backup
Fortigate devices. I did not try the patches you link; I opted to
troubleshoot and write my own.
I basically copied the nlogin script included in the rancid tarball to
ftlogin and then applied the attached diff. I also patched fnrancid
included with rancid.
Some of the modifications may not be necessary and thanks for John
Heasley for some behind-the-scenes advice. These modifications work for
me running a mixture of v3 and v4 FortiOS on several devices.
I dont have any Fortinet devices and do not know anything about them. When
Post by Smaïne Kahlouch- --
Devon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkwqF2sACgkQWP2WrBTHBS/8PgCgyPZkEbXveBiASIAQVsyqjeux
m48AoKbsTHFmOX/U7Sq2e51VWSo/AfGs
=ld8H
-----END PGP SIGNATURE-----
--- fnrancid.orig 2010-06-16 14:46:06.000000000 +0000
+++ fnrancid 2010-06-25 14:24:18.000000000 +0000
@@ -59,7 +59,7 @@
$file = $opt_f;
$host = $ARGV[0];
$found_end = 0;
-$timeo = 90; # nlogin timeout in seconds
+$timeo = 90; # ftlogin timeout in seconds
my($aclsort) = ("ipsort"); # ACL sorting mode
@@ -174,6 +174,9 @@
tr/\015//d;
next if /^\s*$/;
last if(/$prompt/);
+ next if (/^get system status/);
+ next if (/^System time:/);
+ next if (/^FortiClient application signature package:/);
ProcessHistory("","","","$_");
}
print STDOUT "Vendor: $vendor";
@@ -196,10 +199,23 @@
tr/\015//d;
next if /^\s*$/;
last if(/$prompt/);
- if (/(^set.*)('Enc .*')(.*)/) {
- ProcessHistory("ENC","","","!$1 'Enc **encoding removed**' $3\n");
- next;
- }
+ next if (/^#conf_file_ver=/);
+ if (/(^set.*)('Enc .*')(.*)/) {
+ ProcessHistory("ENC","","","!$1 'Enc **encoding removed**' $3\n");
+ next;
+ }
+ if (/(^\s*set psksecret)(\sENC .*)/ && $filter_pwds >= 1) {
+ ProcessHistory("ENC","","","$1 <removed>\n");
+ next;
+ }
+ if (/(^\s*set passwd)(\sENC .*)/ && $filter_pwds >= 1) {
+ ProcessHistory("ENC","","","$1 <removed>\n");
+ next;
+ }
+ if (/(^\s*set password)(\sENC .*)/ && $filter_pwds >= 1) {
+ ProcessHistory("ENC","","","$1 <removed>\n");
+ next;
+ }
ProcessHistory("","","","$_");
}
$found_end = 1;
@@ -212,7 +228,7 @@
# Main
@commandtable = (
{'get system status' => 'GetSystem'},
- {'get conf' => 'GetConf'}
+ {'show' => 'GetConf'}
);
# Use an array to preserve the order of the commands and a hash for mapping
# commands to the subroutine and track commands that have been completed.
@@ -241,13 +257,13 @@
print STDOUT "opening file $host\n" if ($log);
open(INPUT,"<$host") || die "open failed for $host: $!\n";
} else {
- print STDERR "executing nlogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($debug);
- print STDOUT "executing nlogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($log);
+ print STDERR "executing ftlogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($debug);
+ print STDOUT "executing ftlogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($log);
if (defined($ENV{NOPIPE})) {
- system "nlogin -t $timeo -c \"$cisco_cmds\" $host </dev/null > $host.raw 2>&1" || die "nlogin failed for $host: $!\n";
- open(INPUT, "< $host.raw") || die "nlogin failed for $host: $!\n";
+ system "ftlogin -t $timeo -c \"$cisco_cmds\" $host </dev/null > $host.raw 2>&1" || die "ftlogin failed for $host: $!\n";
+ open(INPUT, "< $host.raw") || die "ftlogin failed for $host: $!\n";
} else {
- open(INPUT,"nlogin -t $timeo -c \"$cisco_cmds\" $host </dev/null |") || die "nlogin failed for $host: $!\n";
+ open(INPUT,"ftlogin -t $timeo -c \"$cisco_cmds\" $host </dev/null |") || die "ftlogin failed for $host: $!\n";
}
}
@@ -263,25 +279,27 @@
$filter_commstr = 0;
}
# determine password filtering mode
-if ($ENV{"FILTER_PWDS"} =~ /no/i) {
- $filter_pwds = 0;
-} elsif ($ENV{"FILTER_PWDS"} =~ /all/i) {
- $filter_pwds = 2;
-} else {
- $filter_pwds = 1;
-}
+#if ($ENV{"FILTER_PWDS"} =~ /no/i) {
+# $filter_pwds = 0;
+#} elsif ($ENV{"FILTER_PWDS"} =~ /all/i) {
+# $filter_pwds = 2;
+#} else {
+# $filter_pwds = 1;
+#}
+# Force $filter_pwds to 1
+$filter_pwds = 1;
ProcessHistory("","","","!RANCID-CONTENT-TYPE: fortigate\n\n");
TOP: while(<INPUT>) {
tr/\015//d;
if (/^Error:/) {
- print STDOUT ("$host nlogin error: $_");
- print STDERR ("$host nlogin error: $_") if ($debug);
+ print STDOUT ("$host ftlogin error: $_");
+ print STDERR ("$host ftlogin error: $_") if ($debug);
last;
}
- while (/>\s*($cmds_regexp)\s*$/) {
+ while (/#\s*($cmds_regexp)\s*$/) {
$cmd = $1;
- if (!defined($prompt)) { $prompt = " >\s*"; }
+ if (!defined($prompt)) { $prompt = " #\s*"; }
print STDERR ("HIT COMMAND:$_") if ($debug);
if (!defined($commands{$cmd})) {
print STDERR "$host: found unexpected command - \"$cmd\"\n";
--- nlogin 2010-06-16 14:36:18.000000000 +0000
+++ ftlogin 2010-06-17 17:28:20.000000000 +0000
@@ -435,7 +435,10 @@
global in_proc
set in_proc 1
- send "set console page 0\r"
+ #send "set console page 0\r"
+ send "config system console\r"
+ send "set output standard\r"
+ send "end\r"
Post by Smaïne Kahlouchexpect -re $prompt {}
set commands [split $command \;]
@@ -445,7 +448,7 @@
expect {
-re "\[\n\r]+" { exp_continue }
-re "$prompt" {}
- -gl "--- more ---" { send " "
+ -gl "--More-- " { send " "
exp_continue
}
}
@@ -485,7 +488,7 @@
set timeout $timeoutdflt
}
- set prompt {-> }
+ set prompt {# }
# Figure out passwords
if { $do_passwd || $do_enapasswd } {
@@ -560,7 +563,10 @@
continue
}
} elseif { $do_script } {
- send "set console page 0\r"
+ #send "set console page 0\r"
+ send "config system console\r"
+ send "set output standard\r"
+ send "end\r"
expect -re $prompt {}
source $sfile
catch {close};
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss