[rancid] is it possible to strip IPs from email notifications

Discussion:

Hinote, Willie Scott. (MSFC-IS40)[NICS]

2012-11-27 16:50:03 UTC

I have used RANCID for a few years in its stock form. As part of a new project I have a few requirements that I need to meet. One of them is related to stripping sensitive information that will be sent out in email notifications. I need to be able to strip IPs from all emails that RANCID sends. I would think this is possible by altering one of RANCID's scripts. Has anyone already accomplished this or know the scripts that I would need to modify to make this work? Your help is greatly appreciated.

Thank you

Tyler J. Wagner

2012-11-27 17:30:57 UTC

Permalink

I think it would be easier to pass the outbound emails to a perl script, or
to procmail, which sends it to a perl script.

Regards,
Tyler

Post by Hinote, Willie Scott. (MSFC-IS40)[NICS]
I have used RANCID for a few years in its stock form. As part of a new
project I have a few requirements that I need to meet. One of them is
related to stripping sensitive information that will be sent out in email
notifications. I need to be able to strip IPs from all emails that RANCID
sends. I would think this is possible by altering one of RANCID’s scripts.
Has anyone already accomplished this or know the scripts that I would need
to modify to make this work? Your help is greatly appreciated.
Thank you
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

--
"When a claim is falsified in science [...], it is discarded. It is put
in the trashbin of bad ideas. When a claim of religion is falsified,
it becomes a metaphor."
-- Jerry Coyne

heasley

2012-11-27 18:43:10 UTC

Permalink

Post by Tyler J. Wagner
I think it would be easier to pass the outbound emails to a perl script, or
to procmail, which sends it to a perl script.

indeed, this is the way to do this, or with double aliases (rancid-group alias
through a script that forwards to some other alias for the recipients). it
keeps the change out of the rancid code and it doesnt remove the info from the
config repository itself.

Hinote, Willie Scott. (MSFC-IS40)[NICS]

2012-11-27 22:19:02 UTC

Permalink

I agree that it would be best to leave the data intact for the repository. I would looking for something that occurred after the checkin. I was hoping that there would be a separate RANCID email script that could be modified to strip out the IPs after the data had been diff'd and added to the repository. This would only alter the information that is inserted into the email and not the data itself. If anyone has a similar type script that they are using for other purposes that would give me an idea of how to start that would be greatly appreciated, otherwise I will write a Perl script that will do this. Thanks for the replies so far.

-----Original Message-----
From: heasley [mailto:***@shrubbery.net]
Sent: Tuesday, November 27, 2012 12:43 PM
To: Tyler J. Wagner
Cc: Hinote, Willie Scott. (MSFC-IS40)[NICS]; rancid-***@shrubbery.net
Subject: Re: [rancid] is it possible to strip IPs from email notifications

Post by Tyler J. Wagner
I think it would be easier to pass the outbound emails to a perl
script, or to procmail, which sends it to a perl script.

indeed, this is the way to do this, or with double aliases (rancid-group alias through a script that forwards to some other alias for the recipients). it keeps the change out of the rancid code and it doesnt remove the info from the config repository itself.

epac

2012-11-28 00:27:27 UTC

Permalink

Post by Hinote, Willie Scott. (MSFC-IS40)[NICS]
I agree that it would be best to leave the data intact for the
repository. I would looking for something that occurred after the
checkin. I was hoping that there would be a separate RANCID email script
that could be modified to strip out the IPs after the data had been
diff'd and added to the repository. This would only alter the
information that is inserted into the email and not the data itself. If
anyone has a similar type script that they are using for other purposes
that would give me an idea of how to start that would be greatly
appreciated, otherwise I will write a Perl script that will do this.
Thanks for the replies so far.

if you are using SVN for the repository for the data, you could use a hook
script that does the "cleanup" before sending the mail. that would apply
to all the devices. the logic in the hook could do all sort of processing
(figure out who to send to, based on the device config being updated, what
lines to remove before sending, etc...)

Thanks,
Jok

---
Nothing is foolproof to a sufficiently talented fool...
oo
,(..)\
~~