paranoid patch for cisco routers :)

Fri Jun 28 22:47:33 UTC 2002

Wed, Jun 26, 2002 at 10:59:42AM +0100, Janos Mohacsi:
> 
> Dear All,
> 	We are using IS-IS as an IGP and rancid did not remove the IS-IS
> password. Also if we set up FILTER_PWDS=ALL we would prefer removing the
> community strings...

sorry for the delay in response...get to things as fast as i can.
some other folks have sent some fixes as well...getting to those.
of course, thanks to all who use, comment, and/or contribute to
rancid!

isis pwds definitely should be filtered, esp as they appear to be
completely clear-text in the IOS i checked.  i also found area-password
and domain-password under router isis.

the snmp-sever community, however, is already handled, though by a
separate knob.  please see NOCOMMSTR variable of env(5).  i will
add a note to that effect in the manpage.

i am committing this (after i test):

Index: rancid.in
===================================================================
RCS file: /home/rancid/.CVS/rancid/bin/rancid.in,v
retrieving revision 1.113
diff -c -r1.113 rancid.in
*** rancid.in	2002/05/09 21:22:14	1.113
--- rancid.in	2002/06/28 22:35:12
***************
*** 945,950 ****
--- 945,958 ----
  	if (/^( ip ospf authentication-key) / && $filter_pwds >= 1) {
  	    ProcessHistory("","","","!$1 <removed>\n"); next;
  	}
+ 	# isis passwords appear to be completely plain-text
+ 	if (/^\s+isis password (\S+)( .*)?/ && $filter_pwds >= 1) {
+ 	    ProcessHistory("","","","!$1 <removed>$2\n"); next;
+ 	}
+ 	if (/^\s+(domain-password|area-password) (\S+)( .*)?/
+ 							&& $filter_pwds >= 1) {
+ 	    ProcessHistory("","","","!$1 <removed>$2\n"); next;
+ 	}
  	# this is reversable, despite 'md5' in the cmd
  	if (/^( ip ospf message-digest-key \d+ md5) / && $filter_pwds >= 1) {
  	    ProcessHistory("","","","!$1 <removed>\n"); next;