[rancid] Re: Who made changes?

john heasley heas at shrubbery.net
Wed Apr 1 22:05:06 UTC 2009


Wed, Apr 01, 2009 at 11:42:11PM +0200, Geert Jan de Groot:
> On Tue, 31 Mar 2009 13:07:47 -0500  K K wrote:
> > > There is only one thing I want to know: is it possible to show who made the
> > > changes in telnet? 
> > If Paul makes one change at noon, then Peter logs in at 4PM and makes
> > two more, and then Rancid finally runs at 6PM, you'll get one change
> > email, showing the sum of all changes and (usually) showing that Peter
> > was the last one to make a change.
> 
> At the place where I hope to implement rancid (restrictions are
> political, not technical, as usual), the network is set up
> in such a way that operators do not have passwords of the devices
> they manage. They log in (with their own password) in a subsystem
> which, if allowed, will log in the operator automatically.
> 
> Advantage is that if persons leave the company, they don't know passwords
> and no passwords need to be changed.

you can do that, at least for ciscos, with AAA and automate the change of
the in-configuration/failsafe passwords, since the "in-config" passwords
are only used when the AAA server is inaccessible.

> Current line of thought is to have the logout event trigger a rancid run
> on the device people just logged into.

folks have done that; I think I mentioned it in the FAQ


More information about the Rancid-discuss mailing list