[rancid] rancid with Fortigate FG100A

Gavin McCullagh gmccullagh at gmail.com
Tue Feb 1 00:04:15 UTC 2011


Hi,

On Mon, 31 Jan 2011, Diego Ercolani wrote:

> I've already submitted patch to accomplish fortinet. Here it is the relevant 
> post:
> http://www.shrubbery.net/pipermail/rancid-discuss/2009-June/004005.html
> 
> if you see in the mailing list there are time to time modifications.

I see, thanks very much.  I've upgraded to v2.3.6 (I was using the debian
packages which are v2.3.2) and it seems to work.

The only trouble I see so far is that we're getting repeated patches with
lines like:
	- !System time: Mon Jan 31 22:11:05 2011
	+ !System time: Mon Jan 31 23:11:09 2011
and:
	- #conf_file_ver=7138776372466847334
	+ #conf_file_ver=2985214935052655642 

So I'm experimenting with a patch:

---------------------------------------------------------------------------------

--- /usr/local/rancid/bin/fnrancid.orig	2011-01-31 23:59:10.000000000 +0000
+++ /usr/local/rancid/bin/fnrancid	2011-01-31 23:59:54.000000000 +0000
@@ -175,7 +175,7 @@
 	next if /^\s*$/;
 	last if (/$prompt/);
 
-	next if (/^System Time:/);
+	next if (/^System Time:/i);
 	next if (/^\s*Virus-DB: .*/);
 	next if (/^\s*Extended DB: .*/);
 	next if (/^\s*IPS-DB: .*/);
@@ -207,7 +207,7 @@
 	# System time is fortigate extraction time
 	next if (/^\s*!System time:/);
 	# remove occurrances of conf_file_ver
-	next if (/^conf_file_ver=/);
+	next if (/^#?conf_file_ver=/);
 	# filter variabilities between configurations.  password encryption
 	# upon each display of the configuration.
 	if (/^\s*(set [^\s]*)\s(Enc\s[^\s]+)(.*)/i && $filter_pwds > 0 ) {

---------------------------------------------------------------------------------

I'm also seeing the two RSA Private Keys changing regularly which is very
odd.  I'm not sure if that tells me something's odd about the firewall
rather than about Rancid, but I'm seeing this on two different FG100A
firewalls.

Gavin



More information about the Rancid-discuss mailing list