[rancid] h3crancid doesn't filter passwords
ignasr at vault13.lt
ignasr at vault13.lt
Tue Feb 5 08:14:08 UTC 2013
On 2013.02.04 23:23, Jethro R Binks wrote:
> On Mon, 4 Feb 2013, ignasr at vault13.lt wrote:
>
>> I know H3C is not officially supported in rancid, but maybe someone took
>> the time and already wrote password filtering routines for h3crancid?
>>
>> If not, can I get some pointers on where in h3crancid that filtering
>> should happen? I would use other scripts as examples and write
>> something.
>
> I have a bunch of updates to make to h3crancid at some point. If you can
> give me samples of the lines where you want the passwords removing and the
> context, I can take a look at incorporating them.
>
> Jethro.
Thank you. It seems this was easier than I thought. Password ciphers can
be filtered with
###
--- h3crancid.o 2013-02-04 16:06:16.583056212 +0200
+++ h3crancid 2013-02-04 21:38:27.514053756 +0200
@@ -367,6 +367,12 @@
next;
}
+ # Filter password ciphers
+ if (/^( password cipher )\S+$/ && $filter_pwds >= 2) {
+ ProcessHistory("","","","$1<removed>$'");
+ next;
+ }
+
ProcessHistory("","","","$_");
# end of config
###
And this is enough for me for the time being.
Ignas Kazlauskas
More information about the Rancid-discuss
mailing list