[rancid] PfSense Package [semi-solved!]

Sat Jan 19 14:43:27 UTC 2013

On Wed, Dec 19, 2012 at 12:01 PM, James Bensley <jwbensley at gmail.com> wrote:
> Hi Danilo
>
> Thanks for that link to the pfSense package. Finding a pfSense plugin
> was on my to do list, I just hadn't gotten that far yet. I have this
> working now although I had a few issues.
>
> To use this, unpack the three files into your RANCID bin directory.
> This is likely something like /usr/lib/rancid/bin/ or
> /usr/local/rancid/bin/. In there you will find an existing file
> "rancid-fe", replace or merge with the new one to update your devices
> definitions. Now you can add pfsense firewalls to your devices.db file
> with the type of "m0n0", which is what you will use for pfSense. Even
> it says m0n0 as pfSense is a fork of m0n0wall, m0n0walls don't support
> SSH and this script tries telnet/ssh/rsh so it won't work on them.
>
> Also, note that you must enable SSH on your pfSense box if it isn't
> already. I then added user which only has the right to SSH in.
>
> These scripts are a bit broken though and my scripting skills aren't
> the best; so I am in fact stuck. I have hacked them about a bit and
> now get the following output in my hourly rancid emails (which you can
> trigger manually with (rancid-run -r my-pfsense-device.fqdn.com)
>
> Index: configs/my-pfsense-device.fqdn.com
> ===================================================================
> retrieving revision 1.2
> diff -U 4 -r1.2 my-pfsense-device.fqdn.com
> @@ -1 +1,1769 @@
> - exec m0n0login  -t 120 -c "uname -a;cat /cf/conf/config.xml"
> my-pfsense-device.fqdn.com
> + my-pfsense-device.fqdn.com
> + spawn ssh -2 -x -l rancid my-pfsense-device.fqdn.com
> + Password:
> + Last login: Wed Dec 19 10:28:47 2012 from 89.21.224.35
> + Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
> +       The Regents of the University of California.  All rights reserved.
> +
> +
> +  [0;1;33m[ [0;1;37m2.0.1-RELEASE [0;1;33m] [0;1;33m[ [0;1;37mrancid
> [0;1;31m@ [0;1;37mmy-pfsense-device.fqdn.com [0;1;33m]
> [0;1;32m/home/rancid [0;1;33m( [0;1;37m1 [0;1;33m) [0;1;36m [0;1;31m:
> [0;40;37m
> uname -a
> + FreeBSD my-pfsense-device.fqdn.com 8.1-RELEASE-p6 FreeBSD
> 8.1-RELEASE-p6 #0: Mon Dec 12 18:59:41 EST 2011
> root at FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org:/usr/obj./usr/pfSensesrc/src/sys/pfSense_wrap.8.i386
>  i386
> +  [0;1;33m[ [0;1;37m2.0.1-RELEASE [0;1;33m] [0;1;33m[ [0;1;37mrancid
> [0;1;31m@ [0;1;37mmy-pfsense-device.fqdn.com [0;1;33m]
> [0;1;32m/home/rancid [0;1;33m( [0;1;37m2 [0;1;33m) [0;1;36m [0;1;31m:
> [0;40;37m
> cat /cf/conf/config.xml
> + <?xml version="1.0"?>
> + <pfsense>
>
> As you can see from this opening snippet there are two problems;
> Firstly, the expect script m0n0login is including the SSH MTOD/Banner
> stuff (I said my scripting wasn't great, although this doesn't really
> matter). Secondly, an issue which does actually matter, when you SSH
> to a pfSense box they have coloured terminal output and SSH is
> spitting this out (the colouring info) in to the expect script, so the
> prompt on my test pfSense box which usually looks like this;
>
> [2.0.1-RELEASE][username at my-pfsense-device.fqdn.com]/home/username(1):
>
> Now looks like this;
>
>  [0;1;33m[ [0;1;37m2.0.1-RELEASE [0;1;33m] [0;1;33m[ [0;1;37mrancid
> [0;1;31m@ [0;1;37mmy-pfsense-device.fqdn.com [0;1;33m]
> [0;1;32m/home/rancid [0;1;33m( [0;1;37m1 [0;1;33m) [0;1;36m [0;1;31m:
> [0;40;37m
>
> I will continue to try and fix this by either of the below and post
> back the fix here once it is solved, but I have no idea how long that
> will take;
> 1 - Someone wiser than me here can tell me how to stop SSH from either
> accepting the colouring info from the pfSense box or not display it on
> stdout
> 2 - I find help else where

My solution to this is to edit the rancid user's ~/.tcshrc on the
pfsense box to only contain:

set prompt="pfsense# "

Not hugely scalable, but I only have a handful of pfsense boxes to collect from.

I agree that it'd be nicer for m0n0login to be able to strip the ANSI
escape sequences.

  Bill