[rancid] Rancid, Cisco login, but no local account

heasley heas at shrubbery.net
Tue Jan 27 19:57:17 UTC 2015


Tue, Jan 27, 2015 at 09:22:13PM +0200, Alan McKinnon:
> Have the tacacs admins create a single tacacs user "rancid" with very
> restricted permissions. You can look in the various *rancid scripts for
> @commandtable which lists the exact commands used - permit those and
> deny everything else. Enter the creds for this rancid user in
> ~rancid/.cloginrc

most of the scripts can give you a list with the -C option.  eg:
% rancid -t cisco -C foo
clogin -t 90 -c 'show version;show redundancy secondary;show idprom backplane;show install active;show env all;show rsp chassis-info;show gsr chassis;show diag chassis-info;show boot;show bootvar;show variables boot;show flash;dir /all nvram:;dir /all bootflash:;dir /all slot0:;dir /all disk0:;dir /all slot1:;dir /all disk1:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all harddiska:;dir /all harddiskb:;dir /all sup-bootdisk:;dir /all sup-bootflash:;dir /all sup-microcode:;dir /all slavenvram:;dir /all slavebootflash:;dir /all slaveslot0:;dir /all slavedisk0:;dir /all slaveslot1:;dir /all slavedisk1:;dir /all slaveslot2:;dir /all slavedisk2:;dir /all slavesup-bootflash:;dir /all sec-nvram:;dir /all sec-bootflash:;dir /all sec-slot0:;dir /all sec-disk0:;dir /all sec-slot1:;dir /all sec-disk1:;dir /all sec-slot2:;dir /all sec-disk2:;show controllers;show controllers cbus;show diagbus;show diag;show capture;show module;show spe version;show c7200;show inventory raw;show vtp status;show vlan;show vlan-switch;show switch detail;show sdm prefer;show system mtu;show debug;show shun;more system:running-config;show running-config view full;show running-config;write term' foo
% fnrancid -C foo
fnlogin -t 90 -c'get system status;show full-configuration' foo

also see etc/rancid.types.base


More information about the Rancid-discuss mailing list