[rancid] patch for local rancid.conf w/ git and ASA passwords using ikev2

Mike Eklund meklund at dealnews.com
Tue May 12 20:51:55 UTC 2015


I found a couple of issues with rancid 3.2. 

1) when control_rancid checks for a group specific rancid.conf it does not properly set error codes when using git. 
2) password filtering does not work on Cisco ASA firewalls using ikev2 

here is a patch: 

diff -rupN rancid-3.2/bin/control_rancid.in rancid-3.2.new/bin/control_rancid.in 
--- rancid-3.2/bin/control_rancid.in 2015-03-16 15:02:52.000000000 -0400 
+++ rancid-3.2.new/bin/control_rancid.in 2015-05-11 14:38:49.942514742 -0400 
@@ -236,6 +236,7 @@ if [ -f rancid.conf ] ; then 
;; 
git ) 
git status -s rancid.conf | grep '^?' 
+ if [ $? -eq 0 ] ; then LN=1; else LN=0; fi 
;; 
esac 
if [ $LN -eq 0 ] ; then 
diff -rupN rancid-3.2/lib/ios.pm.in rancid-3.2.new/lib/ios.pm.in 
--- rancid-3.2/lib/ios.pm.in 2015-03-16 15:02:52.000000000 -0400 
+++ rancid-3.2.new/lib/ios.pm.in 2015-05-11 14:38:50.622544735 -0400 
@@ -2125,6 +2125,16 @@ TOP: 
ProcessHistory("","","","!$1 <removed> $'"); next; 
} 
# ASA/PIX keys in more system:running-config 
+ if (/^(( ikev2)? remote-authentication pre-shared-key ).*/ && 
+ $filter_pwds >= 1) { 
+ ProcessHistory("","","","!$1 <removed> $'"); next; 
+ } 
+ # ASA/PIX keys in more system:running-config 
+ if (/^(( ikev2)? local-authentication pre-shared-key ).*/ && 
+ $filter_pwds >= 1) { 
+ ProcessHistory("","","","!$1 <removed> $'"); next; 
+ } 
+ # ASA/PIX keys in more system:running-config 
if (/(\s+ldap-login-password )\S+(.*)/ && $filter_pwds >= 1) { 
ProcessHistory("","","","!$1 <removed> $'"); next; 
} 

Regards, 


Mike Eklund | DealNews 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20150512/4ab0c8c4/attachment.html>


More information about the Rancid-discuss mailing list