[rancid] Fortigate OSPF MD5 key

heasley heas at shrubbery.net
Thu Dec 8 18:45:44 UTC 2016


Thu, Dec 08, 2016 at 01:29:53PM -0500, Gerhard Mourani:
> It doesn't, I've md5-key + auth-password now! worse then before.
> 
> I'm using Rancid version 3.2.11 and here my original lines:

$filter_osc isnt in 3.2 (besides that there never was a 3.2.11).  If you
included that when you patched your script, I'm not sure what the result
would be.  Otherwise, it looks like it should have worked for both cases.

if you can provide a .raw file, i can fix this more easily:
export NOPIPE=YES
fnrancid -dl hostname
send hostname.raw to me as an attachment.

>         # filter cycling password encryption
>         if (/^\s*(set [^\s]*)\s(enc\s[^\s]+)(.*)/i && $filter_pwds > 0 ) {
>             ProcessHistory("ENC","","","#$1 ENC <removed> $3\n");
>             next;
>         }
> 
> Gerhard,
> 
> > On Dec 8, 2016, at 12:33 PM, heasley <heas at shrubbery.net> wrote:
> > 
> > Thu, Dec 08, 2016 at 10:08:28AM -0500, Gerhard Mourani:
> >> I've a small problem with Fortigate devices using OSPF with dynamic key. Every time a new check is made, new backup is generated because dynamic MD5 Key change and I get something like the following each time.
> >> 
> >> set md5-key 10 "ENC 9RFKaZXxTsGOoGB9rTkLTLo3fdR2"
> >> 
> >> Does someone know how I can exclude this kind of line to be taken?
> > 
> > Based on rancid 3.6, i think this will filter it, lmk if it doesn't:
> > 
> > Index: bin/fnrancid.in
> > ===================================================================
> > --- bin/fnrancid.in	(revision 3536)
> > +++ bin/fnrancid.in	(working copy)
> > @@ -228,7 +228,7 @@
> > 	    next;
> > 	}
> > 	# filter cycling password encryption
> > -	if (/^(\s*set \S*)\s(enc\s\S+)(.*)/i &&
> > +	if (/^(\s*set \S*( \d+)?)\s("?enc\s\S+"?)(.*)/i &&
> > 	    ($filter_osc || $filter_pwds > 0)) {
> > 	    ProcessHistory("ENC","","","#$1 ENC <removed> $3\n");
> > 	    next;
> > 
> 



More information about the Rancid-discuss mailing list