[rancid] Fortigate OSPF MD5 key again

Gerhard Mourani gmourani at gmail.com
Tue Nov 28 19:42:46 UTC 2017


Hello,

I've relocated the ospf md5-keys filter definition before the rsa filter and this make it work.

@@ -224,7 +228,11 @@
            ProcessHistory("","","","#$1 last-login <removed>\n");
            next;
        }
-
+        # filter ospf md5-keys
+        if (/^(\s*set)\smd5-key\s(.)\s(.*)/ && $filter_osc) {
+            ProcessHistory("","","","#$1 md5-key $2 <removed>\n");
+            next;
+        }
        # filter cycling RSA private keys
        if ($filter_osc &&
            /^\s*set private-key "-----BEGIN (RSA|ENCRYPTED) PRIVATE KEY-----/) {
@@ -247,11 +255,6 @@
            ProcessHistory("ENC","","","#$1 ENC <removed> $4\n");
            next;
        }
-       # filter ospf md5-keys
-       if (/^(\s*set)\smd5-key\s(.)\s(.*)/ && $filter_osc) {
-           ProcessHistory("","","","#$1 md5-key $2 <removed>\n");
-           next;
-       }

        ProcessHistory("","","","$_");
     }


> On Nov 28, 2017, at 11:34 AM, heasley <heas at shrubbery.net> wrote:
> 
> Thu, Nov 23, 2017 at 10:33:44AM -0500, Gerhard Mourani:
>> 
>> Hello,
>> 
>> In the pass, I've got problem related to OSPF MD5 Key with Fortigate devices who changed all time. See this post for more information about the problem -> http://www.shrubbery.net/pipermail/rancid-discuss/2016-December/009317.html <http://www.shrubbery.net/pipermail/rancid-discuss/2016-December/009317.html>
>> 
>> This seem to be fixed but come back with Rancid 3.7 and FortiGate version 5.4.6. Here some example of the annoying output:
>> 
>> @@ -44723,9 +44723,9 @@
>>             unset md5-key
>>             unset md5-key
>>             unset md5-key
>>             unset md5-key
>> -             set md5-key 10 "ENC 3yV3M0T82oypXb4WPTZe5cgOe5az"
>> +            set md5-key 10 "ENC ihw7GyiIM/c7Pj741Siec2vF/ahW"
>>             unset md5-key
>>             unset md5-key
>>             unset md5-key
>>             unset md5-key
>> 
>> Gerhard,
> 
> Does this work?
> 
> Index: bin/fnrancid.in
> ===================================================================
> --- bin/fnrancid.in	(revision 3734)
> +++ bin/fnrancid.in	(working copy)
> @@ -248,7 +248,7 @@
> 	    next;
> 	}
> 	# filter ospf md5-keys
> -	if (/^(\s*set)\smd5-key\s(.)\s(.*)/ && $filter_osc) {
> +	if (/^(\s*set)\smd5-key\s(\d+)\s(.*)/ && $filter_osc) {
> 	    ProcessHistory("","","","#$1 md5-key $2 <removed>\n");
> 	    next;
> 	}
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20171128/066a5844/attachment.html>


More information about the Rancid-discuss mailing list