[rancid] router config diffs

Lee ler762 at gmail.com
Fri Oct 26 01:02:11 UTC 2018


On 10/25/18, heasley <heas at shrubbery.net> wrote:
> Thu, Oct 25, 2018 at 04:33:45PM -0400, Lee:
  <.. snip lots ..>
>> I haven't tried this, but it sure looks like one could build rancid with
>> export SENDMAIL=/usr/local/bin/sendmail_alt
>> ./configure --prefix= ..etc..
>>
>> and have /usr/local/bin/sendmail_alt be just
>> exit
>
> youre making that more difficult than necessary,
>
> export SENDMAIL="dd of=/dev/null bs=32k"
>
> but, you still want the admin email, imiho, and that will break it.
>
>> and that would take care of not sending emails or doing something
>> other than sending mail.  Yes?   but that means you'd have to build
>> rancid instead of just installing from some repository..
>>
>> In any case, I went with changing control_rancid because there were a
>> few other things I wanted to do like filtering out passwords, keys,
>> hashes, etc. from the mail msg before sending it. So right after the
>>   # Diff the directory and then checkin.
>> section I added
>>
>> # -LR- begin: remove passwords, etc. from diff listing
>> /usr/local/bin/sanitize.sh $TMP.diff >$TMP.diff2
>> /bin/mv  $TMP.diff2 $TMP.diff
>> # -LR- end  : remove passwords etc. from diff listing
>
> this too is possible without changing control_rancid; see rancid.conf(5)
> for FILTER_PWDS & DIFFSCRIPT.

FILTER_PWDS
              Determines  which  passwords will be filtered from configs.

I don't want anything filtered from rancid; it's just email where I
want passwords to be filtered out.  Maybe I could figure out how to
set DIFFSCRIPT to accomplish that, but I already had a script for
blanking out sensitive info for when the security office or whoever
wants to do an audit & demands a copy of all the configs.  So I could
add a few lines to control_rancid and call a script I already knew
worked or spend who knows how long trying to figure how to set
DIFFSCRIPT .. and expediency won.

Regards,
Lee



More information about the Rancid-discuss mailing list