paranoid patch for cisco routers :)
Janos Mohacsi
janos at budapest.dante.org.uk
Wed Jun 26 09:59:42 UTC 2002
Dear All,
We are using IS-IS as an IGP and rancid did not remove the IS-IS
password. Also if we set up FILTER_PWDS=ALL we would prefer removing the
community strings...
Here is my patch for this:
*** mcrancid.orig Wed Jun 26 10:25:28 2002
--- mcrancid Wed Jun 26 10:43:20 2002
***************
*** 936,941 ****
--- 936,949 ----
ProcessHistory("","","","! neighbor $1 password <removed>\n");
next;
}
+ if (/^\s*isis password / && $filter_pwds >= 1){
+ ProcessHistory("", "", "", "! isis password <removed>\n");
+ next;
+ }
+ if (/^snmp-server community (\S*) (.*)/ && $filter_pwds >=2) {
+ ProcessHistory("", "", "", "!snmp-server community <removed> $2\n");
+ next;
+ }
if (/^(ppp .* password) 7 .*/ && $filter_pwds >= 1) {
ProcessHistory("","","","!$1 <removed>\n"); next;
}
This is for bin/mcrancid (for my previous patch), but the same applies for
bin/rancid also.
Best Regards,
Janos Mohacsi
More information about the Rancid-discuss
mailing list