[rancid] No Password required to read Configs.

Nicky Brown nickyicebrown at gmail.com
Thu Apr 8 16:07:21 UTC 2010


Hi All,

We have a Rancid installation on an internal IP.  Everything is pretty much
default and only our Cisco devices are managed through Rancid.  I just
noticed a truck sized hole in my config however.

If you enter http://192.168.32.2/cgi-bin/cvsweb.cgi/   on your browser, you
can access the config files for all our devices without a password.

I have limited the IPs which can reach port 80 but that is far from enough.
What must I change to protect this data?  Is there a howto?  Did I miss a
section of the installation manual?

Nicky.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100408/803b21d8/attachment.html 


More information about the Rancid-discuss mailing list