[rancid] Re: fortigate issues

Diego Ercolani diego.ercolani at ssis.sm
Mon Mar 1 15:22:29 UTC 2010


I had today your issue, I've solved with a reboot process of the fortigate 
appliance....
rancid (with my patches) simple asks fortinet a dump of the configuration 
without making bautifying or indent of the configuration dump.
for the certificate/private key and others, you have to modify the source 
removing things multiline....
The main loop where these things are done start at line 176 of fnrancid, but 
as you see it's very simple and remove only the one-line things matching a tag 
on the line. You have to create a more sophisticated implementation subroutine 
that process multiline input at a time e manage exceptions.

In the same loop I think it's possible to manage issue like more spaces added, 
but what I saw in my today situation is that sometimes fortigate give the 
configurations breaking commands with a line feed without any kind of rule 
eg.... I saw something like:

retrieving revision 1.1969
diff -U 4 -r1.1969 fortifw
@@ -51,9 +51,9 @@
      set daily-restart disable
      set detection-summary enable
      set dst enable
      set failtime 5
-      set fds-statistics enable
+    set fds-stat
+      istics enable
      set forticlient-portal-port 8009
      set fsae-burst-size 300
      set fsae-rate-limit 100

...this isn't foreseenable, don't you think?

In data lunedì 1 marzo 2010 14:59:56, Rodo Bibi ha scritto:
: > Hey rancid community
> 
> I am working with fortigate 1000A and I have 2 issues I am sure you can
> help me with.
> 
> At each rancid backup I receive an email with configuration changes.
> 
> First problem :
> 
> retrieving revision 1.1969
> diff -U 4 -r1.1969 fortifw
> @@ -51,9 +51,9 @@
>       set daily-restart disable
>       set detection-summary enable
>       set dst enable
>       set failtime 5
> -      set fds-statistics enable
> +    set fds-statistics enable
>       set forticlient-portal-port 8009
>       set fsae-burst-size 300
>       set fsae-rate-limit 100
> 
> See, the set fds-statistics enable is removed then added. How can I get rid
> of this ?
> 
> 
> Second problem :
> 
> The display of the private key changes at each backup :
> 
> +         set private-key "-----BEGIN RSA PRIVATE KEY-----
>   Proc-Type: 4,ENCRYPTED
> - DEK-Info: DES-EDE3-CBC,3C07324ADB7623412
> - M1/T1PrO+n8oX1E2Fks46mI6zF3R99g3ulhR9jfXi1zdjYrfEfmz8eIbV0lrECoo
> - P6DKRBUUJw9p4OPitm1XpIG5SXQSLWjV9GOWeFhsiAWDZrnONzWSkuiunXxu3W3D
> - BIw4fCC+HXRs1wUHhTf0XWzpbO0pmWfHWcCv8D3jKLXdchGI/5jKyfsVAgv5TT6Q
> - A40sI463M4xBl2RzNBNvxSF1yrpDdA454W0B4y8uSHLQg0Q94fGiprLpUO9S2NFI
> - QUKJGqAhNrwGbFCmm7NQxeEbdbJnzJ77rxYjm3+VQaEsPkuKU32DgQTP1uJIxTeB
> - WM8F30XrOqj6/esxqqL8TZl4uYySJZtR2SVjlhdVlg7zCQSZV3ZbgK7zR5lT3+aK
> - rUGg3DEiA8ajHxv44QsUutwhSrubreCkaHkRI1VxZpeOroa2x6t8bN/XcvPCWQEo
> - Y1yXEn7iR3LZxbE5retft+UBhcBs0Xm55vBMGeyNhzkalQveSJ1Bn7A5lLrII8Hy
> - YlozkgkbzsRsWNFQKFUWGNQR56432IHGWOVDSBQGE5py0Wk1qq+bOQq5T
> - ySWSKQDdDv3rS2OU3aulmcXvzs+pmLqYHQG6m8vQm0/7EhKEKa2UK2M5Nx4SOLdI
> - 94iOYWFrJ5SJcIgA3TKaQVpHTEjsSncPVlUu4sBxm3kTQOK5bE52aw==
> + DEK-Info: DES-EDE3-CBC,B69D648DD9C5C8D
> + bAAaqPBUPN3p3MkBtkfZ9rCk18Fda5hppgZbInsTBioCajUeewzXOFqLsPBmP4qD
> + oKakQ9QAt9d4W7SYmRvSWM7kWluOlQDXYOX3NImoYYmF/iCP6sS+mopih5PAy4na
> + 9Jxe5m5Cb6USdafrSjHqaOQjlXOIGo7vCvs3LyXOhBA2mw1QTJyYPK5ZDiqx+edt
> + Qqs4EIF8PgzSug2yQmkXu1YeuLaUtpnVu6g7koY3ugeznEJe7qUR15EvYW/VI3eg
> + xKTmqk95+oNEySR+WcKajv59u01j6FoaD0ALN5rJEVv1AlG0NJryjIlevW1AGVUw
> + tXG2HJz0zmFX99hIV7RMntZIez2cw+VaojLluHlTdngI9y7LemoLQPrxwKjwCV0+
> + U3waJhpKV2bFjfqhbcuahifjAFIFA8ghhfbuzfq/y7O8yD25fSE22fU
> + F0+8ehuNv2M13gATPhUrNtQDo0wSzPaO//Bpei+QT1ulVSMQGveVkVdRH1wHWvPg
> + AzDVi/HmsVvZa0SBKwuZP4WnVdfuiIyX0frWpGirltPny9BkuM3GSBsa2Oz/f2XS
> + OEVW1xUT+WFUc55x7rVDvy8WPFSUYL7hFQDJmr2VZC2QJi1W2jVcsAcaAswDo3RE
> + +3vjawQ1S/p5Sh2UX1XCel+HP5X9mR/3HlPV1EsZ9rwz9mnl2GhQYQ==
>   -----END RSA PRIVATE KEY-----"
> 
> I would love to remove everything " " and display set private-key " ***
> removed *** ".
> 
> Thanks


More information about the Rancid-discuss mailing list