[rancid] Re: fortigate issues
john heasley
heas at shrubbery.net
Mon Mar 1 18:01:31 UTC 2010
Mon, Mar 01, 2010 at 04:22:29PM +0100, Diego Ercolani:
> I had today your issue, I've solved with a reboot process of the fortigate
> appliance....
> rancid (with my patches) simple asks fortinet a dump of the configuration
> without making bautifying or indent of the configuration dump.
> for the certificate/private key and others, you have to modify the source
> removing things multiline....
> The main loop where these things are done start at line 176 of fnrancid, but
> as you see it's very simple and remove only the one-line things matching a tag
> on the line. You have to create a more sophisticated implementation subroutine
> that process multiline input at a time e manage exceptions.
>
> In the same loop I think it's possible to manage issue like more spaces added,
> but what I saw in my today situation is that sometimes fortigate give the
> configurations breaking commands with a line feed without any kind of rule
> eg.... I saw something like:
>
> retrieving revision 1.1969
> diff -U 4 -r1.1969 fortifw
> @@ -51,9 +51,9 @@
> set daily-restart disable
> set detection-summary enable
> set dst enable
> set failtime 5
> - set fds-statistics enable
> + set fds-stat
> + istics enable
> set forticlient-portal-port 8009
> set fsae-burst-size 300
> set fsae-rate-limit 100
most likely a side effect of the pager. nlogin uses 'set console page 0'
to disable the pager. does this command not work on the fortigate?
> ...this isn't foreseenable, don't you think?
>
> In data luned? 1 marzo 2010 14:59:56, Rodo Bibi ha scritto:
> : > Hey rancid community
> >
> > I am working with fortigate 1000A and I have 2 issues I am sure you can
> > help me with.
> >
> > At each rancid backup I receive an email with configuration changes.
> >
> > First problem :
> >
> > retrieving revision 1.1969
> > diff -U 4 -r1.1969 fortifw
> > @@ -51,9 +51,9 @@
> > set daily-restart disable
> > set detection-summary enable
> > set dst enable
> > set failtime 5
> > - set fds-statistics enable
> > + set fds-statistics enable
> > set forticlient-portal-port 8009
> > set fsae-burst-size 300
> > set fsae-rate-limit 100
> >
> > See, the set fds-statistics enable is removed then added. How can I get rid
> > of this ?
> >
> >
> > Second problem :
> >
> > The display of the private key changes at each backup :
one would think that key should be static. maybe it rekeys on some
schedule? what is it used for? are there multiple private keys in
the config?
> > + set private-key "-----BEGIN RSA PRIVATE KEY-----
> > Proc-Type: 4,ENCRYPTED
> > - DEK-Info: DES-EDE3-CBC,3C07324ADB7623412
> > - M1/T1PrO+n8oX1E2Fks46mI6zF3R99g3ulhR9jfXi1zdjYrfEfmz8eIbV0lrECoo
> > - P6DKRBUUJw9p4OPitm1XpIG5SXQSLWjV9GOWeFhsiAWDZrnONzWSkuiunXxu3W3D
> > - BIw4fCC+HXRs1wUHhTf0XWzpbO0pmWfHWcCv8D3jKLXdchGI/5jKyfsVAgv5TT6Q
> > - A40sI463M4xBl2RzNBNvxSF1yrpDdA454W0B4y8uSHLQg0Q94fGiprLpUO9S2NFI
> > - QUKJGqAhNrwGbFCmm7NQxeEbdbJnzJ77rxYjm3+VQaEsPkuKU32DgQTP1uJIxTeB
> > - WM8F30XrOqj6/esxqqL8TZl4uYySJZtR2SVjlhdVlg7zCQSZV3ZbgK7zR5lT3+aK
> > - rUGg3DEiA8ajHxv44QsUutwhSrubreCkaHkRI1VxZpeOroa2x6t8bN/XcvPCWQEo
> > - Y1yXEn7iR3LZxbE5retft+UBhcBs0Xm55vBMGeyNhzkalQveSJ1Bn7A5lLrII8Hy
> > - YlozkgkbzsRsWNFQKFUWGNQR56432IHGWOVDSBQGE5py0Wk1qq+bOQq5T
> > - ySWSKQDdDv3rS2OU3aulmcXvzs+pmLqYHQG6m8vQm0/7EhKEKa2UK2M5Nx4SOLdI
> > - 94iOYWFrJ5SJcIgA3TKaQVpHTEjsSncPVlUu4sBxm3kTQOK5bE52aw==
> > + DEK-Info: DES-EDE3-CBC,B69D648DD9C5C8D
> > + bAAaqPBUPN3p3MkBtkfZ9rCk18Fda5hppgZbInsTBioCajUeewzXOFqLsPBmP4qD
> > + oKakQ9QAt9d4W7SYmRvSWM7kWluOlQDXYOX3NImoYYmF/iCP6sS+mopih5PAy4na
> > + 9Jxe5m5Cb6USdafrSjHqaOQjlXOIGo7vCvs3LyXOhBA2mw1QTJyYPK5ZDiqx+edt
> > + Qqs4EIF8PgzSug2yQmkXu1YeuLaUtpnVu6g7koY3ugeznEJe7qUR15EvYW/VI3eg
> > + xKTmqk95+oNEySR+WcKajv59u01j6FoaD0ALN5rJEVv1AlG0NJryjIlevW1AGVUw
> > + tXG2HJz0zmFX99hIV7RMntZIez2cw+VaojLluHlTdngI9y7LemoLQPrxwKjwCV0+
> > + U3waJhpKV2bFjfqhbcuahifjAFIFA8ghhfbuzfq/y7O8yD25fSE22fU
> > + F0+8ehuNv2M13gATPhUrNtQDo0wSzPaO//Bpei+QT1ulVSMQGveVkVdRH1wHWvPg
> > + AzDVi/HmsVvZa0SBKwuZP4WnVdfuiIyX0frWpGirltPny9BkuM3GSBsa2Oz/f2XS
> > + OEVW1xUT+WFUc55x7rVDvy8WPFSUYL7hFQDJmr2VZC2QJi1W2jVcsAcaAswDo3RE
> > + +3vjawQ1S/p5Sh2UX1XCel+HP5X9mR/3HlPV1EsZ9rwz9mnl2GhQYQ==
> > -----END RSA PRIVATE KEY-----"
> >
> > I would love to remove everything " " and display set private-key " ***
> > removed *** ".
> >
> > Thanks
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
More information about the Rancid-discuss
mailing list