[rancid] Re: fortigate issues

Diego Ercolani diego.ercolani at ssis.sm
Tue Mar 2 15:36:34 UTC 2010 

I see the problem near line 590 of fnlogin procedure
           -re "$prompt"                       {  send "\r"
                                                       sleep 0.5

if I invert sleep 0.5 with send "\r"
the difference come up in other places...

for the certificates, in my rancid installation certificates didn't vary from 
one query to another I don't know why as if I ask fortinet with "show full-
configuration", certificates vary from one query to the other
....

 
In data lunedì 1 marzo 2010 18:16:21, hai scritto:
> Yes one line is easy to remove but I need to remove the complete
> certificate block.
> 
> Maybe with a line counter from the moment I match the "set private-key" tag
> 
> Thanks for your help
> 
> Le 1 mars 2010 à 16:22, Diego Ercolani a écrit :
> > I had today your issue, I've solved with a reboot process of the
> > fortigate appliance....
> > rancid (with my patches) simple asks fortinet a dump of the configuration
> > without making bautifying or indent of the configuration dump.
> > for the certificate/private key and others, you have to modify the source
> > removing things multiline....
> > The main loop where these things are done start at line 176 of fnrancid,
> > but as you see it's very simple and remove only the one-line things
> > matching a tag on the line. You have to create a more sophisticated
> > implementation subroutine that process multiline input at a time e
> > manage exceptions.
> > 
> > In the same loop I think it's possible to manage issue like more spaces
> > added, but what I saw in my today situation is that sometimes fortigate
> > give the configurations breaking commands with a line feed without any
> > kind of rule eg.... I saw something like:
> > 
> > retrieving revision 1.1969
> > diff -U 4 -r1.1969 fortifw
> > @@ -51,9 +51,9 @@
> > 
> >      set daily-restart disable
> >      set detection-summary enable
> >      set dst enable
> >      set failtime 5
> > 
> > -      set fds-statistics enable
> > +    set fds-stat
> > +      istics enable
> > 
> >      set forticlient-portal-port 8009
> >      set fsae-burst-size 300
> >      set fsae-rate-limit 100
> > 
> > ...this isn't foreseenable, don't you think?
> > 
> > In data lunedì 1 marzo 2010 14:59:56, Rodo Bibi ha scritto:
> > : > Hey rancid community
> >> 
> >> I am working with fortigate 1000A and I have 2 issues I am sure you can
> >> help me with.
> >> 
> >> At each rancid backup I receive an email with configuration changes.
> >> 
> >> First problem :
> >> 
> >> retrieving revision 1.1969
> >> diff -U 4 -r1.1969 fortifw
> >> @@ -51,9 +51,9 @@
> >> 
> >>      set daily-restart disable
> >>      set detection-summary enable
> >>      set dst enable
> >>      set failtime 5
> >> 
> >> -      set fds-statistics enable
> >> +    set fds-statistics enable
> >> 
> >>      set forticlient-portal-port 8009
> >>      set fsae-burst-size 300
> >>      set fsae-rate-limit 100
> >> 
> >> See, the set fds-statistics enable is removed then added. How can I get
> >> rid of this ?
> >> 
> >> 
> >> Second problem :
> >> 
> >> The display of the private key changes at each backup :
> >> 
> >> +         set private-key "-----BEGIN RSA PRIVATE KEY-----
> >> 
> >>  Proc-Type: 4,ENCRYPTED
> >> 
> >> - DEK-Info: DES-EDE3-CBC,3C07324ADB7623412
> >> - M1/T1PrO+n8oX1E2Fks46mI6zF3R99g3ulhR9jfXi1zdjYrfEfmz8eIbV0lrECoo
> >> - P6DKRBUUJw9p4OPitm1XpIG5SXQSLWjV9GOWeFhsiAWDZrnONzWSkuiunXxu3W3D
> >> - BIw4fCC+HXRs1wUHhTf0XWzpbO0pmWfHWcCv8D3jKLXdchGI/5jKyfsVAgv5TT6Q
> >> - A40sI463M4xBl2RzNBNvxSF1yrpDdA454W0B4y8uSHLQg0Q94fGiprLpUO9S2NFI
> >> - QUKJGqAhNrwGbFCmm7NQxeEbdbJnzJ77rxYjm3+VQaEsPkuKU32DgQTP1uJIxTeB
> >> - WM8F30XrOqj6/esxqqL8TZl4uYySJZtR2SVjlhdVlg7zCQSZV3ZbgK7zR5lT3+aK
> >> - rUGg3DEiA8ajHxv44QsUutwhSrubreCkaHkRI1VxZpeOroa2x6t8bN/XcvPCWQEo
> >> - Y1yXEn7iR3LZxbE5retft+UBhcBs0Xm55vBMGeyNhzkalQveSJ1Bn7A5lLrII8Hy
> >> - YlozkgkbzsRsWNFQKFUWGNQR56432IHGWOVDSBQGE5py0Wk1qq+bOQq5T
> >> - ySWSKQDdDv3rS2OU3aulmcXvzs+pmLqYHQG6m8vQm0/7EhKEKa2UK2M5Nx4SOLdI
> >> - 94iOYWFrJ5SJcIgA3TKaQVpHTEjsSncPVlUu4sBxm3kTQOK5bE52aw==
> >> + DEK-Info: DES-EDE3-CBC,B69D648DD9C5C8D
> >> + bAAaqPBUPN3p3MkBtkfZ9rCk18Fda5hppgZbInsTBioCajUeewzXOFqLsPBmP4qD
> >> + oKakQ9QAt9d4W7SYmRvSWM7kWluOlQDXYOX3NImoYYmF/iCP6sS+mopih5PAy4na
> >> + 9Jxe5m5Cb6USdafrSjHqaOQjlXOIGo7vCvs3LyXOhBA2mw1QTJyYPK5ZDiqx+edt
> >> + Qqs4EIF8PgzSug2yQmkXu1YeuLaUtpnVu6g7koY3ugeznEJe7qUR15EvYW/VI3eg
> >> + xKTmqk95+oNEySR+WcKajv59u01j6FoaD0ALN5rJEVv1AlG0NJryjIlevW1AGVUw
> >> + tXG2HJz0zmFX99hIV7RMntZIez2cw+VaojLluHlTdngI9y7LemoLQPrxwKjwCV0+
> >> + U3waJhpKV2bFjfqhbcuahifjAFIFA8ghhfbuzfq/y7O8yD25fSE22fU
> >> + F0+8ehuNv2M13gATPhUrNtQDo0wSzPaO//Bpei+QT1ulVSMQGveVkVdRH1wHWvPg
> >> + AzDVi/HmsVvZa0SBKwuZP4WnVdfuiIyX0frWpGirltPny9BkuM3GSBsa2Oz/f2XS
> >> + OEVW1xUT+WFUc55x7rVDvy8WPFSUYL7hFQDJmr2VZC2QJi1W2jVcsAcaAswDo3RE
> >> + +3vjawQ1S/p5Sh2UX1XCel+HP5X9mR/3HlPV1EsZ9rwz9mnl2GhQYQ==
> >> 
> >>  -----END RSA PRIVATE KEY-----"
> >> 
> >> I would love to remove everything " " and display set private-key " ***
> >> removed *** ".
> >> 
> >> Thanks
> > 
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

More information about the Rancid-discuss mailing list