[rancid] Fortigate rancid issues
Gerhard Mourani
GMourani at prival.ca
Mon Dec 12 15:19:07 UTC 2011
Hello,
Even with provided patch, I receive every day diff related to VPN connection crypto keys like the following with my FortiGate 80C:
!set password ENC <removed> !set password ENC <removed>
set private-key "-----BEGIN RSA PRIVATE KEY----- set private-key "-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,FAEBFA3BD9D852E2 DEK-Info: DES-EDE3-CBC,C7650C0C4F6C6104
88melT42IuRmujhlBChB+P/EsRUYA4C5HDEspCCTkawDt5MsIoKIqkx+/afEGCKh 0xk8R9ypKFjgVZtIs+aZjwzotLjg4EHBMunqJUju7b1HJ9NQLCSuQTPom4Cx6sxE
gfqtbliorSZN4hbaFr3TambNuOWy32M1rAsYRbmR4g2PW9k02yAktQQsBIWSciM9 5s9Ust2KISMSsMggDmLVDsSXfPFVSxdOoipMu1AklnhJDBGEwACSqycm2eNVAm4U
fvYIqSDZO6e733S0iikFoya9n0mcEYZilBk46fOzSRdoPEiAuUtc4zCB/uvQLwrk BSt8jPkX1akEHvyCUBSzqaiG2NMmK5MQaZ4434S8VHEWt1RiWfbDzV3QrQZl4AcZ
hJNSuC87AbE9iG0ohvYQgok/xLIPDYdbGLyYK0iBgLDd6qYIzwkINZ1hkNYfyKmx
ex/XeQva24dzLFNxurLFYN7BQdUSCQpe3APpjMfjEfEtTKIt+YHf1fUd6jrmpjeX
vnIzCTyZsTlgIXm6DRlVnFi7bDrUho5y/S9jQrdj2jEUrgZfVnULqfa9A7k145o/ DC/XrG3IfyDSmv0XdZWbFq1b3fuXuSJ2b8PqYkmho9DqU8eegfcxP3F5jiDKz087
ImBnn7zsKPfpQyc8IXPL+OWUwaCdIkaI8/QHCfJk6tZZfQ0YSfjjhVyeGUo8iB2
TsZIsw7ituk5BTqSHj6iy9HViJ/zLeevmEV6WEgcjD4Uz4UvGTyuws/tHJ3F/gH5
njlVCUWd/U8CGk64FuH311lNBSsWpUNWKBlPiCJfssUDRco1JIgn1Jl3jk3qe4kY sinmPC6EGkNLUwKhTdBRIQ0cLBOI25lpfI3dNLc3oRHmi6Spb7W0VUic3b5eRtuN
z6q2e7lPc1FMM70ljRsq7sMhAXrAZNOe890MIzNtDqtMQJph3AiHPPXcWJhfxFym QpDyCfYGX7LYliSnxIBZ34G/YcbgUOJjGvcvhJMR8arVH3V09yS5jD2DTthY3dWI
Gerhard,
-----Original Message-----
From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of john heasley
Sent: December-07-11 5:39 PM
To: Drikus Brits
Cc: rancid-discuss at shrubbery.net
Subject: Re: [rancid] Fortigate rancid issues
Mon, Nov 07, 2011 at 06:55:30AM +0000, Drikus Brits:
> Hi all,
>
> I've recently added a couple of fortigates onto rancid , and seems to work without issues , however , every couple of hours I get some firewalls diffs with stupid changes it picks up somewhere.
>
> Example :
>
> <snip>
>
> set av-failopen pass
>
> - set av-failopen-session disable
>
> + set av-failopen-session disable
>
> set batch-cmdb enable
> </snip>
>
> Or
>
> <snip>
>
> config system amc-slot
>
> - edit "sw1"
>
> + edit
>
> + "sw1"
>
> next
>
>
> &&
>
> Then the next hour :
>
>
> end
>
> config system amc-slot
>
> - edit
>
> - "sw1"
>
> + edit "sw1"
>
> next
>
> end
> </snip>
>
>
> Any ideas what the problem might be as to why it picks up some commands as 2 lines , and then suddenly as 1 ?
>
> Thanks
Could you try this patch?
http://www.shrubbery.net/pipermail/rancid-discuss/2011-July/005787.html
and, a superset of that (from "Andy") is below. i'd like some confirmation if these work before committing the change.
Index: bin/fnlogin.in
===================================================================
--- bin/fnlogin.in (revision 2343)
+++ bin/fnlogin.in (working copy)
@@ -451,6 +451,10 @@
expect -re $prompt; send -- "end\r"
expect -re $prompt;
+# see http://www.shrubbery.net/pipermail/rancid-discuss/2011-July/005787.html
+ # this is the only way i see to get rid of more prompts in o/p..grrrrr
+ log_user 0
+
set commands [split $command \;]
set num_commands [llength $commands]
for {set i 0} {$i < $num_commands} { incr i} { @@ -459,10 +463,12 @@
-re "$prompt" { send "\r"
sleep 0.5
}
- -gl "--More--" { send " "
+ -gl "--More--\[^\n\r]*" { send " "
exp_continue
- -re "\[\n\r]+" { exp_continue }
}
+ -re "\[^\r\n]*\[\n\r]+" { send_user -- "$expect_out(buffer)"
+ exp_continue
+ }
}
}
expect {
@@ -573,8 +579,12 @@
}
} elseif { $do_script } {
# Disable output paging.
+ send "config global\r"
+ expect -re $prompt {}
send "config system console\r"
+ expect -re $prompt {}
send "set output standard\r"
+ expect -re $prompt {}
send "end\r"
expect -re $prompt {}
source $sfile
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
More information about the Rancid-discuss
mailing list