[rancid] rancid with Fortigate FG100A

Gavin McCullagh gmccullagh at gmail.com
Wed Feb 2 10:25:01 UTC 2011


On Tue, 01 Feb 2011, Gavin McCullagh wrote:

> I'm also seeing the two RSA Private Keys changing regularly which is very
> odd.  I'm not sure if that tells me something's odd about the firewall
> rather than about Rancid, but I'm seeing this on two different FG100A
> firewalls.

I have a request in with Fortinet to understand why this is.

In the meantime, I've written a small patch to strip the private key from
the config rancid keeps.  It works, though I'm not yet sure if ignoring
this key is a sensible thing to do.  If I get a decent answer from Fortinet
I'll pass it on here.


--- fnrancid.v1	2011-02-01 23:25:13.000000000 +0000
+++ fnrancid	2011-02-01 23:40:34.000000000 +0000
@@ -170,6 +170,7 @@
 sub GetSystem {
     print STDERR "    In GetSystem: $_" if ($debug);
+    my $priv_key;
     while (<INPUT>) {
 	next if /^\s*$/;
@@ -203,6 +204,11 @@
 	next if /^\s*$/;
 	last if (/$prompt/);
+	# spot the start of an RSA private key
+	$priv_key = 1 if(/^\s*set private-key "-----BEGIN RSA PRIVATE KEY-----/);
+	# spot the end of an RSA private key
+	$priv_key = 0 && next if(/^\s*-----END RSA PRIVATE KEY-----"/);
+	next if($priv_key == 1);
 	# System time is fortigate extraction time
 	next if (/^\s*!System time:/);

More information about the Rancid-discuss mailing list