[rancid] Securing RANCID installation

Alan McKinnon alan.mckinnon at gmail.com
Tue Dec 16 19:55:10 UTC 2014


On 16/12/2014 16:43, Jason Humes wrote:
> Hi
> Are there are tips or best practices for securing a RANCID installation...the clogin files, the backed up configs, etc.
> 
> Thanks for any advice! :)


Others have explained well how to secure the data rancid produces to
avoid information leakage.

I would add that protecting .cloginrc is very very important as it
contains login and enable passwords for the admin account on all your
network devices.

Make sure that only authorized sysadmins have login access to the rancid
host, and that the rancid user's home directory is set with very
restricted permissions (assuming a user called rancid):

chown -R rancid ~rancid
chmod -R go-rwx ~rancid


Considering what can happen if .cloginrc leaks, it's a good idea to run
rancid on a dedicated single-purpose host. Rancid is very light on
resources, a basic VM with 1 cpu and 512M RAM does the job admirably



-- 
Alan McKinnon
alan.mckinnon at gmail.com



More information about the Rancid-discuss mailing list