[rancid] issue with fortigate FW after upgrade

Frank Bulk frnkblk at iname.com
Wed Jul 22 03:50:02 UTC 2015


Just adjust the match lines to include the block of data you want to ignore.

Frank

-----Original Message-----
From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf
Of Shaun Krok
Sent: Tuesday, July 14, 2015 12:02 AM
To: Rancid Discuss <rancid-discuss at shrubbery.net>
Subject: [rancid] issue with fortigate FW after upgrade

Hi

Was hoping someone had come across this in recent days.

We have several sites running fortigate FW cluster without issues.
We then upgraded a site to a new version and now have the following 
"noise" issue

Running version 3.0 of rancid and I have checked the fnrancid script 
and it does have the patch mentioned in the forum

If anyone can help with this would be much appreciated ?

Shaun



**********************

Here is a snip ?

sub GetConf {
     print STDERR "    In GetConf: $_" if ($debug);

     while (<INPUT>) {
         tr/\015//d;
         next if /^\s*$/;
         last if (/$prompt/);

         # System time is fortigate extraction time
         next if (/^\s*!System time:/);
         # remove occurrances of conf_file_ver
         next if (/^#?conf_file_ver=/);

         # filter cycling RSA private keys
         if (/^\s*set private-key "-----BEGIN RSA PRIVATE KEY-----/) {
             ProcessHistory("","","","#$_");
             ProcessHistory("","","","# <removed>");
             while (<INPUT>) {
                 tr/\015//d;
                 last if (/$prompt/);

                 if (/^\s*-----END RSA PRIVATE KEY-----"/) {
                     ProcessHistory("","","","#$_");
                     last;
                 }
             }
         }
         # filter cycling password encryption
         if (/^\s*(set [^\s]*)\s(enc\s[^\s]+)(.*)/i && $filter_pwds > 0 
) {
             ProcessHistory("ENC","","","#$1 ENC <removed> $3\n");
             next;
         }
         ProcessHistory("","","","$_");
     }
     $found_end = 1;
     return(1);
}



retrieving revision 1.510
diff -U 10 -r1.510 de-fw
@@ -16047,35 +16047,35 @@
   Z0nf1R7CqJgrTEeDgUwuRMLvyGPui3tbMfYmYb95HLCpTqnJUHvi
   -----END CERTIFICATE-----"
           set scep-url ''
           set source-ip 0.0.0.0
       next
   end
   config vpn certificate local
       edit "Fortinet_Factory"
   #set password ENC <removed>
           set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----
- MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIHB+yEmeRPUsCAggA
- MBQGCCqGSIb3DQMHBAgiWcwKklgTzQSCAoATyGNsZtmmKFswxEjAoX9nEm1La21g
- ZlbBj0g4GP4hQwQZ+HTXRgQ+FqqQVst1Ylk6P4TYrSSHux4BXSgg4wCs3JM7d5j7
- g4tlQnvThXPynSTSzARB6fShDqBwSW1+uR3mD+wFoe0wFVW5RW62AaI1D1nvV6oH
- j/71eQLS0Iv9bX3F9VWxnvUm0uQtH6a+L+n5hzsDUyWbfSGvmmmNVTuLzpKXLRaP
- OH0JaIafUI5CNGu1Kvga3Ys++9cBObo+XLUlm4mPICtxOPNBG2rM6TxKHi4z6VZN
- 8wfPzK7BPqKlqAFVpvqfhpNt/uQFCIO4VGIGiLEwI4nF4+pna0UFBv5IXXqRLnXp
- nHDcRD3RA2AqdUUKihH9/WpryY2gu8gL32MJ6corIKOaPRlWKafc5ib4xNL37Qog
- THYimDfTsw+Xo9ksI4pZyegXxI6IgG/tsrFqFTC7kS6Bd57lFN4ruWjB3k5Gb0dO
- s5w0/A2QnQaSnkByAE8yjCcZylqPC3cKGYVWHrO6QlVuw99joS8wFxwuFQvly7Qh
- A/YEr4o+dGe/hkbG9j8o1AFChJNlz1tAl0Q9zs1AgpdCJ4Qzv8ZRRBh4OqPrYFfU
- JuzfVTxEq2BTmgWWCK3pjVuNOP3ezooofbV+Sag9z5PZ+NzY1hn2vJmOLh2iXDXD
- vmLzcRrgttSI2SPYPXTfRjdB/rD+T8pJedz4JQgZfz6gOtarxV8vEHRk6/yyuCsD
- UFxGMpkIriGKEcoPdOAb4Om236P3UOFMnPxKeSgzornVquURhLxR/P9C2+CL4DTB
- TAcKdDuTmBM+mJHlokKvM2YfJGpHr/81vgvuoZLm6wJTtSafE87xU+R4
+ MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI6M+NicV3wgACAggA
+ MBQGCCqGSIb3DQMHBAgTVUNlqWeA9gSCAoC7WF+N85ZdPBwcPJB184UlU2HxL/7+
+ yyTlczZioYo9hUl7P3aWrexeBnb9PRjNfguK9PvaB7TSJr4lmNMs9WINS/wYwPIW
+ RlUzcfEDTQyevlji7GNxVKaE945FjjIstKxYZK62FTGP4eF6GZfBcQNuTgfRFiKW
+ CIEGVD0hhTQ0OL6MPFjT4ILWF1VwaTEOYmw74lLhsPBsLfR8tK0rLrplJvFUqBxx
+ lJJZ3uKOoym7lUMIRbjXRU9ip13/1BnTM44AUvp4r56rbwzK0hpHSGNoKR3Dbpwo
+ XH2zZzufRT2oUu6ENVNkcz8iHGdfqnjqSn0qed0bsL+qPZtVvNV0UM+AX94rVzjI
+ ylhNBlZQjGBHIiAy13MaLe794TER3RGWTrUFw+rMQIRZwV/feK6NnNpo8uTLlU/w
+ 6PXLoifQgvUW95SDPiQnVDNtD7m0W/QTOfjk2m37SgehOf6uhZZ4ohgxxkWlItbz
+ Np6u9+Ep4U+16BURrGkDTDnawmudiJbR/48iVa8TfiAi90z5q1H9/0ONSWHWvl0Z
+ 41JzdWaENVnBIAM278Q0UKoplMk4pFORTfV6NNjn0MPGSoAHktqyE77BOhpREedG
+ HCSq3fgbENdXB3rmL5LlGeSD4xsMoHiR2/0O7nsvD1tjHz7AfPw5A7CGtRev+FKK
+ VeGFsebDD3D/RwaxN8WxWYm/NhKwgnIR4bBbIFg7dWcjK4gMsky7BWioPkrYVhqo
+ /GKE8gjmRvQZqKsGpfLdF28Yptn3PmB+Ooyl7iKiVlM2f64vsxijoND1aG1i5BzH
+ dGCaHYnC3uj2jICXbzSQ8RvhJjGIlaT7jz7mas6Aurl3MKL9V6ObPH4M
   -----END ENCRYPTED PRIVATE KEY-----"
           set certificate "-----BEGIN CERTIFICATE-----
   MIIDRTCCAi2gAwIBAgIDDAYBMA0GCSqGSIb3DQEBBQUAMIGgMQswCQYDVQQGEwJV
   UzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMREwDwYD
   VQQKEwhGb3J0aW5ldDEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRAw
   DgYDVQQDEwdzdXBwb3J0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0
   LmNvbTAeFw0xMzAzMTExMDMwNTdaFw0zODAxMTkwMzE0MDdaMIGdMQswCQYDVQQG
   EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMREw
   DwYDVQQKEwhGb3J0aW5ldDESMBAGA1UECxMJRm9ydGlHYXRlMRkwFwYDVQQDExBG
   RzMwMEMzOTEzNjAzMTQ4MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0


-- 
Shaun Krok
Tel: 050 2424 381
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss




More information about the Rancid-discuss mailing list