[rancid] Fortigate OSPF MD5 key

Gerhard Mourani gmourani at gmail.com
Thu Dec 8 18:29:53 UTC 2016


It doesn't, I've md5-key + auth-password now! worse then before.

I'm using Rancid version 3.2.11 and here my original lines:

        # filter cycling password encryption
        if (/^\s*(set [^\s]*)\s(enc\s[^\s]+)(.*)/i && $filter_pwds > 0 ) {
            ProcessHistory("ENC","","","#$1 ENC <removed> $3\n");
            next;
        }

Gerhard,

> On Dec 8, 2016, at 12:33 PM, heasley <heas at shrubbery.net> wrote:
> 
> Thu, Dec 08, 2016 at 10:08:28AM -0500, Gerhard Mourani:
>> I've a small problem with Fortigate devices using OSPF with dynamic key. Every time a new check is made, new backup is generated because dynamic MD5 Key change and I get something like the following each time.
>> 
>> set md5-key 10 "ENC 9RFKaZXxTsGOoGB9rTkLTLo3fdR2"
>> 
>> Does someone know how I can exclude this kind of line to be taken?
> 
> Based on rancid 3.6, i think this will filter it, lmk if it doesn't:
> 
> Index: bin/fnrancid.in
> ===================================================================
> --- bin/fnrancid.in	(revision 3536)
> +++ bin/fnrancid.in	(working copy)
> @@ -228,7 +228,7 @@
> 	    next;
> 	}
> 	# filter cycling password encryption
> -	if (/^(\s*set \S*)\s(enc\s\S+)(.*)/i &&
> +	if (/^(\s*set \S*( \d+)?)\s("?enc\s\S+"?)(.*)/i &&
> 	    ($filter_osc || $filter_pwds > 0)) {
> 	    ProcessHistory("ENC","","","#$1 ENC <removed> $3\n");
> 	    next;
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20161208/01a7f83a/attachment.html>


More information about the Rancid-discuss mailing list