[rancid] Fortigate OSPF MD5 key
Gerhard Mourani
gmourani at gmail.com
Thu Dec 8 18:29:53 UTC 2016
It doesn't, I've md5-key + auth-password now! worse then before.
I'm using Rancid version 3.2.11 and here my original lines:
# filter cycling password encryption
if (/^\s*(set [^\s]*)\s(enc\s[^\s]+)(.*)/i && $filter_pwds > 0 ) {
ProcessHistory("ENC","","","#$1 ENC <removed> $3\n");
next;
}
Gerhard,
> On Dec 8, 2016, at 12:33 PM, heasley <heas at shrubbery.net> wrote:
>
> Thu, Dec 08, 2016 at 10:08:28AM -0500, Gerhard Mourani:
>> I've a small problem with Fortigate devices using OSPF with dynamic key. Every time a new check is made, new backup is generated because dynamic MD5 Key change and I get something like the following each time.
>>
>> set md5-key 10 "ENC 9RFKaZXxTsGOoGB9rTkLTLo3fdR2"
>>
>> Does someone know how I can exclude this kind of line to be taken?
>
> Based on rancid 3.6, i think this will filter it, lmk if it doesn't:
>
> Index: bin/fnrancid.in
> ===================================================================
> --- bin/fnrancid.in (revision 3536)
> +++ bin/fnrancid.in (working copy)
> @@ -228,7 +228,7 @@
> next;
> }
> # filter cycling password encryption
> - if (/^(\s*set \S*)\s(enc\s\S+)(.*)/i &&
> + if (/^(\s*set \S*( \d+)?)\s("?enc\s\S+"?)(.*)/i &&
> ($filter_osc || $filter_pwds > 0)) {
> ProcessHistory("ENC","","","#$1 ENC <removed> $3\n");
> next;
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20161208/01a7f83a/attachment.html>
More information about the Rancid-discuss
mailing list