[rancid] Fortigate OSPF MD5 key again

heasley heas at shrubbery.net
Tue Nov 28 19:59:35 UTC 2017 

Tue, Nov 28, 2017 at 02:42:46PM -0500, Gerhard Mourani:
> Hello,
> 
> I've relocated the ospf md5-keys filter definition before the rsa filter and this make it work.
> 
> @@ -224,7 +228,11 @@
>             ProcessHistory("","","","#$1 last-login <removed>\n");
>             next;
>         }
> -
> +        # filter ospf md5-keys
> +        if (/^(\s*set)\smd5-key\s(.)\s(.*)/ && $filter_osc) {
> +            ProcessHistory("","","","#$1 md5-key $2 <removed>\n");
> +            next;
> +        }
>         # filter cycling RSA private keys
>         if ($filter_osc &&
>             /^\s*set private-key "-----BEGIN (RSA|ENCRYPTED) PRIVATE KEY-----/) {
> @@ -247,11 +255,6 @@

i see; it was matching the filter that was prior to it; line 244.

>             ProcessHistory("ENC","","","#$1 ENC <removed> $4\n");
>             next;
>         }
> -       # filter ospf md5-keys
> -       if (/^(\s*set)\smd5-key\s(.)\s(.*)/ && $filter_osc) {
> -           ProcessHistory("","","","#$1 md5-key $2 <removed>\n");
> -           next;
> -       }
> 
>         ProcessHistory("","","","$_");
>      }
> 
> 
> > On Nov 28, 2017, at 11:34 AM, heasley <heas at shrubbery.net> wrote:
> > 
> > Thu, Nov 23, 2017 at 10:33:44AM -0500, Gerhard Mourani:
> >> 
> >> Hello,
> >> 
> >> In the pass, I've got problem related to OSPF MD5 Key with Fortigate devices who changed all time. See this post for more information about the problem -> http://www.shrubbery.net/pipermail/rancid-discuss/2016-December/009317.html <http://www.shrubbery.net/pipermail/rancid-discuss/2016-December/009317.html>
> >> 
> >> This seem to be fixed but come back with Rancid 3.7 and FortiGate version 5.4.6. Here some example of the annoying output:
> >> 
> >> @@ -44723,9 +44723,9 @@
> >>             unset md5-key
> >>             unset md5-key
> >>             unset md5-key
> >>             unset md5-key
> >> -             set md5-key 10 "ENC 3yV3M0T82oypXb4WPTZe5cgOe5az"
> >> +            set md5-key 10 "ENC ihw7GyiIM/c7Pj741Siec2vF/ahW"
> >>             unset md5-key
> >>             unset md5-key
> >>             unset md5-key
> >>             unset md5-key
> >> 
> >> Gerhard,
> > 
> > Does this work?
> > 
> > Index: bin/fnrancid.in
> > ===================================================================
> > --- bin/fnrancid.in	(revision 3734)
> > +++ bin/fnrancid.in	(working copy)
> > @@ -248,7 +248,7 @@
> > 	    next;
> > 	}
> > 	# filter ospf md5-keys
> > -	if (/^(\s*set)\smd5-key\s(.)\s(.*)/ && $filter_osc) {
> > +	if (/^(\s*set)\smd5-key\s(\d+)\s(.*)/ && $filter_osc) {
> > 	    ProcessHistory("","","","#$1 md5-key $2 <removed>\n");
> > 	    next;
> > 	}
> > 
>

More information about the Rancid-discuss mailing list