[rancid] FILTER_PWDS formatting issue
Jon Lewis
jlewis at lewis.org
Mon Jan 22 16:09:36 UTC 2024
Before I spend much more time investigating this, I wonder if this has
been solved since 3.13? Because I thought "display set" format would be
easier to parse for some config auditing that we'll be doing, I created a
new rancid type:
junosset;script;rancid -t junosset
junosset;login;jlogin
junosset;module;junos
junosset;inloop;junos::inloop
junosset;command;junos::ShowConfiguration;show configuration | display set
I then setup a new group of just our juniper gear, so we're backing up,
both the normal way and in another directory/git repo, the display set
format configs. An issue I've run into is password filtering is messing
up formatting. i.e.
set system tacplus-server 1.2.3.4 secret "<redacted from this email>"
set system tacplus-server 1.2.3.4 timeout 6
becomes
#set system tacplus-server 1.2.3.4 secret <removed>set system tacplus-server 1.2.3.4 timeout 6
i.e. the crypted secret is removed, but so is the trailing newline on that
line.
snmp v3 config gets even more munged.
set snmp v3 usm local-engine user snmpuser authentication-sha authentication-key "<redacted from this email>"
set snmp v3 usm local-engine user snmpuser privacy-aes128 privacy-key "<redacted from this email>"
becomes
# authentication-key <removed>set snmp v3 usm local-engine user snmpuser privacy-aes128 privacy-key "<redacted from this email>"
Here, a good part of the first line gets lost and again, the trailing
newline is lost, merging 2 lines of config into one.
----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
Blue Stream Fiber, Sr. Neteng | therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the Rancid-discuss
mailing list