[rancid] FILTER_PWDS formatting issue

Jon Lewis jlewis at lewis.org
Mon Jan 22 16:09:36 UTC 2024


Before I spend much more time investigating this, I wonder if this has 
been solved since 3.13?  Because I thought "display set" format would be 
easier to parse for some config auditing that we'll be doing, I created a 
new rancid type:

junosset;script;rancid -t junosset
junosset;login;jlogin
junosset;module;junos
junosset;inloop;junos::inloop
junosset;command;junos::ShowConfiguration;show configuration | display set

I then setup a new group of just our juniper gear, so we're backing up, 
both the normal way and in another directory/git repo, the display set 
format configs.  An issue I've run into is password filtering is messing 
up formatting.  i.e.

set system tacplus-server 1.2.3.4 secret "<redacted from this email>"
set system tacplus-server 1.2.3.4 timeout 6

becomes

#set system tacplus-server 1.2.3.4 secret <removed>set system tacplus-server 1.2.3.4 timeout 6

i.e. the crypted secret is removed, but so is the trailing newline on that 
line.

snmp v3 config gets even more munged.

set snmp v3 usm local-engine user snmpuser authentication-sha authentication-key "<redacted from this email>"
set snmp v3 usm local-engine user snmpuser privacy-aes128 privacy-key "<redacted from this email>"

becomes

# authentication-key <removed>set snmp v3 usm local-engine user snmpuser privacy-aes128 privacy-key "<redacted from this email>"

Here, a good part of the first line gets lost and again, the trailing 
newline is lost, merging 2 lines of config into one.

----------------------------------------------------------------------
  Jon Lewis, MCP :)              |  I route
  Blue Stream Fiber, Sr. Neteng  |  therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________



More information about the Rancid-discuss mailing list