2 Feb 2011 11:25
Re: [rancid] rancid with Fortigate FG100A
Gavin McCullagh <gmccullagh <at> gmail.com>
2011-02-02 10:25:01 GMT
2011-02-02 10:25:01 GMT
Hi,
On Tue, 01 Feb 2011, Gavin McCullagh wrote:
> I'm also seeing the two RSA Private Keys changing regularly which is very
> odd. I'm not sure if that tells me something's odd about the firewall
> rather than about Rancid, but I'm seeing this on two different FG100A
> firewalls.
I have a request in with Fortinet to understand why this is.
In the meantime, I've written a small patch to strip the private key from
the config rancid keeps. It works, though I'm not yet sure if ignoring
this key is a sensible thing to do. If I get a decent answer from Fortinet
I'll pass it on here.
Gavin
--- fnrancid.v1 2011-02-01 23:25:13.000000000 +0000
+++ fnrancid 2011-02-01 23:40:34.000000000 +0000
<at> <at> -170,6 +170,7 <at> <at>
sub GetSystem {
print STDERR " In GetSystem: $_" if ($debug);
+ my $priv_key;
while (<INPUT>) {
tr/\015//d;
next if /^\s*$/;
<at> <at> -203,6 +204,11 <at> <at>
tr/\015//d;
next if /^\s*$/;
last if (/$prompt/);
+ # spot the start of an RSA private key
+ $priv_key = 1 if(/^\s*set private-key "-----BEGIN RSA PRIVATE KEY-----/);
+ # spot the end of an RSA private key
+ $priv_key = 0 && next if(/^\s*-----END RSA PRIVATE KEY-----"/);
+ next if($priv_key == 1);
# System time is fortigate extraction time
next if (/^\s*!System time:/);
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss <at> shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
RSS Feed