[rancid] Jon Lewis / FILTER_PWDS formatting issue

Jon Lewis jlewis at lewis.org
Thu Feb 1 15:55:49 UTC 2024 

On Thu, 1 Feb 2024, Pan Affa wrote:

> I have same problem.  You can modified lib/rancid/junos.pm as like the following:
> 
> AT LINE 676:
> 
>         #if (/^(\s+(pre-shared-|)key (ascii-text|hexadecimal) )[^ ;]+/ && $filter_pwds >= 1) {
> 
>         if (/^(.*(pre-shared-|)key (ascii-text|hexadecimal) )[^ ;]+/ && $filter_pwds >= 1) { #modify by affa at 20201119
> 
>             ProcessHistory("","","","#$1<removed>$'\n"); #modify by affa at 20201119

Thanks for the response.  I tried what you suggested, and found it solves 
the problem for "junos set" format configs, but it introduces an extra 
newline after each <removed> in junos formatted configs.

What I ended up doing, that appears to work for me for either junos 
formatted or "junos set" format is:

--- junos.pm.orig       2020-10-15 11:26:17.000000000 -0400
+++ junos.pm    2024-02-01 10:47:44.020716410 -0500
@@ -644,7 +644,7 @@
                     $_ = "$1$2 \"<removed>\"$3\n";
                 }
         }
-       if (/(\s*authentication-key )[^ ;]+/ && $filter_pwds >= 1) {
+       if (/(.*authentication-key )[^ ;\n]+/ && $filter_pwds >= 1) {
             ProcessHistory("","","","#$1<removed>$'");
             next;
         }
@@ -661,7 +661,7 @@
             ProcessHistory("","","","$_");
             next;
         }
-       if (/^(.*\s(secret|simple-password) )[^ ;]+/ && $filter_pwds >= 1) {
+       if (/^(.*\s(secret|simple-password|privacy-key) )[^ ;\n]+/ && $filter_pwds >= 1) {
             ProcessHistory("","","","#$1<removed>$'");
             next;
         }
@@ -673,7 +673,7 @@
             ProcessHistory("","","","#$1<removed>;\n");
             next;
         }
-       if (/^(\s+(pre-shared-|)key (ascii-text|hexadecimal) )[^ ;]+/ && $filter_pwds >= 1) {
+        if (/^(.*(pre-shared-|)key (ascii-text|hexadecimal) )[^ ;\n]+/ && $filter_pwds >= 1) {
             ProcessHistory("","","","#$1<removed>$'");
             next;
         }

In the middle one, I added "|privacy-key" to the regex to also handle 
snmpv3 privacy-keys.

----------------------------------------------------------------------
  Jon Lewis, MCP :)              |  I route
  Blue Stream Fiber, Sr. Neteng  |  therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

More information about the Rancid-discuss mailing list