Re: [rancid] Jon Lewis / FILTER_PWDS formatting issue

[Jon Lewis]

On Thu, 1 Feb 2024, Pan Affa wrote:

I have same problem.  You can modified lib/rancid/junos.pm as like the 
following:
AT LINE 676:

        #if (/^(\s+(pre-shared-|)key (ascii-text|hexadecimal) )[^ ;]+/ && 
$filter_pwds >= 1) {

        if (/^(.*(pre-shared-|)key (ascii-text|hexadecimal) )[^ ;]+/ && 
$filter_pwds >= 1) { #modify by affa@20201119

            ProcessHistory("","","","#$1<removed>$'\n"); #modify by 
affa@20201119

Thanks for the response.  I tried what you suggested, and found it solves 
the problem for "junos set" format configs, but it introduces an extra 
newline after each <removed> in junos formatted configs.

What I ended up doing, that appears to work for me for either junos 
formatted or "junos set" format is:

--- junos.pm.orig       2020-10-15 11:26:17.000000000 -0400
+++ junos.pm    2024-02-01 10:47:44.020716410 -0500
@@ -644,7 +644,7 @@
                    $_ = "$1$2 \"<removed>\"$3\n";
                }
        }
-       if (/(\s*authentication-key )[^ ;]+/ && $filter_pwds >= 1) {
+       if (/(.*authentication-key )[^ ;\n]+/ && $filter_pwds >= 1) {
            ProcessHistory("","","","#$1<removed>$'");
            next;
        }
@@ -661,7 +661,7 @@
            ProcessHistory("","","","$_");
            next;
        }
-       if (/^(.*\s(secret|simple-password) )[^ ;]+/ && $filter_pwds >= 1) {
+       if (/^(.*\s(secret|simple-password|privacy-key) )[^ ;\n]+/ && $filter_pwds 
>= 1) {
            ProcessHistory("","","","#$1<removed>$'");
            next;
        }
@@ -673,7 +673,7 @@
            ProcessHistory("","","","#$1<removed>;\n");
            next;
        }
-       if (/^(\s+(pre-shared-|)key (ascii-text|hexadecimal) )[^ ;]+/ && 
$filter_pwds >= 1) {
+        if (/^(.*(pre-shared-|)key (ascii-text|hexadecimal) )[^ ;\n]+/ && 
$filter_pwds >= 1) {
            ProcessHistory("","","","#$1<removed>$'");
            next;
        }

In the middle one, I added "|privacy-key" to the regex to also handle 
snmpv3 privacy-keys.

----------------------------------------------------------------------
 Jon Lewis, MCP :)              |  I route
 Blue Stream Fiber, Sr. Neteng  |  therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key________________________________________________________
Rancid-discuss mailing list
Rancid-discuss@www.shrubbery.net
https://www.shrubbery.net/mailman/listinfo/rancid-discuss