Mailing List Archive: Weird commands on Cisco ASA

Weird commands on Cisco ASA

Aug 30, 2018, 1:14 PM

Post #1 of 3 (440 views)

Hello,

I have a firewall that has not been updated by rancid for a few days.

Upon investigation I did some testing from the server found this -

Looks like it is adding the command 'rancid' after it logs in.

This is my only device that does it, among the 50+ that rancid is polling.

[rancid@netwatch bin]$ ./clogin <hostname removed>
<hostname removed>
spawn ssh -c aes256-ctr -x -l rancid <hostname removed>
rancid@<hostname removed>'s password:
User rancid logged in to <hostname removed>
Logins over the last 78 days: 6800. Last login: 16:04:41 EDT Aug 30 2018 from <removed>
Failed logins since the last login: 0. Last failed login: 15:20:29 EDT Aug 30 2018 from <removed>
Type help or '?' for a list of available commands.
<hostname removed>> rancid
^
ERROR: % Invalid input detected at '^' marker.
<hostname removed>>
Error: Unrecognized command, check your enable command
rancid
^
ERROR: % Invalid input detected at '^' marker.
<hostname removed>> enable
Password:
Invalid password
Password:
Invalid password
Password:
Invalid password
Access denied.
<hostname removed>> exit

Logoff

Connection to <hostname removed> closed.
[rancid@netwatch bin]$

--
Michael T. Voity
Network Engineer
The University of Vermont

Re: Weird commands on Cisco ASA [ In reply to ]

heas at shrubbery

Aug 30, 2018, 1:20 PM

Post #2 of 3 (440 views)

Permalink

Thu, Aug 30, 2018 at 08:14:35PM +0000, Michael T. Voity:
> Hello,
>
> I have a firewall that has not been updated by rancid for a few days.
>
> Upon investigation I did some testing from the server found this -
>
> Looks like it is adding the command 'rancid' after it logs in.
>
> This is my only device that does it, among the 50+ that rancid is polling.
>
> [rancid@netwatch bin]$ ./clogin <hostname removed>
> <hostname removed>
> spawn ssh -c aes256-ctr -x -l rancid <hostname removed>
> rancid@<hostname removed>'s password:
> User rancid logged in to <hostname removed>
> Logins over the last 78 days: 6800. Last login: 16:04:41 EDT Aug 30 2018 from <removed>

please upgrade to rancid 3.8

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: Weird commands on Cisco ASA [ In reply to ]

weylin at bu

Aug 31, 2018, 1:21 PM

Post #3 of 3 (439 views)

Permalink

Might this be an issue for you?
http://www.shrubbery.net/pipermail/rancid-discuss/2018-January/010021.html
weylin

From: "Michael T. Voity" <mvoity@uvm.edu>
Date: Thursday, August 30, 2018 at 4:14 PM
To: "rancid-discuss@shrubbery.net" <rancid-discuss@shrubbery.net>
Subject: [rancid] Weird commands on Cisco ASA

Hello,

I have a firewall that has not been updated by rancid for a few days.

Upon investigation I did some testing from the server found this –

Looks like it is adding the command ‘rancid’ after it logs in.

This is my only device that does it, among the 50+ that rancid is polling.

[rancid@netwatch bin]$ ./clogin <hostname removed>
<hostname removed>
spawn ssh -c aes256-ctr -x -l rancid <hostname removed>
rancid@<hostname removed>'s password:
User rancid logged in to <hostname removed>
Logins over the last 78 days: 6800. Last login: 16:04:41 EDT Aug 30 2018 from <removed>
Failed logins since the last login: 0. Last failed login: 15:20:29 EDT Aug 30 2018 from <removed>
Type help or '?' for a list of available commands.
<hostname removed>> rancid
^
ERROR: % Invalid input detected at '^' marker.
<hostname removed>>
Error: Unrecognized command, check your enable command
rancid
^
ERROR: % Invalid input detected at '^' marker.
<hostname removed>> enable
Password:
Invalid password
Password:
Invalid password
Password:
Invalid password
Access denied.
<hostname removed>> exit

Logoff

Connection to <hostname removed> closed.
[rancid@netwatch bin]$

--
Michael T. Voity
Network Engineer
The University of Vermont