On Thu, 1 Feb 2024, Pan Affa wrote:
> I have same problem. You can modified lib/rancid/junos.pm as like the following:
>
> AT LINE 676:
>
> #if (/^(\s+(pre-shared-|)key (ascii-text|hexadecimal) )[^ ;]+/ && $filter_pwds >= 1) {
>
> if (/^(.*(pre-shared-|)key (ascii-text|hexadecimal) )[^ ;]+/ && $filter_pwds >= 1) { #modify by affa@20201119
>
> ProcessHistory("","","","#$1<removed>$'\n"); #modify by affa@20201119
Thanks for the response. I tried what you suggested, and found it solves
the problem for "junos set" format configs, but it introduces an extra
newline after each <removed> in junos formatted configs.
What I ended up doing, that appears to work for me for either junos
formatted or "junos set" format is:
--- junos.pm.orig 2020-10-15 11:26:17.000000000 -0400
+++ junos.pm 2024-02-01 10:47:44.020716410 -0500
@@ -644,7 +644,7 @@
$_ = "$1$2 \"<removed>\"$3\n";
}
}
- if (/(\s*authentication-key )[^ ;]+/ && $filter_pwds >= 1) {
+ if (/(.*authentication-key )[^ ;\n]+/ && $filter_pwds >= 1) {
ProcessHistory("","","","#$1<removed>$'");
next;
}
@@ -661,7 +661,7 @@
ProcessHistory("","","","$_");
next;
}
- if (/^(.*\s(secret|simple-password) )[^ ;]+/ && $filter_pwds >= 1) {
+ if (/^(.*\s(secret|simple-password|privacy-key) )[^ ;\n]+/ && $filter_pwds >= 1) {
ProcessHistory("","","","#$1<removed>$'");
next;
}
@@ -673,7 +673,7 @@
ProcessHistory("","","","#$1<removed>;\n");
next;
}
- if (/^(\s+(pre-shared-|)key (ascii-text|hexadecimal) )[^ ;]+/ && $filter_pwds >= 1) {
+ if (/^(.*(pre-shared-|)key (ascii-text|hexadecimal) )[^ ;\n]+/ && $filter_pwds >= 1) {
ProcessHistory("","","","#$1<removed>$'");
next;
}
In the middle one, I added "|privacy-key" to the regex to also handle
snmpv3 privacy-keys.
----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
Blue Stream Fiber, Sr. Neteng | therefore you are
_________
http://www.lewis.org/~jlewis/pgp for PGP public key_________