RANCID
(enable on login) |
ArielGlenn (Talk | contribs) (will -> streber) |
||
| (3 intermediate revisions by one user not shown) | |||
| Line 1: | Line 1: | ||
| − | '''RANCID''' is a tool that can monitor configuration changes on network devices, and mail the diffs periodically. It's installed on [[ | + | '''RANCID''' is a tool that can monitor configuration changes on network devices, and mail the diffs periodically. It's installed on [[streber]] from the (rather alpha-quality) Debian/Ubuntu packages. |
| + | |||
| + | Rancid configuration is in <tt>/etc/rancid/</tt> and <tt>/var/lib/rancid/</tt>. | ||
== Equipment notes == | == Equipment notes == | ||
| Line 18: | Line 20: | ||
Also not available is the command <tt>write terminal</tt>. Unfortunately it's not possible to allow this command without also allowing "write memory". Therefore <tt>francid</tt> can be altered to use <tt>show run</tt> instead. | Also not available is the command <tt>write terminal</tt>. Unfortunately it's not possible to allow this command without also allowing "write memory". Therefore <tt>francid</tt> can be altered to use <tt>show run</tt> instead. | ||
| − | [[Category: | + | === Juniper === |
| + | The following configuration seems to work on JUNOS: | ||
| + | |||
| + | <pre> | ||
| + | system { | ||
| + | login { | ||
| + | class rancid { | ||
| + | permissions [ view view-configuration ]; | ||
| + | } | ||
| + | user rancid { | ||
| + | uid 2001; | ||
| + | class rancid; | ||
| + | authentication { | ||
| + | encrypted-password /* SECRET-DATA */; ## SECRET-DATA | ||
| + | } | ||
| + | } | ||
| + | } | ||
| + | } | ||
| + | </pre> | ||
| + | |||
| + | [[Category:Network]] | ||
Latest revision as of 15:27, 10 January 2012
RANCID is a tool that can monitor configuration changes on network devices, and mail the diffs periodically. It's installed on streber from the (rather alpha-quality) Debian/Ubuntu packages.
Rancid configuration is in /etc/rancid/ and /var/lib/rancid/.
[edit] Equipment notes
[edit] Foundry
For security reasons, rancid is given a specific user account rancid with read-only privileges, but (most) EXEC level commands work:
username rancid privilege 5 password .....
RANCID is configured to expect an enable prompt on login. Foundry switches need to be setup for this:
aaa authentication login default local enable aaa authentication login privilege-mode
However, RANCID disables output paging before executing commands, with skip-page-display. However this command is not available in privilege level 5 by default. Fix that:
privilege exec level 5 skip-page-display
Also not available is the command write terminal. Unfortunately it's not possible to allow this command without also allowing "write memory". Therefore francid can be altered to use show run instead.
[edit] Juniper
The following configuration seems to work on JUNOS:
system {
login {
class rancid {
permissions [ view view-configuration ];
}
user rancid {
uid 2001;
class rancid;
authentication {
encrypted-password /* SECRET-DATA */; ## SECRET-DATA
}
}
}
}
