RANCID

General Information

RANCID monitors a router’s (or more generally a device’s) configuration, including software and hardware (cards, serial numbers, etc) and uses CVS (Concurrent Version System) or Subversion to maintain history of changes.


Requirements

  1. FreeBSD box (mine is 6.2)
  2. Router’s with enable access
  3. Local root access on the box or be able to su to root.
  4. A SSH client such as puTTy or SecureCRT (if you are setting it up remotely)

Installation

Let’s install RANCID from ports:

 # cd /usr/ports/net-mgmt/rancid/ # make install clean 


Configuration

Copy the rancid.conf.sample to rancid.conf; Conf file is pretty well commented.

 # cp /usr/local/etc/rancid.conf.sample /usr/local/etc/rancid.conf 

I only uncomment the following:

 LIST_OF_GROUPS="networks" MAILDOMAIN="@yourdomain.tld"; export MAILDOMAIN 

Then create a “rancid” user account to run rancid.

 # pw user add rancid 

Let’s make sure the rancid is for rancid only.

 # chown -R rancid:rancid /usr/local/etc/rancid 

Now copy the cloginrc.sample to your ~rancid (rancid user) and then copy it to .cloginrc file. ugg bailey bow ugg homme Officiel Christian Louboutin basket nike ugg boot outlet ugg promo Then make sure again it’s for rancid only:

 # chown rancid:rancid .cloginrc # vi .cloginrc 

Here is an example on mine

add user * rancid will log in as the rancid user if the device uses a username prompt i.e. ffxiv gold nike air max command louboutin pas cher nike air max 2012 asics gel lyte 3 soldes tacacs+

 add password *-pix-fw add method *-pix-fw ssh 

The above will log into any host matching somehost-pix.fw as rancid with the above specified passwords

 add password specific-hosting-fw add method specific-hosting-fw ssh 

The above will log only into the firewall whose host is specific-hosting-fw as rancid with the above specified passwords

 # all our routers, i.e.: everything else add password * # set ssh encryption type, dflt: 3des add cyphertype * 

Then let’s try it.

 clogin [router IP] 

 [rancid@lab ~]$ /usr/local/libexec/rancid/clogin 10.0.0.1 10.0.0.1 spawn telnet 10.0.0.1 Trying 10.0.0.1...  asics soldes nike kwazi soldes nike air max 2016 soldes timberland earthkeepers bottes bns gold chaussures nike air max Connected to CISCO-1.  bottes ugg louboutin homme asics gel lyte v adidas nmd adidas zx 500 Escape character is '^]'.  nike air max femme basket new balance ugg boots bailey nike air max 2013 chaussures ugg femme CISCO-1 line 162 User Access Verification Username: rancid Password: CISCO-1>enable Password: CISCO-1# 

You might consider to link the clogin to /usr/sbin just a suggestion.

Now let’s set up the CVS… asics gel lyte 3 chaussure timberland pas cher nike huarache ugg pas cher asics nimbus do this with root

 # cd /usr/local/ # rm -fr var/rancid # mkdir /usr/local/var/rancid # chown -R rancid:rancid /usr/local/var/rancid 

Then logout as root and login as rancid user; run the cvs.

 $ /usr/local/bin/rancid-cvs 

You should see diff and logs is created in /usr/local/var/rancid

 CVS ---- CVS log logs ---- logs networks ---- created based on your group on rancid.conf 

Let’s add the router on the database…

 # vi /usr/local/var/rancid/networks/router.db 10.0.0.1:cisco:up /usr/local/bin/rancid-run 

Then check your email…

Speak Your Mind

*