General Information
RANCID monitors a router's (or more generally a device's) configuration, including software and hardware (cards, serial numbers, etc) and uses CVS (Concurrent Version System) or Subversion to maintain history of changes.
Requirements
- FreeBSD box (mine is 6.2)
- Router's with enable access
- Local root access on the box or be able to su to root.
- A SSH client such as puTTy or SecureCRT (if you are setting it up remotely)
Installation
Let's install RANCID from ports:
#
# |
cd /usr/ports/net-mgmt/rancid/
make install clean |
Configuration
Copy the rancid.conf.sample to rancid.conf; Conf file is pretty well commented.
|
# |
cp /usr/local/etc/rancid.conf.sample /usr/local/etc/rancid.conf |
I only uncomment the following:
LIST_OF_GROUPS="networks"
MAILDOMAIN="@yourdomain.tld"; export MAILDOMAIN
|
Then create a "rancid" user account to run rancid.
Let's make sure the rancid is for rancid only.
|
# |
chown -R rancid:rancid /usr/local/etc/rancid |
Now copy the
cloginrc.sample to your
~rancid (rancid user) and then copy it to
.cloginrc file. Then make sure again it's for rancid only:
#
# |
chown rancid:rancid .cloginrc
vi .cloginrc |
Here is an example on mine
add user * rancid will log in as the rancid user if the device uses a username prompt i.e. tacacs+
add password *-pix-fw
add method *-pix-fw ssh
|
The above will log into any host matching somehost-pix.fw as rancid with the above specified passwords
add password specific-hosting-fw
add method specific-hosting-fw ssh
|
The above will log only into the firewall whose host is specific-hosting-fw as rancid with the above specified passwords
# all our routers, i.e.: everything else
add password *
# set ssh encryption type, dflt: 3des
add cyphertype *
|
Then let's try it.
[rancid@lab ~]$ /usr/local/libexec/rancid/clogin 10.0.0.1
10.0.0.1
spawn telnet 10.0.0.1
Trying 10.0.0.1...
Connected to CISCO-1.
Escape character is '^]'.
CISCO-1 line 162
User Access Verification
Username: rancid
Password:
CISCO-1>enable
Password:
CISCO-1#
|
You might consider to link the clogin to /usr/sbin just a suggestion.
Now let's set up the CVS... do this with root
#
#
#
# |
cd /usr/local/
rm -fr var/rancid
mkdir /usr/local/var/rancid
chown -R rancid:rancid /usr/local/var/rancid |
Then logout as root and login as rancid user; run the cvs.
|
$ |
/usr/local/bin/rancid-cvs |
You should see diff and logs is created in /usr/local/var/rancid
CVS ---- CVS log
logs ---- logs
networks ---- created based on your group on rancid.conf
|
Let's add the router on the database...
# vi /usr/local/var/rancid/networks/router.db
10.0.0.1:cisco:up
/usr/local/bin/rancid-run
|
Then check your email... If you received something then you're done.
Author: coolest
shonga_kerz at hotmail dot com
