RANCID

From Wikitech
Jump to: navigation, search

RANCID is a tool that can monitor configuration changes on network devices, and mail the diffs periodically. It's installed on streber from the (rather alpha-quality) Debian/Ubuntu packages.

Rancid configuration is in /etc/rancid/ and /var/lib/rancid/.

Equipment notes

Foundry

For security reasons, rancid is given a specific user account rancid with read-only privileges, but (most) EXEC level commands work:

username rancid privilege 5 password .....

RANCID is configured to expect an enable prompt on login. Foundry switches need to be setup for this:

aaa authentication login default local enable
aaa authentication login privilege-mode

However, RANCID disables output paging before executing commands, with skip-page-display. However this command is not available in privilege level 5 by default. Fix that:

privilege exec level 5 skip-page-display

Also not available is the command write terminal. Unfortunately it's not possible to allow this command without also allowing "write memory". Therefore francid can be altered to use show run instead.

Juniper

The following configuration seems to work on JUNOS:

system {
    login {
        class rancid {
            permissions [ view view-configuration ];
        }
        user rancid {
            uid 2001;
            class rancid;
            authentication {
                encrypted-password /* SECRET-DATA */; ## SECRET-DATA
            }
        }
    }
}