|
|
S-267: Cisco Network Admission Control Shared Secret Vulnerability
|
|
rancid(1) General Commands Manual rancid(1) NAME
rancid - Cisco configuration filter SYNOPSIS
rancid [-dlV] (-f filename | hostname) DESCRIPTION
rancid is a perl(1) script which uses the login scripts (see clogin(1)) to login to a device, execute commands to display the configuration, etc, then filters the output for formatting, security, and so on. rancid's product is a file with the name of it's last argument plus the suffix .new. For example, hostname.new. There are complementary scripts for other platforms and/or manufacturers that are supported by rancid(1). Briefly, these are: agmrancid Cisco Anomaly Guard Module (AGM) arancid Alteon WebOS switches arrancid Arista Networks devices brancid Bay Networks (nortel) cat5rancid Cisco catalyst switches cssrancid Cisco content services switches erancid ADC-kentrox EZ-T3 mux f10rancid Force10 f5rancid F5 BigIPs fnrancid Fortinet Firewalls francid Foundry and HP procurve OEMs of Foundry hrancid HP Procurve Switches htranicd Hitachi Routers jerancid Juniper Networks E-series jrancid Juniper Networks mrancid MRTd mrvrancid MRV optical switches mtrancid Mikrotik routesrs nrancid Netscreen firewalls nsrancid Netscaler nxrancid Cisco Nexus boxes prancid Procket Networks rivrancid Riverstone rrancid Redback srancid SMC switch (some Dell OEMs) trancid Netopia sDSL/T1 routers tntrancid Lucent TNT xrancid Extreme switches xrrancid Cisco IOS-XR boxes zrancid Zebra routing software The command-line options are as follows: -V Prints package name and version strings. -d Display debugging information. -l Display somewhat less debugging information. -f rancid should interpret the next argument as a filename which contains the output it would normally collect from the device ( hostname) with clogin(1). SEE ALSO
control_rancid(1), clogin(1), rancid.conf(5) CAVEATS
Cisco IOS offers a DHCP server that maintains a text database which can be stored remotely or on local storage. If stored locally, the file changes constantly and causes constant diffs from rancid. If this file's name ('ip dhcp database') matches the regex dhcp_[^[:space:].].txt, it will be filtered. For Catalyst switches running CatOS, type cat5, the prompt must end with '>'. clogin(1) looks for '>' to determine when a login is successful. For example: cat5k> cat5k> enable Password: cat5k> (enable) rancid works on Cisco Catalyst 1900 series switches that are running Enterprise Edition software. This software provides a menu at connection time that allows a command line interface to be used by entering 'K' at the prompt. 26 April 2011 rancid(1)
