• About

http://blog.fakrul.com

http://blog.fakrul.com

Tag Archives: RANCID

RANCID/WebSVN CentOS Howto

20 Wednesday Nov 2013

Posted by Fakrul Alam in My Work

≈ Leave a comment

Tags

centos, network management, RANCID, websvn

Note:
1. Commands preceded with “$” imply that you should execute the command as a general user – not as root.
2. Commands preceded with “#” imply that you should be working as the root user.

Install Rancid

# yum install rancid

Configuration

1. Edit /etc/rancid/rancid.conf

# vi /etc/rancid/rancid.conf

2. Find this line in rancid.conf:

#LIST_OF_GROUPS=”sl joebobisp”

And, underneath it add the following line:

LIST_OF_GROUPS=”bdnog”

We want to use Subversion for our Version Control System, and not CVS, so find the line with the parameter RCSSYS:

RCSSYS=cvs; export RCSSYS

And, change it to:

RCSSYS=svn; export RCSSYS

and the line with CVSROOT:

CVSROOT=$BASEDIR/CVS; export CVSROOT

And, change it to:

CVSROOT=$BASEDIR/svn; export CVSROOT

Note the lowercase “svn”. Now exit and save the file.

3. Change to the rancid user:

# su -s /bin/bash rancid

Check that you ARE the rancid user:

$ id

4. Create /var/rancid/.cloginrc

$ vi /var/rancid/.cloginrc
add user *.bdnog.org ssh_username
add password *.bdnog.org ssh_user_pass enable_pass
add method *.bdnog.org ssh

Note: You can also add IP address if you like to backup specific router/switch

add password 10.156.1.1 {user_password} {enable_password}

$ chown rancid:rancid /var/rancid/.cloginrc
$ chmod 600 /var/rancid/.cloginrc

5. Test login to the router of your group:

$ /usr/libexec/rancid/clogin rtrX.bdnog.org

[After successful execution, you will be login to router enable mode]

6. Initialize the SVN repository for rancid:

$ /usr/libexec/rancid/rancid-cvs

7. Create the router.db file:

$ vi /var/rancid/bdnog/router.db

Add this line. Replace X with your group no.

rtrX.bdnog.org:cisco:up

8. Run rancid!

$ /usr/libexec/rancid/rancid-run

9. Look at the configs. The backed up configs will be saved in /var/rancid/<GROUP_NAME>/configs. In our cases group name is “bdnog”:

$ cd /var/rancid/bdnog/configs
$ less rtrX.bdnog.org

10. Check the rancid log files:

$ cd /var/log/rancid
$ ls -ll

Email Alert Configuration

1. Edit /etc/rancid/rancid.conf

Add this to the /etc/aliases file: (group names have to be named rancid-admin-<group listed in rancid.conf file) and rancid-<group listed in rancid.conf file>)

# Groups for rancid
rancid-admin-all: noc@bdnog.org
rancid-all: noc@bdnog.org

Save the file and run

#newaliases

CRON Schedule

1. For automated backup, you can setup CRON schedule. Please note that cron need to configured under user RANCID.

# su -s /bin/bash rancid
# crontab -e
# m h dom mon dow command
0 0 * * * /usr/libexec/rancid/rancid-run g

Install WEBSVN

# yum install websvn

Configuration

1. Fix permissions. The web server must be able to read the SVN (Subversion) folder

# chgrp -R apache /var/rancid/svn
# chmod g+w -R /var/rancid/svn

2. Change ownership of web files:

# chown apache:apache /usr/share/websvn

3. Add the following virtual host entry to your apache configuration file /etc/httpd/conf.d/websvn.conf:

Alias /websvn /usr/share/websvn
<Directory /usr/share/websvn/>
DirectoryIndex index.php
Options FollowSymLinks
Options FollowSymLinks MultiViews
Order allow,deny
Allow from all
<IfModule mod_php4.c>
php_flag magic_quotes_gpc Off
php_flag track_vars On
</IfModule>
</Directory>

5. Reload apache and try to browse the websvn: http://<ip_address>/websvn.

Check you can access the WebSVN.

6. Now we add RANCID repository sites. Edit websvn configuration file.

# vi /usr/share/websvn/include/config.php

// Local repositories (without and with optional group):
//
$config->addRepository(‘BDNOG’, ‘file:///var/rancid/svn/’);

Access RANCID backup with webSVN

19 Tuesday Mar 2013

Posted by Fakrul Alam in Uncategorized

≈ Leave a comment

Tags

RANCID, ubuntu, websvn

1. Install WebSVN:

# apt-get install websvn

When asked for the “svn parent repositories” change the path to be: /var/lib/rancid/svn. Do the same when asked about “svn repositories”

2. Fix permissions. The web server must be able to read the SVN (Subversion) folder

# chgrp -R www-data /var/lib/rancid/svn
# chmod g+w -R /var/lib/rancid/svn

3. Change ownership of web files

# chown www-data:www-data /usr/local/websvn

4. Edit websvn configuration file:

# vi /usr/share/websvn/include/config.php
$config->addRepository(‘Routers’, ‘file:///var/lib/rancid/svn/’);

5. Add the following virtual host entry to your apache configuration file /etc/apache2/sites-enabled/000-default

# vi /etc/apache2/sites-enabled/000-default

Alias /websvn /usr/share/websvn
DirectoryIndex index.php
Options FollowSymLinks
deny from all
AllowOverride AuthConfig
Order deny,allow

php_flag magic_quotes_gpc Off
php_flag track_vars On

6. Reload apache and try to browse the websvn: http://hostname/websvn

Bellow is the screenshot how webSVN look like:

image

If you get error ““/var/lib/rancid/CVS/db/uuid’: Permission denied” the CVS directory is owned by the user rancid:rancid” try the following:

# usermod -a -G rancid www-data

Rancid for backup CISCO Configuration

14 Thursday Mar 2013

Posted by Fakrul Alam in Uncategorized

≈ Leave a comment

Tags

cisco, RANCID, ubuntu

1. Install Rancid

# apt-get install rancid

– It will prompt with a warning – Select and press ENTER to continue.
– It will give you another warning about making a backup copy of your rancid data. We have no data, so select and press ENTER to continue.

2. Edit /etc/rancid/rancid.conf

# vi /etc/rancid/rancid.conf

Find this line in rancid.conf:

#LIST_OF_GROUPS=”sl joebobisp”

And, underneath it add the following line:

LIST_OF_GROUPS=”all”

We want to use Subversion for our Version Control System, and not CVS, so find the line with the parameter RCSSYS:

RCSSYS=cvs; export RCSSYS

And, change it to:

RCSSYS=svn; export RCSSYS

and the line with CVSROOT:

CVSROOT=$BASEDIR/CVS; export CVSROOT

And, change it to:

CVSROOT=$BASEDIR/svn; export CVSROOT

Note the lowercase “svn”. Now exit and save the file.

3. Change to the rancid user

# su -s /bin/bash rancid

Check that you ARE the rancid user:

$ id

4. Create /var/lib/rancid/.cloginrc

# vi /var/lib/rancid/.cloginrc

Add the following two lines to the file:

add user *.domain.com ssh_username
add password *.domain.com ssh_user_pass enable_pass

$ chmod 600 /var/lib/rancid/.cloginrc

5. Test login to the router of your group

$ /var/lib/rancid/bin/clogin rtrX.domain.com

6. Initialize the SVN repository for rancid:

$ /usr/lib/rancid/bin/rancid-cvs

7. Create the router.db file

$ vi /var/lib/rancid/all/router.db

Add this line:

rtrX.domain.com:cisco:up
rtrY.domain.com:cisco:up

8. Run rancid!

$ /usr/lib/rancid/bin/rancid-run

9. Check the rancid log files

$ cd /var/lib/rancid/logs
$ ls -l

10. Look at the configs

$ cd /var/lib/rancid/all/configs
$ less rtrX.domain.com

Social

  • View rapappu’s profile on Twitter
  • View fakrulalam’s profile on LinkedIn
  • View fakrul’s profile on GitHub
  • View FakrulAlamPappu’s profile on Google+
  • View fakrulalam’s profile on Flickr

Twitter Updates

  • 1976 forming the modern-day #Vietnam 1971 #Bangladesh independence When we could see something like this happening… twitter.com/i/web/status/1… 4 days ago
  • The beauty is here #Keychron #K2 Mechanical Keyboard https://t.co/j5OVbpmvKi 5 days ago
  • blog.fitbit.com/2021-update/?u… #fitbit + #google https://t.co/X2g7HpIMvI 1 week ago
  • #DevNet Class of 2020. View my verified achievement from @learningatcisco. youracclaim.com/badges/bf864fa… 1 month ago
  • #pythonprogramminglanguage #python #pyenv towardsdatascience.com/how-to-set-up-… 1 month ago
  • wsj.com/articles/u-s-c… 1 month ago
  • bleepingcomputer.com/news/security/… 1 month ago
  • RT @GinNTTnet: Carriers, Internet-centric businesses and enterprises can prepare themselves to fight against #DDoS attacks. Download this w… 2 months ago
  • #LoRaWAN GPS payload is coming nicely to #AzureIotHub @GlobalNTT @CiscoDevNet #ntthackfest2020 https://t.co/VqYi7dMBoq 2 months ago
  • RT @GinNTTnet: Paolo Lucente @Paolo_Lucente from the #globalipnetwork division at @GlobalNTT will present this Monday Oct 12 at the Next Ho… 3 months ago
  • RT @bdNetOpGroup: Make sure we always "Learning from failures". Wanna know more? Please join bdnog.org/bdnog12/index.…. Because our very own… 3 months ago
  • RT @bdNetOpGroup: #bdNOG12 Panel Discussion: "Social CDN Business : Paid or Free". Make sure you register and join bdnog.org/bdnog12/index.…… 3 months ago
  • RT @teamcymru: #DDoS Attacks Hit 1 Tbps in #2020 #infosec bit.ly/2ZLmAlK https://t.co/Ezx3s5xVcw 4 months ago
  • github.blog/2020-09-10-ann… #msteams #github 4 months ago
  • I just backed Keychron K3 -Ultra-slim Compact Wireless Mechanical Keyboard on @Kickstarter kickstarter.com/projects/keytr… 4 months ago
Follow @rapappu

Tags

antismap antivirus automation Azure bangladesh BASH BASH Script BDCERT bgp bind ccsp centos CentOS mirror CERT CISA cisco Cyber Security ddos dhaka dhakacom DNS DNSSEC GSM intrusion detectoin system Intrusion prevention system ips IPv6 ISACA junos linux Looking Glass lxc lxc profile lxd mailqueue mailscanner Mail Server mailwatch Meraki mikrotik monitor mpls MPLS L3 VPN mysql My Work network network management nginx NSD observium OpenVPN perl PHP ping postfix Proxy PTA python RANCID Reading RPKI Shell Script sms sms server SNMP SSH Tutorial ubuntu Ubuntu Mirror Server Virtual Box vispan vmware websvn Youtube hack খামাখা

Blog at WordPress.com.