blob: f39f28382da8883eebcc81190b396c2f9f9b3b15 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
--- etc/rancid.conf.sample.in
+++ etc/rancid.conf.sample.in
@@ -42,7 +42,10 @@
RCSSYS=@RCSSYS@; export RCSSYS
#
# if ACLSORT is NO, access-lists will NOT be sorted.
-#ACLSORT=YES; export ACLSORT
+#
+#Gentoo - changing default to NO because access-list order matters in most instances
+#and many people expect to use rancid as a backup system
+ACLSORT=NO; export ACLSORT
#
# if NOPIPE is set, temp files will be used instead of a cmd pipe during
# collection from the router(s).
@@ -50,10 +53,16 @@
#
# FILTER_PWDS determines which passwords are filtered from configs by the
# value set (NO | YES | ALL). see rancid.conf(5).
-#FILTER_PWDS=YES; export FILTER_PWDS
+#
+#Gentoo - changing default to ALL; diffs are emailed and even the most secure
+#password hashes on most routers are easily brute-forceable with modern systems
+FILTER_PWDS=ALL; export FILTER_PWDS
#
# if NOCOMMSTR is set, snmp community strings will be stripped from the configs
-#NOCOMMSTR=YES; export NOCOMMSTR
+#
+#Gentoo - changing default to YES; diffs are emailed and SNMP communities
+#can be just as dangerous as passwords
+NOCOMMSTR=YES; export NOCOMMSTR
#
# How many times failed collections are retried (for each run) before
# giving up. Minimum: 1
|
GitWeb
