From owner-freebsd-isp Fri Mar 17 1: 8:56 2000 Delivered-To: freebsd-isp@freebsd.org Received: from bayer2.bayer-ag.de (bayer2.bayer-ag.de [194.120.191.2]) by hub.freebsd.org (Postfix) with SMTP id CB02937BC91 for ; Fri, 17 Mar 2000 01:08:48 -0800 (PST) (envelope-from andreas.klemm.ak@bayer-ag.de) Received: from BYE473.BAYER-AG.DE (bye473.bayer-ag.com) by bayer2.bayer-ag.de with SMTP id KAA24065 (SMTP Gateway 4.2 for ); Fri, 17 Mar 2000 10:08:26 +0100 Received: by BYE473.BAYER-AG.DE (Soft-Switch LMS 3.2) with snapi via MT0044 id 0006800021782823; Fri, 17 Mar 2000 10:09:14 +0100 From: andreas.klemm.ak@bayer-ag.de To: " - *up@3.am" Cc: " - *freebsd-isp@freebsd.org" Subject: Re: how to get .logout evaluated, when using remote copy (rc Message-Id: <0006800021782823000002L032*@MHS> Date: Fri, 17 Mar 2000 10:09:14 +0100 Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org BTW, excuse me for this ill mailer called Lotus Notes ... It makes quoting impossible and creates funny characters :-/ Because running a tftp server is insecure Even if you secure it with tcp_wrapper there remain still risks - permissions of config files have to be 666, otherwise you can%t write the file on the tftpserver - so other users may delete the files - There is a chance to overwrite the wrong file especially when using tftp with Cisco Catalyst 5xxx switches, which doesn%t offer you a default config name "name-confg". You have to type the complete filename in. So it might be possible, to overwrite the wrong config. Well, therefore I want to introduce rcp and Cisco Router can do this since a long time and Catalyst 5K switches can do it since 5.2 release. I need the logout feature to copy the config to a backup file with a time stamp in it. So this would be event triggered. Otherwise I had to do a script, that runs periodically and would have to check over 1000 machines.... This is a wastage of CPU cycles and you would have to make a compromise by running it at a time intervall of which you think that it catches even changes, that come in a relatively short sequence.... So rcp is the way to go and it would be cool, if a .logout could be executed. Or a new file .cshrcexit should be added.... So than you%d have for interactive logins: .login .logout And for simply shells .cshrc .cshrcexit up@3.am on 17.03.2000 01:42:27 An: Andreas Klemm/EXQEJ/CH/DE/BAYER@BAYERNOTES Kopie: freebsd-isp@freebsd.org@INTERNET Thema: Re: how to get .logout evaluated, when using remote copy (rc On Wed, 15 Mar 2000 andreas.klemm.ak@bayer-ag.de wrote: > Want to save my cisco router configs with rcp. > > Every router has an account of it%s own on the Unix host. > This prevents overwriting of configs. > > If the remote user on the Unix host has csh as shell, > I can make use of .cshrc, to set a secure umask (077). > > Now I want to make use of the .logout file to make a backup > of the router config after the rcp session terminates. > > But .logout will not be executed. > > Well, I think it makes a difference for csh if you have an interactive > or a remote session. > > Is there perhaps a way to fake something in .cshrc, to make csh think > it has to execute .logout after rcp ? Frankly, it's news to me that Ciscos support rcp (do they?). Why don't you just save the config using tftp? cisco# copy run tftp The man pages tell you all about tftp, but it's basically just a matter of uncommenting it in inetd, HUPing inetd, then mkdir /tftpboot touch /tftpboot/cisco-confg James Smallacombe PlantageNet, Inc. CEO and Janitor up@3.am http://3.am ========================================================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message