Fortinet RegEX help for DEK-Info keys

this is what I used to fix that

Dek-info: .*[\t\r\n\v\f]*-----END RSA PRIVATE KEY-----.*

Thank-you for the reply, but unfortunately these are still getting thru.

Would you be able to post your fortinet device template ?...and method of communication (SSH/SSH/TFTP).

Also what version of NCM are you currently running ?

Could the blank line be causing my issues ?  (blank line is located just below the dek-info line)

Thanks in advance.

Dave

Were you ever able to figure out a RegEx Key pattern to use to ignore the -----END RSA PRIVATE KEY----- issue you were having. I have the same issue and the patter mentioned above doesn't work me as well.

'Shot of mine' changes all the time so I keep getting a "change" notification and new backup file. Any help would be appreciated. :)

DEK-Info: DES-EDE3-CBC,72AC492485367CE6

1aRG85+As8ZoRWwYdIDQ4zLGa1BizR7t+55XomWWPaZ35ZXpLhaihTOlrZXUuiDP

qQUWw2nuNGD+rFrT7jlVIULr8wNXPL1jDAFEHLOBH3dBhj8mkSGbg/SevZfcrAjl

XlO+hPZ8OIHVnUXSxsL6Mn5otZPTGVVzC/pWgdvHUo4pcCclxBKCgehQxIwkvFWb

FDdP2kFU/5BYO2acX2dasykd4VpTaKdGy3wWOi8e8OADIjMVd80x2VQczcCCdUms

exP/759rbCmedhW9QC8CYA96nMXjWhnKxnhpEMatSpx42MB2tT3pA7LYnO+Ra7Fu

DG4JsiTN5VlyoimUYr/HGm7o2S0tauhgIVlT7er3cEANzZqUB5r/go9L9Tt3i3SB

IKv4vEhxQCSAEqmJ4m/cvXrAhspZNnR00v0tFd30HyWEUN7/S6Ph1dmjxgepUz1Y

m9rTx8lHCRN+jCgvknvJ77H0U8EInDbdYl1TG9lOrPdVv5VIx8O8fE76+D9t8ZBo

YwRIjGbj5OZ97Ndip9FLFZqXiLmDIdvsHKYJAy6SplSEVh/ZdnFF7DoDCMHHFt2d

/K7uV9p+bMJPGHjKH34LYEemkpCAuWlF3niVqQqzejnyIh5L+7Sk6kK0AskRM6Sc

askr/DQoidFYn4RkNtCUOTbFBplqddOlHmdxFM7f8UCG6CyxPFMQUNyi3m0StVHM

xUDNNeFX4dctl3/H0Otxh5B3qrz+nwa/hLQM3oAsN4Tivt4jojq/nYmSWxzzkMgm

3RGfqaBBU9LJzd8jNquWfDAYAKQI8wwgSCmfQw6eu8NZUuETZCAlOYgyupXUZKPw

al8QSjaHSxpmDPbWtecFBtSuDHj97H+pinaYNjdXPSYBbgz2rU0HYebuMTz6UkZX

UKxrzb8+0rfaWU/OPV150AJv46myDJJvZWVyv+XrUIIHH+3G2StiaFE8viWWCAdR

SXJyoWf1qMfyiJw3jEyfRaxt5T/+yV/vn/DjfhajVT3+U0OQlQEa5lWbBKQr8N4K

sIUos3tkdtSu/V4SOZdBwKGKnTrUSgj/nUtdjPyP0RKpot23zc1jj3y2xOrWoV/k

En2cjwZkmAfzQb3YQ2F8kgkdQUFeXgvvh+wRAk/ifc9vAN2gLVw8R5qqNs3FsMsf

fZzbNVXIb9UocvibhDE/x4Zhwr/ZUJZLFtQpTT6+tcW817Sxiwma+6K9yAxmLYwS

lVZlGFgpH2T/4sL1Sq38zC3iXRMgt/45ieQdo25T+p20nBnwh7fiIdKwjPgw4HsN

ZhKYVJIQVmRuMyy0I1QtfBT420etVmhN/iuKqMpNkpdodU5ydFEDgJok4TiSBxdw

K9enu3cs1O8gTRd46ZXva8wAjALVogwqC5S5DzJphEl8XN+EhTlULsx59uWpKZQ8

awpQGN5Kd3LfmxIjubFbc8XMZpleZGoHmdFS/HXNV0BotA0z2LUqCt4zIO4H5hvY

9R/2OcGW+lglCx6dTJXs7rrQjudOX5OnMZ5UY/rmxczY5Nqh24wUEUYYzg6qcnSX

R2ATpYdRJa+XYDlHNIL3Zg0SIA35raHw1Mxmp5O2RcHP9axRX1ZCmA==

-----END RSA PRIVATE KEY-----"

Nope, haven't figured it out.  Regex mentioned above (as you found out) doesn't work for me either.

Dave

Uggg! Well thank you for your response. I'm going to continue poking around with things for a bit. If I do happen to come up with something I'll be sure to let you know.

Thanks again!

We were able to use the following to accomplish this successfully...

set private-key "-----BEGIN RSA PRIVATE KEY-----.*[\t\r\n\v\f]*-----END RSA PRIVATE KEY-----.*

byrona

I am confused how any of the above are working without breaking real time detection.  The Diff util uses BRE only and it's line by line, there's no multiline matching ever.

Have you guys actually validated you didn't break real time change detection entirely?   I just want to ensure people don't see this thread and break stuff in their production environment considering this a closed answer.

Also, you would *most* likely need to use "\S" 64 times in a row since it's BRE and there are 64 non-white space characters per line, if there's no leading space ^\S first then 63 \S

I can't personally say that it's working.  My network team said that is what they used and that it's working as expected.  I will ask them to do a double check on it today and will let you know if they indicate that they have found any problems.

byrona No problem, see my edited comments. Honestly, I wouldn't want to try to account for this and I did give my best answer above to the problem.  Lastly, the last line is 56 characters, you would need to check multiple keys and ensure it's 64 and 56 only. 

Of final note, *IF* you happen to have a 56 or 64 non white space character line outside of this key, it will give a false match and ignore it.

You are correct, it did break things.  I will strike that comment from the books!