topic Minimum Security Baseline Show command script? in Network Access Control https://community.cisco.com/t5/network-access-control/minimum-security-baseline-show-command-script/m-p/3936657#M547771 <P>I have a list of Cisco configurations (see picture of excel sheet) to check whether they're enabled or disabled or set to my companies security standard.</P><P>&nbsp;</P><P>I have been trying to compile a show command "script" to run on any device in the company at any point and see whether it meets the minimum security baseline or not.</P><P>&nbsp;</P><P>Is this the best way to verify this? Essentially it is for audit purposes to quickly see if the running config meets the criteria specified in the list. If anyone has any better methods I'd love to hear of them.&nbsp;</P><P>&nbsp;</P><P>Devices are mixed between nexus and ios &amp; both routers and switches will need to be checked. Many various models of them all as well.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="msb reqs.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/46354i9ADE61F787DB0474/image-size/large?v=v2&amp;px=999" role="button" title="msb reqs.png" alt="msb reqs.png" /></span></P><P>&nbsp;</P><P>Example:&nbsp;</P><PRE>show run | i aaa auth ! show run | i service password ! show run | i secret ! show run | i username ! show run | i timeout ! show run | i ip directed ! show run | i source-route ! show run | i snmp-server community ! show run | i ip http se ! show run | i ip bootp ! show run | i ip identd !</PRE><P>&nbsp;</P> Fri, 21 Feb 2020 19:10:37 GMT adamr1 2020-02-21T19:10:37Z Minimum Security Baseline Show command script? https://community.cisco.com/t5/network-access-control/minimum-security-baseline-show-command-script/m-p/3936657#M547771 <P>I have a list of Cisco configurations (see picture of excel sheet) to check whether they're enabled or disabled or set to my companies security standard.</P><P>&nbsp;</P><P>I have been trying to compile a show command "script" to run on any device in the company at any point and see whether it meets the minimum security baseline or not.</P><P>&nbsp;</P><P>Is this the best way to verify this? Essentially it is for audit purposes to quickly see if the running config meets the criteria specified in the list. If anyone has any better methods I'd love to hear of them.&nbsp;</P><P>&nbsp;</P><P>Devices are mixed between nexus and ios &amp; both routers and switches will need to be checked. Many various models of them all as well.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="msb reqs.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/46354i9ADE61F787DB0474/image-size/large?v=v2&amp;px=999" role="button" title="msb reqs.png" alt="msb reqs.png" /></span></P><P>&nbsp;</P><P>Example:&nbsp;</P><PRE>show run | i aaa auth ! show run | i service password ! show run | i secret ! show run | i username ! show run | i timeout ! show run | i ip directed ! show run | i source-route ! show run | i snmp-server community ! show run | i ip http se ! show run | i ip bootp ! show run | i ip identd !</PRE><P>&nbsp;</P> Fri, 21 Feb 2020 19:10:37 GMT https://community.cisco.com/t5/network-access-control/minimum-security-baseline-show-command-script/m-p/3936657#M547771 adamr1 2020-02-21T19:10:37Z