Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1363
Views
0
Helpful
4
Replies

Cisco LMS 4: Compliance template

Go to solution
alex.dersch
Level 4
Level 4

‎08-16-2011 11:08 AM

Hello,

i'am having some issues with Compliance Templates. I'd like to check if there is a username privilege 15 password cisco123 in the config.

My problem is that in the config is the password scrambled. So i would like to to check if there is a username privilege 15 password <any value> in my config.

Any suggestions?

thanks

alex

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to alex.dersch

‎08-16-2011 10:37 PM

The encrypted value may be different, but my point is that if you test for compliance using one pattern, then deploy that same pattern, you will be sure that the user's password will be what you want.  You don't want to test with just some arbitrary value as you will not know if the user's password is the correct value.  The same is true for other credentials on the device.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee

‎08-16-2011 03:36 PM

What I do is take the encrypted password, and use that for my baseline.  If the password is the same on the device, then the encrypted value should be the same.  Therefore, do something like:

+ username USER privilege 15 password ENCRYPTED_PASSWORD

0 Helpful

Go to solution
alex.dersch
Level 4
Level 4
In response to Joe Clarke

‎08-16-2011 10:35 PM

Thanks for your feedback, i thought doing so already. But it seems there the hash is different on each machine.

1. Switch

username cwuser privilege 15 password 7 106C1C4A55434A3819

2. Switch

username cwuser privilege 15 password 7 112B0C564746533F11

Similar problems i have with snmp write communities, tacacs+ and radius keys. They all are  ***** in the LMS.

regards

Alex

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to alex.dersch

‎08-16-2011 10:37 PM

The encrypted value may be different, but my point is that if you test for compliance using one pattern, then deploy that same pattern, you will be sure that the user's password will be what you want.  You don't want to test with just some arbitrary value as you will not know if the user's password is the correct value.  The same is true for other credentials on the device.

0 Helpful

Go to solution
alex.dersch
Level 4
Level 4
In response to Joe Clarke

‎08-16-2011 11:04 PM

Thanks a lot. You helped me a lot.

0 Helpful
Customers Also Viewed These Support Documents