cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
203
Views
5
Helpful
1
Replies
Beginner

Minimum security baseline check

I have a list of Cisco configurations (see picture of excel sheet) to check whether they're enabled or disabled or set to my companies security standard.

 

I have been trying to compile a show command "script" to run on any device in the company at any point and see whether it meets the minimum security baseline or not. I put a sample of the way I've been doing it but I am not convinced it is the most ideal way as it relies on the search to show up properly. 

 

Is this the best way to verify this? Essentially it is for audit purposes to quickly see if it meets the criteria specified in the list.

 

msb reqs.png

 

Example: 

show run | i aaa auth
!
show run | i service password
!
show run | i secret
!
show run | i username
!
show run | i timeout
!
show run | i ip directed
!
show run | i source-route
!
show run | i snmp-server community
!
show run | i ip http se
!
show run | i ip bootp
!
show run | i ip identd
!

 

1 REPLY 1
Highlighted
VIP Advocate

Re: Minimum security baseline check

I believe that Cisco Prime Infrastructure is possibly a good solution for this. if you have it, then you need to spend some time creating the rules and templates that allows Prime to run a compliance check against all its archived configs to check whether it meets the criteria you need.  It's time consuming at first, but once working, it's pretty good.  You can even have it "fix" issues if things are out of compliance. it's been a while since I did this.  Again, this only helps if you have Prime ..