Showing results for 
Search instead for 
Did you mean: 

Minimum security baseline check

I have a list of Cisco configurations (see picture of excel sheet) to check whether they're enabled or disabled or set to my companies security standard.


I have been trying to compile a show command "script" to run on any device in the company at any point and see whether it meets the minimum security baseline or not. I put a sample of the way I've been doing it but I am not convinced it is the most ideal way as it relies on the search to show up properly. 


Is this the best way to verify this? Essentially it is for audit purposes to quickly see if it meets the criteria specified in the list.


msb reqs.png



show run | i aaa auth
show run | i service password
show run | i secret
show run | i username
show run | i timeout
show run | i ip directed
show run | i source-route
show run | i snmp-server community
show run | i ip http se
show run | i ip bootp
show run | i ip identd


VIP Advocate

Re: Minimum security baseline check

I believe that Cisco Prime Infrastructure is possibly a good solution for this. if you have it, then you need to spend some time creating the rules and templates that allows Prime to run a compliance check against all its archived configs to check whether it meets the criteria you need.  It's time consuming at first, but once working, it's pretty good.  You can even have it "fix" issues if things are out of compliance. it's been a while since I did this.  Again, this only helps if you have Prime ..