stig
stig copied to clipboard
nickrusso42518
Offline config file scanner to test for STIG compliance with flexible rule sets
I'm trying to create new rules and if I put anything under the "parent" flag, then it causes a pass. This is the rule code. ``` --- severity: 2 desc:...
Right now we have v14691a-v14691k or so to match each individual subnet that has to be blocked, so when the script runs I have to go back and consolidate 10ish...
AAA Server rule looks for exactly 2 and will false positive when using both radius and tax as servers
currently, some of the built in rules will only match interface types that meet the following pattern: parent: ^interface\s+GigabitEthernet0/[0-9]+$ However, IOS L3 devices have more interface naming conventions than this....
The script fails if there are 3 NTP servers because it is looking for exactly 2, for example. Add a field `text_compare` which can have values `min`, `max`, or `exact`...
Identify rules that are N/A or manual-only and create placeholder files for a more complete checklist. ``` --- severity: 2 desc: N/A test check: text: bogustext text_cnt: 1 parent: call-home...
Implement (experiment with) IPv6 rule checks based on the template now. It may not work. ``` --- severity: x desc: whatever check: text: whatever text_cnt: x parent: interface, acl, etc...
Metadata
Owner
Metadata
Offline config file scanner to test for STIG compliance with flexible rule sets