Dell OS10 Compliance Checks

Plugin ID: 275781

The Dell OS10 compliance plugin is designed to scan and audit Dell OS10 (SmartFabric OS10) network switch configurations. It performs compliance checks against security policies by analyzing device configurations either online (via SSH) or offline (from configuration files).

The plugin supports the following connection:

• Connecting directly to the OS10 target and pulling the full running configuration.

Learn more about the Dell OS10 compliance plugin:

• Check Type

• BANNER_CHECK

• CONFIG_CHECK and CONFIG_CHECK_NOT

• CMD_EXEC

Scan Requirements

Credentials

The plugin requires SSH credentials for online scanning. It currently does not require or support any escalation method.

Permissions and Commands

You must have sufficient permissions needed to run a show running-configuration command. Some audits may have requirements to run additional commands. To assist with configuration gathering, paging is disabled with the use of terminal length 0 before any commands are run from the compliance plugin.

Offline Scanning

The plugin supports offline scanning of OS10 configurations. No permissions or credentials are required for offline scanning, but the results produced will not be associated directly with any asset. Instead, the results display the name of the configuration filename in the Hosts field.

To run an offline scan, upload the OS10 configuration as a .txt file to the scan or policy.

To upload a file for offline scanning:

1. Log in to an existing OS10 target (for example, via SSH).

2. Run the following command:

   show running-configuration

3. Copy the output to a .txt file.

   Ensure the output captures the entire configuration from the first line of the header to the end of file marker (typically the prompt).

4. (Optional) To analyze multiple configurations, place each file in a .zip file.

5. In the scan or policy with the OS10 audit, upload the .txt or .zip file to OS10 config file(s).

6. Save and launch the scan or policy.