TOC & Recently Viewed

Recently Viewed Topics

Context Check to Verify SSH Access Control

The following is a simple .audit file that looks at all “line” configuration items using the “context” keyword and performs a regex to see if SSH access control is set.

<check_type: "Cisco">

 

<item>

type: CONFIG_CHECK

description: "Require SSH Access Control"

info: "Verify that management access to the device is restricted on all VTY lines."

context: "line .*"

item: "access-class [0-9]+ in"</item>

</item>

 

</check_type>

When running this command, the following output is expected from a compliant system:

"Require SSH Access Control" : [PASSED]

 

Verify that management access to the device is restricted on all VTY lines.

A failed audit would return the following output:

"Require SSH Access Control" : [FAILED]

 

Verify that management access to the device is restricted on all VTY lines.

 

- error message:

The following configuration is set:

line con 0

exec-timeout 5 0

no modem enable

 

Missing configuration: access-class [0-9]+ in

 

The following configuration is set:

line vty 0 4

exec-timeout 5 0

password 7 15010A1C142222362D

transport input ssh

 

Missing configuration: access-class [0-9]+ in

In the case above, there were two strings that matched the “context” keyword regex of “line .*”. Since neither line contained the “item” regex, the audit returned a “FAILED” message.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.