TOC & Recently Viewed

Recently Viewed Topics

Context Check to Verify SSH Access Control

The following is a simple .audit file that looks at all “line” configuration items using the “context” keyword and performs a regex to see if SSH access control is set.

<check_type: "Cisco">

 

<item>

type: CONFIG_CHECK

description: "Require SSH Access Control"

info: "Verify that management access to the device is restricted on all VTY lines."

context: "line .*"

item: "access-class [0-9]+ in"</item>

</item>

 

</check_type>

When running this command, the following output is expected from a compliant system:

"Require SSH Access Control" : [PASSED]

 

Verify that management access to the device is restricted on all VTY lines.

A failed audit would return the following output:

"Require SSH Access Control" : [FAILED]

 

Verify that management access to the device is restricted on all VTY lines.

 

- error message:

The following configuration is set:

line con 0

exec-timeout 5 0

no modem enable

 

Missing configuration: access-class [0-9]+ in

 

The following configuration is set:

line vty 0 4

exec-timeout 5 0

password 7 15010A1C142222362D

transport input ssh

 

Missing configuration: access-class [0-9]+ in

In the case above, there were two strings that matched the “context” keyword regex of “line .*”. Since neither line contained the “item” regex, the audit returned a “FAILED” message.

Copyright 2017 - 2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.