Add files via upload

2022-05-28 09:26:55 +01:00 · 2022-05-28 09:26:55 +01:00 · c6250e7e26
parent b42d97fd49
commit c6250e7e26
7 changed files with 140 additions and 0 deletions
--- a/file/audit/cisco/configure-aaa-service.yaml
+++ b/file/audit/cisco/configure-aaa-service.yaml
@ -0,0 +1,20 @@
+id: configure-aaa-service
+
+info:
+  name: Configure AAA service
+  author: pussycat0x
+  severity: info
+  description: Authentication, authorization and accounting (AAA) services provide an authoritative source for managing and monitoring access for devices.
+  reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/sec-cr-a2.html#GUID-E05C2E00-C01E-4053-9D12-EC37C7E8EEC5
+  tags: cisco,config-audit,cisco-switch
+
+file:
+  - extensions:
+      - conf
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "aaa new-model"
+        negative: true
--- a/file/audit/cisco/configure-service-timestamps-debug.yaml
+++ b/file/audit/cisco/configure-service-timestamps-debug.yaml
@ -0,0 +1,20 @@
+id: configure-service-timestamps-debug
+
+info:
+  name: Configure Service Timestamps for Debug
+  author: pussycat0x
+  severity: info
+  description: To configure the system to time-stamp debugging or logging messages, use one of the service timestamps global configuration commands. Use the no form of this command to disable this service.
+  reference: https://www.cisco.com/E-Learning/bulk/public/tac/cim/cib/using_cisco_ios_software/cmdrefs/service_timestamps.htm
+  tags: cisco,config-audit,cisco-switch
+
+file:
+  - extensions:
+      - conf
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "service timestamps debug datetime msec show-timezone localtime"
+        negative: true
--- a/file/audit/cisco/configure-service-timestamps-logmessages.yaml
+++ b/file/audit/cisco/configure-service-timestamps-logmessages.yaml
@ -0,0 +1,20 @@
+id: configure-service-log-messages
+
+info:
+  name: Configure Service Timestamps Log Messages
+  author: pussycat0x
+  severity: info
+  description: To configure the system to time-stamp debugging or logging messages, use one of the service timestamps global configuration commands. Use the no form of this command to disable this service.
+  reference: https://www.cisco.com/E-Learning/bulk/public/tac/cim/cib/using_cisco_ios_software/cmdrefs/service_timestamps.htm
+  tags: cisco,config-audit,cisco-switch
+
+file:
+  - extensions:
+      - conf
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "service timestamps log datetime msec show-timezone localtime"
+        negative: true
--- a/file/audit/cisco/disable-ip-source-route.yaml
+++ b/file/audit/cisco/disable-ip-source-route.yaml
@ -0,0 +1,20 @@
+id: disable-ip-source-route
+
+info:
+  name: Disable IP source-route
+  author: pussycat0x
+  severity: info
+  description: Organizations should plan and implement network policies to ensure unnecessary services are explicitly disabled. The 'ip source-route' feature has been used in several attacks and should be disabled.
+  reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr/command/ipaddr-cr-book/ipaddr-i4.html#GUID-C7F971DD-358F-4B43-9F3E-244F5D4A3A93
+  tags: cisco,config-audit,cisco-switch
+
+file:
+  - extensions:
+      - conf
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "no ip source-route"
+        negative: true        
--- a/file/audit/cisco/disable-pad-service.yaml
+++ b/file/audit/cisco/disable-pad-service.yaml
@ -0,0 +1,20 @@
+id: disable-pad-service
+
+info:
+  name: Disable PAD service
+  author: pussycat0x
+  severity: info
+  description:  To reduce the risk of unauthorized access, organizations should implement a security policy restricting unnecessary services such as the 'PAD' service.
+  reference: http://www.cisco.com/en/US/docs/ios-xml/ios/wan/command/wan-s1.html#GUID-C5497B77-3FD4-4D2F-AB08-1317D5F5473B
+  tags: cisco,config-audit,cisco-switch
+
+file:
+  - extensions:
+      - conf
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "no service pad"
+        negative: true        
--- a/file/audit/cisco/enable-secret-for-password-user-and-.yaml
+++ b/file/audit/cisco/enable-secret-for-password-user-and-.yaml
@ -0,0 +1,20 @@
+id: enable-secret-for-user-and-password
+
+info:
+  name: Enable and User Password with Secret
+  author: pussycat0x
+  severity: info
+  description: To configure the system to time-stamp debugging or logging messages, use one of the service timestamps global configuration commands. Use the no form of this command to disable this service.
+  reference: https://www.cisco.com/E-Learning/bulk/public/tac/cim/cib/using_cisco_ios_software/cmdrefs/service_timestamps.htm
+  tags: cisco,config-audit,cisco-switch
+
+file:
+  - extensions:
+      - conf
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "enable secret"
+        negative: true        
--- a/file/audit/cisco/logging-enable.yaml
+++ b/file/audit/cisco/logging-enable.yaml
@ -0,0 +1,20 @@
+id: logging-enable
+
+info:
+  name: Logging enable
+  author: pussycat0x
+  severity: info
+  description: Enabling the Cisco IOS 'logging enable' command enforces the monitoring of technology risks for the organizations' network devices.
+  reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/config-mgmt/configuration/xe-16-6/config-mgmt-xe-16-6-book/cm-config-logger.pdf
+  tags: cisco,config-audit,cisco-switch
+
+file:
+  - extensions:
+      - conf
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "logging enable"
+        negative: true