id: disable-ip-source-route

info:
  name: Disable IP source-route
  author: pussycat0x
  severity: info
  description: |
      Organizations should plan and implement network policies to ensure unnecessary services are explicitly disabled. The 'ip source-route' feature has been used in several attacks and should be disabled.
  reference:
    - https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr/command/ipaddr-cr-book/ipaddr-i4.html#GUID-C7F971DD-358F-4B43-9F3E-244F5D4A3A93
  tags: cisco,config-audit,cisco-switch,router

file:
  - extensions:
      - conf

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "no ip source-route"
        negative: true