[c-nsp] Audit tool for Cisco Config files

Lee ler762 at gmail.com
Fri Aug 28 13:15:51 EDT 2009


On 8/28/09, Bracey, John <JBracey at csuchico.edu> wrote:
> Thanks for all the helpful replies everybody.  Am looking into RAT and
> Nipper; both look promising.

Both RAT and Nipper are for security audits - last time I looked both
were useless for checking that <these> lines were in the config and
<those> lines weren't, much less checking for things like 'ip pim
sparse-mode' configured on an interface requires multicast routing to
be enabled as well as 'ip pim rp-addr' pointing to a valid RP [no, we
don't use auto-rp :] or having 'no service dhcp' and a helper address
configured on an interface is an error.

A co-worker reminded me about Cisco's Network Compliance Manager - it
supposedly can do all sorts of config checking against built-in
templates as well as user supplied templates.

Lee


More information about the cisco-nsp mailing list