[c-nsp] Audit tool for Cisco Config files
Bracey, John
JBracey at csuchico.edu
Fri Aug 28 13:23:51 EDT 2009
Kewl! I'm downloading an eval copy as I write this. :)
-John Bracey
-----Original Message-----
From: Lee [mailto:ler762 at gmail.com]
Sent: Friday, August 28, 2009 10:16 AM
To: Bracey, John
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Audit tool for Cisco Config files
On 8/28/09, Bracey, John <JBracey at csuchico.edu> wrote:
> Thanks for all the helpful replies everybody. Am looking into RAT and
> Nipper; both look promising.
Both RAT and Nipper are for security audits - last time I looked both
were useless for checking that <these> lines were in the config and
<those> lines weren't, much less checking for things like 'ip pim
sparse-mode' configured on an interface requires multicast routing to
be enabled as well as 'ip pim rp-addr' pointing to a valid RP [no, we
don't use auto-rp :] or having 'no service dhcp' and a helper address
configured on an interface is an error.
A co-worker reminded me about Cisco's Network Compliance Manager - it
supposedly can do all sorts of config checking against built-in
templates as well as user supplied templates.
Lee
More information about the cisco-nsp
mailing list