Compliance Rules - Cisco

Version 1

    Hey Guys,

     

    As many of you are already aware the Solarwinds product offers a way in which to make sure you network devices are compliant to your company or companies needs, be it for a standard or security.

    I have been creating multiple compliance rules and to be honest I think it's about time i shared one.

    This is one of my best compliance rules, that helps maintain any interface with a "Public IP" address on it, and applies the below.

    Disable IP Redirects / Unreachables & Proxy-Arp

     

    Here is the Regex details explained

    Search for any public IP Address, so ignores all private subnets 10.0.0.0/8, 172.16.0.0-172.31.0.0/16 and 192.168.0.0/16

    Regex string = (^\s(?=ip address ([0-9]\.|[0-9][1-9]\.|1[0-9][0-13-9]\.|1[0-689][0-9]\.[0-9]\.|1[0-689][0-9]\.[0-9][0-9]\.|1[0-689][0-9]\.[0-9][0-9][0-79]\.|2[0-145][0-9]\.|22[3]\.))).*\r\n

    If a public IP is found? apply "no ip redirects", "no ip unreachables" and "no ip proxy-arp".

    Ignore if the interface is in a "Shutdown" state.

     

    This searches all the interfaces except Management interfaces

    Regex String = ^(?!\s)interface (Giga|[Ee]ther|TenGiga|[Pp]ort-ch|[Vv]lan|[Tt]unnel).*|(Fast|Giga).*[^0|1]\n

     

    Finally the remediation script

     

    This will then apply the commands to all devices that have failed this compliance check.

    Hope you find this useful.