Friends,
I am trying to build a compliance rule to make sure that any router with BGP configured has a neighbor password set. I thought I had this nailed with the following:
RegEx Config Block Start: router bgp ?\d+
RegEx Config Block End: ^\w
Must Contain RegEx: neighbor .*. password
This works great, as long as you have only one neighbor. But in a case where there are multiple neighbors, how can I check that each one has a password set? For example:
router bgp 65535
bgp log-neighbor-changes
neighbor 10.10.1.1 remote-as 1234
neighbor 10.10.1.1 password 7 29WOSKXNDHFUR849384URJFGLSPQAZL
neighbor 10.10.10.1 remote-as 65535
neighbor 10.10.10.1 update-source Loopback0
neighbor 10.10.10.2 remote-as 65535
neighbor 10.10.10.2 update-source Loopback0
neighbor 10.10.10.3 remote-as 65535
neighbor 10.10.10.3 update-source Loopback0
This example shows compliant with the check I described above but clearly it isn't. Any ideas?
TIA,
Eric