• State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 26 subscribers
  • Views 1478 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

How do you configure interface compliance rules

goodzhere

I am running into an issue when trying to track STIG compliance of Cisco devices using NCM.  Is there a way for me to write a rule that checks for a string on specific interface types?  Finding just the string in the configuration file does me no good.  I need to know if the string is on all or certain interface types.  If someone could give me an example, I would greatly appreciate it.  One example of what I am trying to do is:  If interface contains 'Interface Vlan' , config must contain 'no ip redirects'.  I can build the rule to identify this, but I cannot get it to remediate it.  If interface Vlan10 doesn't have it, I want the remediation script to add the correct config on it.

  • 0

    NCM also does not show which interface is in violation in the config file.  I have to search the config file each time.  There must be a way to automate the search and remediation script.

  • 0

    Hello Christopher,

    You can try with "search in block" option:

    Advanced Config Search(block search and/or search)


    String:

    \d.*\n(.*\n)*.*no\sip\sredirects

    (remember to choose RegEx expression)


    SEARCH CONFIG FILE/BLOCK: Config block

    Config block start: interface\sVlan

    Config block end: !

    (remember to choose RegEx expression)


    With this setting you can figure which interface should be configured.

    About script automation, maybe Config Change Templates will help.


    NCM.PNG


    Regards,

    Mateusz

  • 0 in reply to zyl

    Thank you very much.  This is exactly what I was looking for.  I have it working.  That is a good idea with the Config change template for correcting it.  I wish there was a way to select a config change template for the remediation.  I think I'll put that out there as a feature request.  If I had that, I could put a lot of STIG content out there for others to use too.

  • 0

    Do you know how I can do a rule to search for a string with multiple lines, such as a login banner with many lines, parenthesis, blank lines, and returns?  When I put a section of it in the String field, it still comes up as a violation that it is not contained in the the config when indeed it is in the config.  It works if I just look for one line at a time.  I need to ensure the correct banner is applied, so I need to check the whole thing at once.  

  • 0 in reply to goodzhere

    You should check if there is no additional "space" char after a line. You can also try with .* (dot and asterisk) before ending line (\n).

    Keep in mind that if you select RegEx expression in string, you must use backslash for escape special characters (e.g. parenthesis).

    Regards,

    Mateusz

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.