7.4     Compliance Rules Provided by Default


These are the complete set of rules provided by default.

• IOS Interface Auto-Duplex/Speed

  –  Violation if interface settings include followings:

    ∗ no ip address: Stop on match

    ∗ shutdown command: Stop on match

    ∗ duplex auto:Violation  if not matched

    ∗ speed auto: Violation  if not matched

• IOS Secure Enable Passwords

  –  Violation if not matched.

    ∗ Service password-encryption:

    ∗ enable secret: Violation  if not matched.

• IOS Telnet Restricted Access

  –  Violation if line vty setting:

    ∗ access-class :  Violation if no ”variables” matched

• IOS SSH-only Restricted Access

  –  In line vty settings,

    ∗ transport input ssh: violation if not matched

    ∗ transport input telnet: violation on matched

• IOS Disabled Unneeded Service

  –  Violation if the followings are not matched

    ∗ no service tcp-small-servers

    ∗ no service udp-small-servers

    ∗ no ip bootp server

    ∗ no service finger

    ∗ no ip source-route

    ∗ no ip identd

    ∗ no ip http server

• IOS Session Idle Timeout

  –  line vty Settings

    ∗ exec-timeout minutes: Violation  if no variables matched