CIS Router Audit Tool - Project Underway to Update Config Rules
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings, I've recently begun updating the config rules for the CIS Router Audit Tool (RAT) distribution. For those who have never heard of RAT, it is a perl-based utility written by George M. Jones to audit router configurations. It can be used to audit virtually any text file by writing custom rules. Until now, the CIS RAT distribution did not support any Cisco Firewall configs beyond v6.x. I've added a new cisco-firewall config type that supports the latest Cisco PIX/ASA/FWSM configurations. The new rules are based on the CIS Benchmark for Cisco Firewall Devices v2.0 (NOV2007). They've only been tested on my own PIX/ASA/FWSM configurations. If anyone is interested in helping test and improve these rules before they're included in an official distribution, you can join the CIS Community Project - CIS Router Audit Tool at: http://cisecurity.org/en-us/?route=community.projects You can either checkout the latest from SVN or download one of the archives attached to the latest discusson "REQUESTED ACTION: Verify that RAT is able to consume your Cisco PIX, ASA, and FWSM configurations." Please post your results, comments, and questions to the CIS Router Audit Tool Community Project Discussions page along with pertinent information such as device model, OS version, and the rule names/numbers that were tested. Also include any other information that could be useful such as whether the firewall is in multi-context or transparent mode. For anyone wondering about Cisco IOS, soon we will also begin updating the cisco-ios config rules to better support newer IOS versions and bring the rules up to the latest CIS benchmark. I'd like to see other config types added, too, like JunOS for example. Essentially all it takes to write a RAT config-type for CIS is a benchmark, some patience, and the ability to write regular-expressions. If you're up for it, let me know. Regards, Michael Hertrick Neovera, Inc. - -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - - against proprietary attachments -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkuao7UACgkQcJVdtfpkLb+tVQCeLV6MWJAARiF7FG6NS1TnJ8lN aPQAn2KDSfJuDytYcgU24ZLnx8lY2WSk =S2BB -----END PGP SIGNATURE-----
participants (1)
-
Michael Hertrick