Skip to content

Commit 052c730

Browse files
netpickermailsanjayhere
netpicker
and
mailsanjayhere
authored
renamed folders (#85)
* adding wireless tests * renamed vendor names --------- Co-authored-by: mailsanjayhere <mailsanjayhere@gmail.com>
1 parent c9fd206 commit 052c730

26 files changed

+336
-0
lines changed

tests/CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_1110_set_aaa_accounting_system.yml renamed to tests/CIS/cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_1110_set_aaa_accounting_system.yml

File renamed without changes.

tests/CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_111_enable_aaa_new_model.yml renamed to tests/CIS/cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_111_enable_aaa_new_model.yml

File renamed without changes.

tests/CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_112_enable_aaa_authentication_login.yml renamed to tests/CIS/cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_112_enable_aaa_authentication_login.yml

File renamed without changes.

tests/CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_113_enable_aaa_authentication_enable_default.yml renamed to tests/CIS/cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_113_enable_aaa_authentication_enable_default.yml

File renamed without changes.

tests/CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_114_set_login_authentication_for_line_vty.yml renamed to tests/CIS/cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_114_set_login_authentication_for_line_vty.yml

File renamed without changes.

tests/CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_115_set_login_authentication_for_ip_http.yml renamed to tests/CIS/cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_115_set_login_authentication_for_ip_http.yml

File renamed without changes.

tests/CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_116_set_aaa_accounting_to_log_all_privileged_use_commands.yml renamed to tests/CIS/cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_116_set_aaa_accounting_to_log_all_privileged_use_commands.yml

File renamed without changes.

tests/CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_117_set_aaa_accounting_connection.yml renamed to tests/CIS/cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_117_set_aaa_accounting_connection.yml

File renamed without changes.

tests/CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_118_set_aaa_accounting_exec.yml renamed to tests/CIS/cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_118_set_aaa_accounting_exec.yml

File renamed without changes.

tests/CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_119_set_aaa_accounting_network.yml renamed to tests/CIS/cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_119_set_aaa_accounting_network.yml

File renamed without changes.

tests/CIS/cisco_wlc/rule_110_delete_the_snmp_v3_user_name_default.yml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
defaults:
2+
devices:
3+
- ipaddress: 192.168.1.1
4+
platform: cisco_wlc
5+
tenant: default
6+
7+
tests:
8+
rule_110_delete_the_snmp_v3_user_name_default:
9+
- outcome: OK
10+
commands:
11+
show snmpv3user: SNMP v3 username AccessMode Authentication Encryption
12+
-------------------- ----------- -------------- ----------
13+
newadmin Read/Write HMAC-SHA CFB-AES
14+
- outcome: TESTS_FAILED
15+
commands:
16+
show snmpv3user: SNMP v3 username AccessMode Authentication Encryption
17+
-------------------- ----------- -------------- ----------
18+
default Read/Write HMAC-SHA CFB-AES

tests/CIS/cisco_wlc/rule_111_configure_an_authorized_ip_address_for_logging_syslog_host.yml

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
defaults:
2+
devices:
3+
- ipaddress: 192.168.1.1
4+
platform: cisco_wlc
5+
tenant: default
6+
7+
tests:
8+
rule_111_configure_an_authorized_ip_address_for_logging_syslog_host:
9+
- outcome: OK
10+
commands:
11+
show logging: Logging to syslog
12+
Number of remote syslog hosts.................. 1
13+
Host 0....................................... 10.10.10.10
14+
- outcome: TESTS_FAILED
15+
commands:
16+
show logging: Logging to syslog
17+
Number of remote syslog hosts.................. 0

tests/CIS/cisco_wlc/rule_112_configure_an_authorized_ip_address_for_ntp_server.yml

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
defaults:
2+
devices:
3+
- ipaddress: 192.168.1.1
4+
platform: cisco_wlc
5+
tenant: default
6+
7+
tests:
8+
rule_112_configure_an_authorized_ip_address_for_ntp_server:
9+
- outcome: OK
10+
commands:
11+
show time: Time............................................. Fri Feb 8 2019
12+
13+
Timezone delta................................... 0:0
14+
Timezone location................................
15+
16+
NTP Servers
17+
NTP Version.................................. 4
18+
19+
Index NTP Key NTP Server NTP Key Polling Intervals
20+
Index Type Max Min
21+
-----------------------------------------------------------
22+
1 1 192.168.100.254 MD5 10 6
23+
24+
NTPQ status list of NTP associations
25+
26+
assoc
27+
ind assid status conf reach auth condition last_event cnt src_addr
28+
===============================================================================
29+
1 1385 f63a yes yes ok sys.peer sys_peer 3 192.168.100.254
30+
- outcome: TESTS_FAILED
31+
commands:
32+
show time: Time............................................. Fri Feb 8 2019
33+
34+
Timezone delta................................... 0:0
35+
Timezone location................................

tests/CIS/cisco_wlc/rule_113_ensure_signature_processing_is_enabled.yml

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
defaults:
2+
devices:
3+
- ipaddress: 192.168.1.1
4+
platform: cisco_wlc
5+
tenant: default
6+
7+
tests:
8+
rule_113_ensure_signature_processing_is_enabled:
9+
- outcome: OK
10+
commands:
11+
show wps summary: Untrusted AP Policy
12+
Rogue Location Discovery Protocol.............. Disabled
13+
RLDP Action.................................. Alarm Only
14+
Rogue APs
15+
Rogues AP advertising my SSID................ Alarm Only
16+
Detect and report Ad-Hoc Networks............ Enabled
17+
Rogue Clients
18+
Validate rogue clients against AAA........... Enabled
19+
Detect trusted clients on rogue APs.......... Alarm Only
20+
Rogue AP timeout............................... 1300
21+
Signature Policy
22+
Signature Processing........................... Enabled
23+
- outcome: TESTS_FAILED
24+
commands:
25+
show wps summary: Untrusted AP Policy
26+
Rogue Location Discovery Protocol.............. Disabled
27+
RLDP Action.................................. Alarm Only
28+
Rogue APs
29+
Rogues AP advertising my SSID................ Alarm Only
30+
Detect and report Ad-Hoc Networks............ Enabled
31+
Rogue Clients
32+
Validate rogue clients against AAA........... Enabled
33+
Detect trusted clients on rogue APs.......... Alarm Only
34+
Rogue AP timeout............................... 1300
35+
Signature Policy
36+
Signature Processing........................... Disabled

tests/CIS/cisco_wlc/rule_114_enable_all_policies_for_wps_client_exclusion.yml

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
defaults:
2+
devices:
3+
- ipaddress: 192.168.1.1
4+
platform: cisco_wlc
5+
tenant: default
6+
7+
tests:
8+
rule_114_enable_all_policies_for_wps_client_exclusion:
9+
- outcome: OK
10+
commands:
11+
show wps summary: Client Exclusion Policy
12+
Excessive 802.11-association failures.......... Enabled
13+
Excessive 802.11-authentication failures....... Enabled
14+
Excessive 802.1x-authentication................ Enabled
15+
IP-theft....................................... Enabled
16+
Excessive Web authentication failure........... Enabled
17+
- outcome: TESTS_FAILED
18+
commands:
19+
show wps summary: Client Exclusion Policy
20+
Excessive 802.11-association failures.......... Disabled
21+
Excessive 802.11-authentication failures....... Disable
22+
Excessive 802.1x-authentication................ Disabled
23+
IP-theft....................................... Disabled
24+
Excessive Web authentication failure........... Disable

tests/CIS/cisco_wlc/rule_115_ensure_rogue_location_discovery_protocol_is_enabled.yml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
defaults:
2+
devices:
3+
- ipaddress: 192.168.1.1
4+
platform: cisco_wlc
5+
tenant: default
6+
7+
tests:
8+
rule_115_ensure_rogue_location_discovery_protocol_is_enabled:
9+
- outcome: OK
10+
commands:
11+
show rogue ap rldp summary: Rogue Location Discovery Protocol................ Enabled
12+
- outcome: TESTS_FAILED
13+
commands:
14+
show rogue ap rldp summary: Rogue Location Discovery Protocol................ Disabled

tests/CIS/cisco_wlc/rule_116_ensure_control_path_rate_limiting_is_enabled.yml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
defaults:
2+
devices:
3+
- ipaddress: 192.168.1.1
4+
platform: cisco_wlc
5+
tenant: default
6+
7+
tests:
8+
rule_116_ensure_control_path_rate_limiting_is_enabled:
9+
- outcome: OK
10+
commands:
11+
show advanced rate: Control Path Rate Limiting....................... Enabled
12+
- outcome: TESTS_FAILED
13+
commands:
14+
show advanced rate: Control Path Rate Limiting....................... Disabled

tests/CIS/Cisco_wireless/rule_11_install_the_latest_firmware.yml renamed to tests/CIS/cisco_wlc/rule_11_install_the_latest_firmware.yml

File renamed without changes.

tests/CIS/cisco_wlc/rule_12_ensure_password_strength_is_strong_for_configured_user_names.yml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
defaults:
2+
devices:
3+
- ipaddress: 192.168.1.1
4+
platform: cisco_wlc
5+
tenant: default
6+
7+
tests:
8+
rule_12_ensure_password_strength_is_strong_for_configured_user_names:
9+
- outcome: OK
10+
commands:
11+
show mgmtuser: User Name Permissions Description Password Strength
12+
----------------------- ------------ -------------- ------------------
13+
admin read-write Strong
14+
- outcome: TESTS_FAILED
15+
commands:
16+
show mgmtuser: User Name Permissions Description Password Strength
17+
----------------------- ------------ -------------- ------------------
18+
admin read-write Weak

tests/CIS/cisco_wlc/rule_13_delete_the_user_name_admin.yml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
defaults:
2+
devices:
3+
- ipaddress: 192.168.1.1
4+
platform: cisco_wlc
5+
tenant: default
6+
7+
tests:
8+
rule_13_delete_the_user_name_admin:
9+
- outcome: OK
10+
commands:
11+
show mgmtuser: User Name Permissions Description Password Strength
12+
----------------------- ------------ -------------- ------------------
13+
operator read-write Strong
14+
- outcome: TESTS_FAILED
15+
commands:
16+
show mgmtuser: User Name Permissions Description Password Strength
17+
----------------------- ------------ -------------- ------------------
18+
admin read-write Weak

tests/CIS/cisco_wlc/rule_14_ensure_telnet_is_disabled.yml

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
defaults:
2+
devices:
3+
- ipaddress: 192.168.1.1
4+
platform: cisco_wlc
5+
tenant: default
6+
7+
tests:
8+
rule_14_ensure_telnet_is_disabled:
9+
- outcome: OK
10+
commands:
11+
show network summary: RF-Network Name............................. RF
12+
Web Mode.................................... Disable
13+
Secure Web Mode............................. Enable
14+
Secure Web Mode Cipher-Option High.......... Disable
15+
Secure Web Mode Cipher-Option SSLv2......... Disable
16+
Secure Shell (ssh).......................... Enable
17+
Telnet...................................... Disable
18+
- outcome: TESTS_FAILED
19+
commands:
20+
show network summary: RF-Network Name............................. RF
21+
Web Mode.................................... Disable
22+
Secure Web Mode............................. Enable
23+
Secure Web Mode Cipher-Option High.......... Disable
24+
Secure Web Mode Cipher-Option SSLv2......... Disable
25+
Secure Shell (ssh).......................... Enable
26+
Telnet...................................... Enable

tests/CIS/cisco_wlc/rule_15_ensure_webmode_is_disabled.yml

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
defaults:
2+
devices:
3+
- ipaddress: 192.168.1.1
4+
platform: cisco_wlc
5+
tenant: default
6+
7+
tests:
8+
rule_15_ensure_webmode_is_disabled:
9+
- outcome: OK
10+
commands:
11+
show network summary: RF-Network Name............................. RF
12+
Web Mode.................................... Disable
13+
Secure Web Mode............................. Enable
14+
Secure Web Mode Cipher-Option High.......... Disable
15+
Secure Web Mode Cipher-Option SSLv2......... Disable
16+
Secure Shell (ssh).......................... Enable
17+
Telnet...................................... Disable
18+
- outcome: TESTS_FAILED
19+
commands:
20+
show network summary: RF-Network Name............................. RF
21+
Web Mode.................................... Enable
22+
Secure Web Mode............................. Enable
23+
Secure Web Mode Cipher-Option High.......... Disable
24+
Secure Web Mode Cipher-Option SSLv2......... Disable
25+
Secure Shell (ssh).......................... Enable
26+
Telnet...................................... Disable

tests/CIS/cisco_wlc/rule_16_disable_management_via_wireless_interface.yml

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
defaults:
2+
devices:
3+
- ipaddress: 192.168.1.1
4+
platform: cisco_wlc
5+
tenant: default
6+
7+
tests:
8+
rule_16_disable_management_via_wireless_interface:
9+
- outcome: OK
10+
commands:
11+
show network summary: RF-Network Name............................. RF
12+
Web Mode.................................... Disable
13+
Secure Web Mode............................. Enable
14+
Secure Web Mode Cipher-Option High.......... Disable
15+
Secure Web Mode Cipher-Option SSLv2......... Disable
16+
Secure Shell (ssh).......................... Enable
17+
Telnet...................................... Disable
18+
ARP Idle Timeout............................ 300 seconds
19+
ARP Unicast Mode............................ Disabled
20+
Cisco AP Default Master..................... Disable
21+
Mgmt Via Wireless Interface................. Disable
22+
Mgmt Via Dynamic Interface.................. Disable
23+
Bridge MAC filter Config.................... Enable
24+
Bridge Security Mode........................ EAP
25+
Over The Air Provisioning of AP's........... Enable
26+
- outcome: TESTS_FAILED
27+
commands:
28+
show network summary: RF-Network Name............................. RF
29+
Web Mode.................................... Disable
30+
Secure Web Mode............................. Enable
31+
Secure Web Mode Cipher-Option High.......... Disable
32+
Secure Web Mode Cipher-Option SSLv2......... Disable
33+
Secure Shell (ssh).......................... Enable
34+
Telnet...................................... Enable
35+
ARP Unicast Mode............................ Disabled
36+
Cisco AP Default Master..................... Disable
37+
Mgmt Via Wireless Interface................. Enable
38+
Mgmt Via Dynamic Interface.................. Disable

tests/CIS/cisco_wlc/rule_17_ensure_the_cli_login_timeout_is_less_than_or_equal.yml

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
defaults:
2+
devices:
3+
- ipaddress: 192.168.1.1
4+
platform: cisco_wlc
5+
tenant: default
6+
7+
tests:
8+
rule_17_ensure_the_cli_login_timeout_is_less_than_or_equal:
9+
- outcome: OK
10+
commands:
11+
show sessions: CLI Login Timeout (minutes)............ 5
12+
Maximum Number of CLI Sessions......... 5
13+
- outcome: TESTS_FAILED
14+
commands:
15+
show sessions: CLI Login Timeout (minutes)............ 0
16+
Maximum Number of CLI Sessions......... 5

tests/CIS/cisco_wlc/rule_18_ensure_snmp_v1_mode_is_disabled.yml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
defaults:
2+
devices:
3+
- ipaddress: 192.168.1.1
4+
platform: cisco_wlc
5+
tenant: default
6+
7+
tests:
8+
rule_18_ensure_snmp_v1_mode_is_disabled:
9+
- outcome: OK
10+
commands:
11+
show snmpversion: SNMP v1 Mode.................................... Disable
12+
SNMP v2c Mode.................................... Disable
13+
SNMP v3 Mode.................................. Enable
14+
- outcome: TESTS_FAILED
15+
commands:
16+
show snmpversion: SNMP v1 Mode.................................... Enable
17+
SNMP v2c Mode.................................. Enable
18+
SNMP v3 Mode.................................. Enable

tests/CIS/cisco_wlc/rule_19_ensure_snmp_v2c_mode_is_disabled.yml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
defaults:
2+
devices:
3+
- ipaddress: 192.168.1.1
4+
platform: cisco_wlc
5+
tenant: default
6+
7+
tests:
8+
rule_19_ensure_snmp_v2c_mode_is_disabled:
9+
- outcome: OK
10+
commands:
11+
show snmpversion: SNMP v1 Mode.................................... Disable
12+
SNMP v2c Mode.................................... Disable
13+
SNMP v3 Mode.................................. Enable
14+
- outcome: TESTS_FAILED
15+
commands:
16+
show snmpversion: SNMP v1 Mode.................................... Disable
17+
SNMP v2c Mode.................................... Enable
18+
SNMP v3 Mode.................................. Enable

0 commit comments

Comments
 (0)