Merge pull request #17 from netpicker/netpicker-adding-linting

added more  refs and modified pytests accordingly

Author: netpicker

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_112_enable_aaa_authentication_login.py

@@ -5,6 +5,5 @@
   name='rule_112_enable_aaa_authentication_login',
   platform=['cisco_ios', 'cisco_xe']
 )
-
 def rule_112_enable_aaa_authentication_login(configuration,ref):
     assert 'aaa authentication login' in configuration, ref

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_114_set_login_authentication_for_line_vty.py

@@ -0,0 +1,8 @@
+@medium(
+    name='rule_114_set_login_authentication_for_line_vty_ted',
+    platform=['cisco_ios', 'cisco_xe'],
+    commands=dict(chk_con='show running-config | sec line con',chk_vty='show running-config | sec line vty')
+)
+def rule_114_set_login_authentication_for_line_vty_ted(commands,ref):
+    assert 'login authentication' in commands.chk_con, ref
+    assert 'login authentication' in commands.chk_vty, ref

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_114_set_login_authentication_for_line_vty.ref

@@ -0,0 +1,9 @@
+.rule_114_set_login_authentication_for_line_vty:
+
+
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/d1/sec-cr-k1.html#GUID- 297BDF33-4841-441C-83F3-4DA51C3C7284 
+
+
+    Remediation:  Configure management lines to require login using the default or a named AAA authentication list. This configuration must be set individually for all line types. hostname(config)#line vty {line-number} [<em>ending-line-number] hostname(config-line)#login authentication {default | aaa_list_name}
+
+.

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_114_set_login_authentication_for_line_vty_ted.py

@@ -1,5 +1,6 @@
 from comfy.compliance import medium
 
+
 @medium(
   name='rule_115_set_login_authentication_for_ip_http_ed',
   platform=['cisco_ios', 'cisco_xe']

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_115_set_login_authentication_for_ip_http_ed.py renamed to CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_115_set_login_authentication_for_ip_http.py

@@ -0,0 +1,9 @@
+.rule_115_set_login_authentication_for_ip_http:
+
+
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/d1/sec-cr-k1.html#GUID- 297BDF33-4841-441C-83F3-4DA51C3C7284 
+
+
+    Remediation:  Configure management lines to require login using the default or a named AAA authentication list. This configuration must be set individually for all line types. hostname#(config)ip http secure-server hostname#(config)ip http authentication {default | _aaa\_list\_name_}
+
+.

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_115_set_login_authentication_for_ip_http.ref

@@ -2,13 +2,8 @@
 
 
 @medium(
-  name='rule_1210_set_http_secure_server_limit',
-  platform=['cisco_ios', 'cisco_xe']
+    name='rule_1210_set_http_secure_server_limit',
+    platform=['cisco_ios', 'cisco_xe']
 )
-def rule_1210_set_http_secure_server_limit(configuration):
-    remediation = (f"""
-    Remediation: hostname(config)#ip http max-connections 2
-
-    """)
-
-    assert 'ip http max-connections' in configuration, remediation
+def rule_1210_set_http_secure_server_limit(configuration,ref):
+    assert 'ip http max-connections' in configuration, ref

CIS/Cisco_ios/12_access_rules/rule_1210_set_http_secure_server_limit.py

@@ -0,0 +1,9 @@
+.rule_1210_set_http_secure_server_limit:
+
+
+    Reference:    
+
+
+    Remediation:  hostname(config)#ip http max-connections 2
+
+.

CIS/Cisco_ios/12_access_rules/rule_1210_set_http_secure_server_limit.ref

@@ -5,18 +5,7 @@
   name='rule_1211_set_exec_timeout_to_less_than_or_equal_to_10_min_on_ip',
   platform=['cisco_ios', 'cisco_xe']
 )
-def rule_1211_set_exec_timeout_to_less_than_or_equal_to_10_min_on_ip(configuration):
-    uri = (
-        "http://www.cisco.com/en/US/docs/ios-xml/ios/fundamentals/command/D_through_E.html#GUID-768"
-        "05E6F-9E89-4457-A9DC-5944C8FE5419"
-    )
-
-    remediation = (f"""
-    Remediation: ip http timeout-policy idle 600 life <nnnn> requests <nn>
-
-    References: {uri}
-
-    """)
+def rule_1211_set_exec_timeout_to_less_than_or_equal_to_10_min_on_ip(configuration,ref):
     if "no ip http" not in configuration:
         timeout_found = False
         for line in configuration:
@@ -25,10 +14,10 @@ def rule_1211_set_exec_timeout_to_less_than_or_equal_to_10_min_on_ip(configurati
                 if match:
                     timeout_found = True
                     seconds = int(match.group(1))
-                    assert seconds < 600, remediation
+                    assert seconds < 600, remediation,ref
         if not timeout_found:
-            assert False, remediation
+            assert False, remediation,ref
     else:
-        assert True, remeidation
+        assert True, remeidation,ref
 
 

CIS/Cisco_ios/12_access_rules/rule_1211_set_exec_timeout_to_less_than_or_equal_to_10_min_on_ip.py renamed to CIS/Cisco_ios/12_access_rules/rule_1211_set_exec_timeout_to_less_than_or_equal_to_10_min_on_ip_http.py

@@ -0,0 +1,10 @@
+.rule_1211_set_exec_timeout_to_less_than_or_equal_to_10_min_on_ip_http:
+
+
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/fundamentals/command/D_through_E.html#GUID-76805E6F-9E89-4457-A9DC-5944C8FE5419
+
+
+    Remediation:  Configure device timeout (10 minutes or less) to disconnect sessions after a fixed idle time. 
+                  ip http timeout-policy idle 600 life {nnnn} requests {nn}
+
+.