Merge pull request #16 from netpicker/netpicker-adding-linting

Netpicker adding linting

Author: netpicker

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_1110_set_aaa_accounting_system.py

@@ -1,22 +1,8 @@
 from comfy.compliance import low
 
-
 @low(
   name='rule_1110_set_aaa_accounting_system',
   platform=['cisco_ios', 'cisco_xe']
 )
-def rule_1110_set_aaa_accounting_system(configuration):
-    uri = (
-        "http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a1.html#GUID-0520BCEF-89FB-45"
-        "05-A5DF-D7F1389F1BBA"
-    )
-
-    remediation = (f"""
-    Remediation: hostname(config)#aaa accounting system [[default | list-name | guarantee -
-                 first] [start-stop | stop-only | none] [radius | group group-name]
-
-    References: {uri}
-
-    """)
-
-    assert 'aaa accounting system' in configuration, remediation
+def rule_1110_set_aaa_accounting_system(configuration,ref):
+    assert 'aaa accounting system' in configuration, ref

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_1110_set_aaa_accounting_system.ref

@@ -0,0 +1,9 @@
+.rule_1110_set_aaa_accounting_system:
+
+
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a1.html#GUID-0520BCEF-89FB-4505-A5DF-D7F1389F1BBA  Additional Information: When system accounting is used and the accounting server is unreachable at system startup time, the system will not be accessible for approximately two minutes.
+
+
+    Remediation:  Configure AAA accounting system. hostname(config)#aaa accounting system {default | list-name | guarantee- first} {start-stop | stop-only | none} {radius | group group-name}
+
+.

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_111_enable_aaa_new_model.py

@@ -1,8 +1,8 @@
-from comfy.compliance import *
+from comfy.compliance import medium
 
 @medium(
-    name='rule_111_enable_aaa_new_model',
-    platform=['cisco_ios', 'cisco_xe']
+  name='rule_111_enable_aaa_new_model',
+  platform=['cisco_ios', 'cisco_xe']
 )
-def rule_111_enable_aaa_new_model(configuration, ref):
+def rule_111_enable_aaa_new_model(configuration,ref):
     assert 'no aaa new-model' not in configuration, ref

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_111_enable_aaa_new_model.ref

@@ -1,5 +1,9 @@
 .rule_111_enable_aaa_new_model:
-    Reference:    http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a2.html#GUID-E05C2E00-C01E-4053-9D12-EC37C7E8EEC5
 
-    Remediation:  hostname(config)#aaa new-model
+
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a2.html#GUID-E05C2E00-C01E-4053-9D12-EC37C7E8EEC5 
+
+
+    Remediation:  Globally enable authentication, authorization and accounting (AAA) using the new- model command. hostname(config)#aaa new-model
+
 .

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_112_enable_aaa_authentication_login.py

@@ -2,21 +2,9 @@
 
 
 @medium(
-    name='rule_112_enable_aaa_authentication_login',
-    platform=['cisco_ios', 'cisco_xe']
+  name='rule_112_enable_aaa_authentication_login',
+  platform=['cisco_ios', 'cisco_xe']
 )
-def rule_112_enable_aaa_authentication_login(configuration):
-    uri = (
-        "http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a1.html#GUID-3DB1CC8A-4A98-40"
-        "0B-A906-C42F265C7EA2"
-    )
 
-    remediation = (f"""
-    Remediation: hostname(config)#aaa authentication login {{default | aaa_list_name}} [passwd -
- expiry] [method1] [method2]
-
-    References: {uri}
-
-    """)
-
-    assert 'aaa authentication login' in configuration, remediation
+def rule_112_enable_aaa_authentication_login(configuration,ref):
+    assert 'aaa authentication login' in configuration, ref

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_112_enable_aaa_authentication_login.ref

@@ -0,0 +1,9 @@
+.rule_112_enable_aaa_authentication_login:
+
+
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a1.html#GUID-3DB1CC8A-4A98-400B-A906-C42F265C7EA2  Additional Information: Only “the default method list is automatically applied to all interfaces except those that have a named method list explicitly defined. A defined method list overrides the default method list.” (1)
+
+
+    Remediation:  Configure AAA authentication method(s) for login authentication. hostname(config)#aaa authentication login {default | aaa_list_name} [passwd- expiry] [method1] [method2] 
+
+.

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_113_enable_aaa_authentication_enable_default.py

@@ -1,21 +1,8 @@
 from comfy.compliance import medium
 
-
 @medium(
   name='rule_113_enable_aaa_authentication_enable_default',
   platform=['cisco_ios', 'cisco_xe']
 )
-def rule_113_enable_aaa_authentication_enable_default(configuration):
-    uri = (
-        "http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a1.html#GUID-4171D649-2973-47"
-        "07-95F3-9D96971893D0"
-    )
-
-    remediation = (f"""
-    Remediation: hostname(config)#aaa authentication enable default {{method1}} enable
-
-    References: {uri}
-
-    """)
-
-    assert 'aaa authentication enable' in configuration, remediation
+def rule_113_enable_aaa_authentication_enable_default(configuration,ref):
+    assert 'aaa authentication enable' in configuration, ref

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_113_enable_aaa_authentication_enable_default.ref

@@ -0,0 +1,9 @@
+.rule_113_enable_aaa_authentication_enable_default:
+
+
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a1.html#GUID-4171D649-2973-4707-95F3-9D96971893D0 
+
+
+    Remediation:  Configure AAA authentication method(s) for enable authentication. hostname(config)#aaa authentication enable default {method1} enable
+
+.

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_114_set_login_authentication_for_line_vty_ted.py

@@ -1,19 +1,9 @@
+from comfy.compliance import medium
+
 @medium(
-    name='rule_114_set_login_authentication_for_line_vty_ted',
-    platform=['cisco_ios', 'cisco_xe'],
-    commands=dict(chk_con='show running-config | sec line con',chk_vty='show running-config | sec line vty')
+  name='rule_114_set_login_authentication_for_line_vty_ted',
+  platform=['cisco_ios', 'cisco_xe'],
+  commands=dict(chk_cmd='show running-config | sec line | incl login authentication')
 )
-def rule_114_set_login_authentication_for_line_vty_ted(commands):
-    uri = (
-        "http://www.cisco.com/en/US/docs/ios-xml/ios/security/d1/sec-cr-k1.html#GUID-297BDF33-4841-44"
-        "1C-83F3-4DA51C3C7284"
-    )
-
-    remediation = (f"""
-    Remediation: hostname(config-line)#login authentication {{default | aaa_list_name}}
-
-    References: {uri}
-
-    """)
-    assert 'login authentication' in commands.chk_con, remediation
-    assert 'login authentication' in commands.chk_vty, remediation
+def rule_114_set_login_authentication_for_line_vty_ted(commands,ref):
+    assert ' login authentication' in commands.chk_cmd, ref

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_114_set_login_authentication_for_line_vty_ted.ref

@@ -0,0 +1,9 @@
+.rule_114_set_login_authentication_for_line_vty:
+
+
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/d1/sec-cr-k1.html#GUID-297BDF33-4841-441C-83F3-4DA51C3C7284 
+
+
+    Remediation:  Configure management lines to require login using the default or a named AAA authentication list. This configuration must be set individually for all line types. hostname(config)#line vty {line-number} [<em>ending-line-number] hostname(config-line)#login authentication {default | aaa_list_name}
+
+.