Fix refs

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_1110_set_aaa_accounting_system.py

@@ -1,22 +1,8 @@
 from comfy.compliance import low
 
-
 @low(
   name='rule_1110_set_aaa_accounting_system',
   platform=['cisco_ios', 'cisco_xe']
 )
-def rule_1110_set_aaa_accounting_system(configuration):
-    uri = (
-        "http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a1.html#GUID-0520BCEF-89FB-45"
-        "05-A5DF-D7F1389F1BBA"
-    )
-
-    remediation = (f"""
-    Remediation: hostname(config)#aaa accounting system [[default | list-name | guarantee -
-                 first] [start-stop | stop-only | none] [radius | group group-name]
-
-    References: {uri}
-
-    """)
-
-    assert 'aaa accounting system' in configuration, remediation
+def rule_1110_set_aaa_accounting_system(configuration,ref):
+    assert 'aaa accounting system' in configuration, ref

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_1110_set_aaa_accounting_system.ref

@@ -0,0 +1,9 @@
+.rule_1110_set_aaa_accounting_system:
+
+
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a1.html#GUID-0520BCEF-89FB-4505-A5DF-D7F1389F1BBA  Additional Information: When system accounting is used and the accounting server is unreachable at system startup time, the system will not be accessible for approximately two minutes.
+
+
+    Remediation:  Configure AAA accounting system. hostname(config)#aaa accounting system {default | list-name | guarantee- first} {start-stop | stop-only | none} {radius | group group-name}
+
+.

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_111_enable_aaa_new_model.py

@@ -1,8 +1,8 @@
-from comfy.compliance import *
+from comfy.compliance import medium
 
 @medium(
-    name='rule_111_enable_aaa_new_model',
-    platform=['cisco_ios', 'cisco_xe']
+  name='rule_111_enable_aaa_new_model',
+  platform=['cisco_ios', 'cisco_xe']
 )
-def rule_111_enable_aaa_new_model(configuration, ref):
+def rule_111_enable_aaa_new_model(configuration,ref):
     assert 'no aaa new-model' not in configuration, ref

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_111_enable_aaa_new_model.ref

@@ -1,5 +1,9 @@
 .rule_111_enable_aaa_new_model:
-    Reference:    http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a2.html#GUID-E05C2E00-C01E-4053-9D12-EC37C7E8EEC5
 
-    Remediation:  hostname(config)#aaa new-model
+
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a2.html#GUID-E05C2E00-C01E-4053-9D12-EC37C7E8EEC5 
+
+
+    Remediation:  Globally enable authentication, authorization and accounting (AAA) using the new- model command. hostname(config)#aaa new-model
+
 .

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_112_enable_aaa_authentication_login.py

@@ -2,21 +2,8 @@
 
 
 @medium(
-    name='rule_112_enable_aaa_authentication_login',
-    platform=['cisco_ios', 'cisco_xe']
+  name='rule_112_enable_aaa_authentication_login',
+  platform=['cisco_ios', 'cisco_xe']
 )
-def rule_112_enable_aaa_authentication_login(configuration):
-    uri = (
-        "http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a1.html#GUID-3DB1CC8A-4A98-40"
-        "0B-A906-C42F265C7EA2"
-    )
-
-    remediation = (f"""
-    Remediation: hostname(config)#aaa authentication login {{default | aaa_list_name}} [passwd -
- expiry] [method1] [method2]
-
-    References: {uri}
-
-    """)
-
-    assert 'aaa authentication login' in configuration, remediation
+def rule_112_enable_aaa_authentication_login(configuration,ref):
+    assert 'aaa authentication login' in configuration, ref

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_112_enable_aaa_authentication_login.ref

@@ -0,0 +1,9 @@
+.rule_112_enable_aaa_authentication_login:
+
+
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a1.html#GUID-3DB1CC8A-4A98-400B-A906-C42F265C7EA2  Additional Information: Only “the default method list is automatically applied to all interfaces except those that have a named method list explicitly defined. A defined method list overrides the default method list.” (1)
+
+
+    Remediation:  Configure AAA authentication method(s) for login authentication. hostname(config)#aaa authentication login {default | aaa_list_name} [passwd- expiry] [method1] [method2] 
+
+.

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_113_enable_aaa_authentication_enable_default.py

@@ -1,21 +1,8 @@
 from comfy.compliance import medium
 
-
 @medium(
   name='rule_113_enable_aaa_authentication_enable_default',
   platform=['cisco_ios', 'cisco_xe']
 )
-def rule_113_enable_aaa_authentication_enable_default(configuration):
-    uri = (
-        "http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a1.html#GUID-4171D649-2973-47"
-        "07-95F3-9D96971893D0"
-    )
-
-    remediation = (f"""
-    Remediation: hostname(config)#aaa authentication enable default {{method1}} enable
-
-    References: {uri}
-
-    """)
-
-    assert 'aaa authentication enable' in configuration, remediation
+def rule_113_enable_aaa_authentication_enable_default(configuration,ref):
+    assert 'aaa authentication enable' in configuration, ref

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_113_enable_aaa_authentication_enable_default.ref

@@ -0,0 +1,9 @@
+.rule_113_enable_aaa_authentication_enable_default:
+
+
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a1.html#GUID-4171D649-2973-4707-95F3-9D96971893D0 
+
+
+    Remediation:  Configure AAA authentication method(s) for enable authentication. hostname(config)#aaa authentication enable default {method1} enable
+
+.

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_114_set_login_authentication_for_line_vty.py

@@ -0,0 +1,8 @@
+@medium(
+    name='rule_114_set_login_authentication_for_line_vty_ted',
+    platform=['cisco_ios', 'cisco_xe'],
+    commands=dict(chk_con='show running-config | sec line con',chk_vty='show running-config | sec line vty')
+)
+def rule_114_set_login_authentication_for_line_vty_ted(commands,ref):
+    assert 'login authentication' in commands.chk_con, ref
+    assert 'login authentication' in commands.chk_vty, ref

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_114_set_login_authentication_for_line_vty.ref

@@ -0,0 +1,9 @@
+.rule_114_set_login_authentication_for_line_vty:
+
+
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/d1/sec-cr-k1.html#GUID- 297BDF33-4841-441C-83F3-4DA51C3C7284 
+
+
+    Remediation:  Configure management lines to require login using the default or a named AAA authentication list. This configuration must be set individually for all line types. hostname(config)#line vty {line-number} [<em>ending-line-number] hostname(config-line)#login authentication {default | aaa_list_name}
+
+.

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_114_set_login_authentication_for_line_vty_ted.ref

@@ -0,0 +1,9 @@
+.rule_114_set_login_authentication_for_line_vty:
+
+
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/d1/sec-cr-k1.html#GUID-297BDF33-4841-441C-83F3-4DA51C3C7284 
+
+
+    Remediation:  Configure management lines to require login using the default or a named AAA authentication list. This configuration must be set individually for all line types. hostname(config)#line vty {line-number} [<em>ending-line-number] hostname(config-line)#login authentication {default | aaa_list_name}
+
+.

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_115_set_login_authentication_for_ip_http.py

@@ -0,0 +1,9 @@
+from comfy.compliance import medium
+
+
+@medium(
+  name='rule_115_set_login_authentication_for_ip_http_ed',
+  platform=['cisco_ios', 'cisco_xe']
+)
+def rule_115_set_login_authentication_for_ip_http_ed(configuration,ref):
+    assert 'ip http authentication' in configuration, ref

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_115_set_login_authentication_for_ip_http.ref

@@ -0,0 +1,9 @@
+.rule_115_set_login_authentication_for_ip_http:
+
+
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/d1/sec-cr-k1.html#GUID- 297BDF33-4841-441C-83F3-4DA51C3C7284 
+
+
+    Remediation:  Configure management lines to require login using the default or a named AAA authentication list. This configuration must be set individually for all line types. hostname#(config)ip http secure-server hostname#(config)ip http authentication {default | _aaa\_list\_name_}
+
+.

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_115_set_login_authentication_for_ip_http_ed.ref

@@ -0,0 +1,9 @@
+.rule_115_set_login_authentication_for_ip_http:
+
+
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/d1/sec-cr-k1.html#GUID-297BDF33-4841-441C-83F3-4DA51C3C7284 
+
+
+    Remediation:  Configure management lines to require login using the default or a named AAA authentication list. This configuration must be set individually for all line types. hostname#(config)ip http secure-server hostname#(config)ip http authentication {default | _aaa\_list\_name_}
+
+.

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_116_set_aaa_accounting_to_log_all_privileged_use_commands.py

@@ -1,15 +1,8 @@
 from comfy.compliance import low
 
-
 @low(
   name='rule_116_set_aaa_accounting_to_log_all_privileged_use_commands',
   platform=['cisco_ios', 'cisco_xe']
 )
-def rule_116_set_aaa_accounting_to_log_all_privileged_use_commands(configuration):
-    remediation = (f"""
-    Remediation: hostname(config)#aaa accounting commands 15 {{default | list-name | guarantee -
-                 first} {start-stop | stop-only | none} {radius | group group-name}
-
-    """)
-
-    assert 'aaa accounting commands' in configuration, remediation
+def rule_116_set_aaa_accounting_to_log_all_privileged_use_commands(configuration,ref):
+    assert 'aaa accounting commands' in configuration, ref

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_116_set_aaa_accounting_to_log_all_privileged_use_commands.ref

@@ -0,0 +1,9 @@
+.rule_116_set_aaa_accounting_to_log_all_privileged_use_commands_using_commands_15:
+
+
+    Reference:    Additional Information: Valid privilege level entries are integers from 0 through 15. 
+
+
+    Remediation:  Configure AAA accounting for commands. hostname(config)#aaa accounting commands 15 {default | list-name | guarantee- first} {start-stop | stop-only | none} {radius | group group-name}
+
+.

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_117_set_aaa_accounting_connection.py

@@ -1,21 +1,8 @@
 from comfy.compliance import low
 
-
 @low(
   name='rule_117_set_aaa_accounting_connection',
   platform=['cisco_ios', 'cisco_xe']
 )
-def rule_117_set_aaa_accounting_connection(configuration):
-    uri = (
-        "http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a1.html#GUID-0520BCEF-89FB-45"
-        "05-A5DF-D7F1389F1BBA"
-    )
-
-    remediation = (f"""
-    Remediation: hostname(config)#aaa accounting connection [[default | list-name | guarantee -
-                 first] [start-stop | stop-only | none] [radius | group group-name]
-    References: [uri]
-
-    """)
-
-    assert 'aaa accounting connection' in configuration, remediation
+def rule_117_set_aaa_accounting_connection(configuration,ref):
+    assert 'aaa accounting connection' in configuration, ref

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_117_set_aaa_accounting_connection.ref

@@ -0,0 +1,9 @@
+.rule_117_set_aaa_accounting_connection:
+
+
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a1.html#GUID-0520BCEF-89FB-4505-A5DF-D7F1389F1BBA 
+
+
+    Remediation:  Configure AAA accounting for connections. hostname(config)#aaa accounting connection {default | list-name | guarantee- first} {start-stop | stop-only | none} {radius | group group-name}
+
+.

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_118_set_aaa_accounting_exec.py

@@ -1,22 +1,8 @@
 from comfy.compliance import low
 
-
 @low(
   name='rule_118_set_aaa_accounting_exec',
   platform=['cisco_ios', 'cisco_xe']
 )
-def rule_118_set_aaa_accounting_exec(configuration):
-    uri = (
-        "http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a1.html#GUID-0520BCEF-89FB-45"
-        "05-A5DF-D7F1389F1BBA"
-    )
-
-    remediation = (f"""
-    Remediation: hostname(config)#aaa accounting exec [[default | list-name | guarantee-first]]
-                 [start-stop | stop-only | none] [radius | group group-name]
-
-    References: [uri]
-
-    """)
-
-    assert 'aaa accounting exec' in configuration, remediation
+def rule_118_set_aaa_accounting_exec(configuration,ref):
+    assert 'aaa accounting exec' in configuration, ref

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_118_set_aaa_accounting_exec.ref

@@ -0,0 +1,9 @@
+.rule_118_set_aaa_accounting_exec:
+
+
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a1.html#GUID-0520BCEF-89FB-4505-A5DF-D7F1389F1BBA 
+
+
+    Remediation:  Configure AAA accounting for EXEC shell session. hostname(config)#aaa accounting exec {default | list-name | guarantee-first} {start-stop | stop-only | none} {radius | group group-name}
+
+.

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_119_set_aaa_accounting_network.py

@@ -1,22 +1,8 @@
 from comfy.compliance import low
 
-
 @low(
   name='rule_119_set_aaa_accounting_network',
   platform=['cisco_ios', 'cisco_xe']
 )
-def rule_119_set_aaa_accounting_network(configuration):
-    uri = (
-        "http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a1.html#GUID-0520BCEF-89FB-45"
-        "05-A5DF-D7F1389F1BBA"
-    )
-
-    remediation = (f"""
-    Remediation: hostname(config)#aaa accounting network [[default | list-name | guarantee -
-                 first] [start-stop | stop-only | none] [radius | group group-name]
-
-    References: {uri}
-
-    """)
-
-    assert 'aaa accounting network' in configuration, remediation
+def rule_119_set_aaa_accounting_network(configuration,ref):
+    assert 'aaa accounting network' in configuration, ref

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_119_set_aaa_accounting_network.ref

@@ -0,0 +1,9 @@
+.rule_119_set_aaa_accounting_network:
+
+
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a1.html#GUID-0520BCEF-89FB-4505-A5DF-D7F1389F1BBA 
+
+
+    Remediation:  Configure AAA accounting for connections. hostname(config)#aaa accounting network {default | list-name | guarantee- first} {start-stop | stop-only | none} {radius | group group-name}
+
+.

CIS/Cisco_ios/12_access_rules/rule_1210_set_http_secure_server_limit.py

@@ -2,13 +2,8 @@
 
 
 @medium(
-  name='rule_1210_set_http_secure_server_limit',
-  platform=['cisco_ios', 'cisco_xe']
+    name='rule_1210_set_http_secure_server_limit',
+    platform=['cisco_ios', 'cisco_xe']
 )
-def rule_1210_set_http_secure_server_limit(configuration):
-    remediation = (f"""
-    Remediation: hostname(config)#ip http max-connections 2
-
-    """)
-
-    assert 'ip http max-connections' in configuration, remediation
+def rule_1210_set_http_secure_server_limit(configuration,ref):
+    assert 'ip http max-connections' in configuration, ref

CIS/Cisco_ios/12_access_rules/rule_1210_set_http_secure_server_limit.ref

@@ -0,0 +1,9 @@
+.rule_1210_set_http_secure_server_limit:
+
+
+    Reference:    
+
+
+    Remediation:  hostname(config)#ip http max-connections 2
+
+.