netpicker · netpicker · Jul 10, 2024 · Jul 10, 2024 · Jul 10, 2024 · Jul 10, 2024
diff --git a/...as_changed_from_users_page_is_selected.py → ...sers_to_change_password_at_first_login.py b/...as_changed_from_users_page_is_selected.py → ...sers_to_change_password_at_first_login.py
@@ -2,9 +2,9 @@
 
 
 @medium(
-      name='rule_1_10_ensure_force_users_to_change_password_at_first_login_after_password_was_changed_from_users_page_is_selected',
+      name='rule_1_10_ensure_force_users_to_change_password_at_first_login',
       platform=['checkpoint'],
       commands=dict(chk_cmd='')
 )
-def rule_1_10_ensure_force_users_to_change_password_at_first_login_after_password_was_changed_from_users_page_is_selected(commands, ref):
+def rule_1_10_ensure_force_users_to_change_password_at_first_login(commands, ref):
     assert '' in commands.chk_cmd, ref
diff --git a/...s_changed_from_users_page_is_selected.ref → ...ers_to_change_password_at_first_login.ref b/...s_changed_from_users_page_is_selected.ref → ...ers_to_change_password_at_first_login.ref
@@ -1,4 +1,4 @@
-.rule_1_10_ensure_force_users_to_change_password_at_first_login_after_password_was_changed_from_users_page_is_selected
+.rule_1_10_ensure_force_users_to_change_password_at_first_login
 
 Reference: 
 Remediation: Run the following command to set force-change-when setting.
@@ -14,4 +14,4 @@ changed from Users page' setting.
 
 
 
-.
+.
diff --git a/...es/rule_1_4_3_set_password_lifetime,_warning_time_and_grace_time_for_local_credentials.py b/...es/rule_1_4_3_set_password_lifetime,_warning_time_and_grace_time_for_local_credentials.py
diff --git a/...les/rule_1_4_3_set_password_lifetime_warning_time_and_grace_time_for_local_credentials.py b/...les/rule_1_4_3_set_password_lifetime_warning_time_and_grace_time_for_local_credentials.py
@@ -0,0 +1,10 @@
+from comfy.compliance import medium
+
+
+@medium(
+      name='rule_1_4_3_set_password_lifetime_warning_time_and_grace_time_for_local_credentials',
+      platform=['cisco_nxos'],
+      commands=dict(chk_cmd='')
+)
+def rule_1_4_3_set_password_lifetime_warning_time_and_grace_time_for_local_credentials(commands, ref):
+    assert '' in commands.chk_cmd, ref
diff --git a/..._and_grace_time_for_local_credentials.ref → ..._and_grace_time_for_local_credentials.ref b/..._and_grace_time_for_local_credentials.ref → ..._and_grace_time_for_local_credentials.ref
@@ -1,4 +1,4 @@
-.rule_1_4_3_set_password_lifetime,_warning_time_and_grace_time_for_local_credentials
+.rule_1_4_3_set_password_lifetime_warning_time_and_grace_time_for_local_credentials
 
 Reference: 
 Remediation: To set passphrase timers globally:
@@ -16,4 +16,4 @@ example
 switch(config)# username test passphrase lifetime 180 warntime 10 gracetime
 10
 
-.
+.
diff --git a/...nt_plane/1_5_snmp_rules/rule_1_5_1_if_snmpv2_is_in_use,_use_a_complex_community_string.py b/...nt_plane/1_5_snmp_rules/rule_1_5_1_if_snmpv2_is_in_use,_use_a_complex_community_string.py
diff --git a/...ent_plane/1_5_snmp_rules/rule_1_5_1_if_snmpv2_is_in_use_use_a_complex_community_string.py b/...ent_plane/1_5_snmp_rules/rule_1_5_1_if_snmpv2_is_in_use_use_a_complex_community_string.py
@@ -0,0 +1,10 @@
+from comfy.compliance import medium
+
+
+@medium(
+      name='rule_1_5_1_if_snmpv2_is_in_use_use_a_complex_community_string',
+      platform=['cisco_nxos'],
+      commands=dict(chk_cmd='')
+)
+def rule_1_5_1_if_snmpv2_is_in_use_use_a_complex_community_string(commands, ref):
+    assert '' in commands.chk_cmd, ref
diff --git a/...n_use,_use_a_complex_community_string.ref → ...in_use_use_a_complex_community_string.ref b/...n_use,_use_a_complex_community_string.ref → ...in_use_use_a_complex_community_string.ref
@@ -1,6 +1,6 @@
-.rule_1_5_1_if_snmpv2_is_in_use,_use_a_complex_community_string
+.rule_1_5_1_if_snmpv2_is_in_use_use_a_complex_community_string
 
 Reference: 
 Remediation: switch(config)# snmp-server community <SomeComplexString> ro
 
-.
+.
diff --git a/...gement_plane/1_5_snmp_rules/rule_1_5_2_if_snmpv2_is_in_use,_set_restrictions_on_access.py b/...gement_plane/1_5_snmp_rules/rule_1_5_2_if_snmpv2_is_in_use,_set_restrictions_on_access.py
diff --git a/...agement_plane/1_5_snmp_rules/rule_1_5_2_if_snmpv2_is_in_use_set_restrictions_on_access.py b/...agement_plane/1_5_snmp_rules/rule_1_5_2_if_snmpv2_is_in_use_set_restrictions_on_access.py
@@ -0,0 +1,10 @@
+from comfy.compliance import medium
+
+
+@medium(
+      name='rule_1_5_2_if_snmpv2_is_in_use_set_restrictions_on_access',
+      platform=['cisco_nxos'],
+      commands=dict(chk_cmd='')
+)
+def rule_1_5_2_if_snmpv2_is_in_use_set_restrictions_on_access(commands, ref):
+    assert '' in commands.chk_cmd, ref
diff --git a/...is_in_use,_set_restrictions_on_access.ref → ..._is_in_use_set_restrictions_on_access.ref b/...is_in_use,_set_restrictions_on_access.ref → ..._is_in_use_set_restrictions_on_access.ref
@@ -1,4 +1,4 @@
-.rule_1_5_2_if_snmpv2_is_in_use,_set_restrictions_on_access
+.rule_1_5_2_if_snmpv2_is_in_use_set_restrictions_on_access
 
 Reference: 
 Remediation: Create the ACL:
@@ -15,4 +15,4 @@ OR an IPv6 ACL can be applied to a given SNMP community string, not both.
 In releases prior to Cisco NX-OS Release 7.0(3)I4(1), this CLI command includes use-
 acl rather than use-ipv4acl.
 
-.
+.
diff --git a/.../1_7_time_services/rule_1_7_3_if_a_local_time_zone_is_used,_configure_daylight_savings.py b/.../1_7_time_services/rule_1_7_3_if_a_local_time_zone_is_used,_configure_daylight_savings.py
diff --git a/...e/1_7_time_services/rule_1_7_3_if_a_local_time_zone_is_used_configure_daylight_savings.py b/...e/1_7_time_services/rule_1_7_3_if_a_local_time_zone_is_used_configure_daylight_savings.py
@@ -0,0 +1,10 @@
+from comfy.compliance import medium
+
+
+@medium(
+      name='rule_1_7_3_if_a_local_time_zone_is_used_configure_daylight_savings',
+      platform=['cisco_nxos'],
+      commands=dict(chk_cmd='')
+)
+def rule_1_7_3_if_a_local_time_zone_is_used_configure_daylight_savings(commands, ref):
+    assert '' in commands.chk_cmd, ref
diff --git a/...e_is_used,_configure_daylight_savings.ref → ...ne_is_used_configure_daylight_savings.ref b/...e_is_used,_configure_daylight_savings.ref → ...ne_is_used_configure_daylight_savings.ref
@@ -1,4 +1,4 @@
-.rule_1_7_3_if_a_local_time_zone_is_used,_configure_daylight_savings
+.rule_1_7_3_if_a_local_time_zone_is_used_configure_daylight_savings
 
 Reference: 
 Remediation: In most cases, just the name of the DST timezone name is sufficient. NX-OS assumes 1
@@ -17,4 +17,4 @@ day2, month2, time2 define the end of the DST period
 
 
 
-.
+.
diff --git a/...protocols/3_1_2_bgp/rule_3_1_2_2_if_possible,_limit_the_bgp_routes_accepted_from_peers.py b/...protocols/3_1_2_bgp/rule_3_1_2_2_if_possible,_limit_the_bgp_routes_accepted_from_peers.py
diff --git a/..._protocols/3_1_2_bgp/rule_3_1_2_2_if_possible_limit_the_bgp_routes_accepted_from_peers.py b/..._protocols/3_1_2_bgp/rule_3_1_2_2_if_possible_limit_the_bgp_routes_accepted_from_peers.py
@@ -0,0 +1,10 @@
+from comfy.compliance import low
+
+
+@low(
+      name='rule_3_1_2_2_if_possible_limit_the_bgp_routes_accepted_from_peers',
+      platform=['cisco_nxos'],
+      commands=dict(chk_cmd='')
+)
+def rule_3_1_2_2_if_possible_limit_the_bgp_routes_accepted_from_peers(commands, ref):
+    assert '' in commands.chk_cmd, ref
diff --git a/...it_the_bgp_routes_accepted_from_peers.ref → ...it_the_bgp_routes_accepted_from_peers.ref b/...it_the_bgp_routes_accepted_from_peers.ref → ...it_the_bgp_routes_accepted_from_peers.ref
@@ -1,4 +1,4 @@
-.rule_3_1_2_2_if_possible,_limit_the_bgp_routes_accepted_from_peers
+.rule_3_1_2_2_if_possible_limit_the_bgp_routes_accepted_from_peers
 
 Reference: os/unicast/configuration/guide/l3_cli_nxos/l3_bgp.html
 
@@ -30,4 +30,4 @@ switch(config-router-neighbor)#     remote-as 65521
 switch(config-router-neighbor)#     address-family ipv4 unicast
 switch(config-router-neighbor-af)#      route-map RM_BGP_PEERNAME_IN in
 
-.
+.
diff --git a/...n_interfaces_have_ip_addreses,_configure_anti_spoofing___ingress_filtering_protections.py b/...n_interfaces_have_ip_addreses,_configure_anti_spoofing___ingress_filtering_protections.py
diff --git a/...g_protections/rule_3_1_4_1_if_vlan_interfaces_have_ip_addreses_configure_anti_spoofing.py b/...g_protections/rule_3_1_4_1_if_vlan_interfaces_have_ip_addreses_configure_anti_spoofing.py
@@ -0,0 +1,10 @@
+from comfy.compliance import medium
+
+
+@medium(
+      name='rule_3_1_4_1_if_vlan_interfaces_have_ip_addreses_configure_anti_spoofing',
+      platform=['cisco_nxos'],
+      commands=dict(chk_cmd='')
+)
+def rule_3_1_4_1_if_vlan_interfaces_have_ip_addreses_configure_anti_spoofing(commands, ref):
+    assert '' in commands.chk_cmd, ref
diff --git a/...ofing___ingress_filtering_protections.ref → ...e_ip_addreses_configure_anti_spoofing.ref b/...ofing___ingress_filtering_protections.ref → ...e_ip_addreses_configure_anti_spoofing.ref
@@ -1,4 +1,4 @@
-.rule_3_1_4_1_if_vlan_interfaces_have_ip_addreses,_configure_anti_spoofing___ingress_filtering_protections
+.rule_3_1_4_1_if_vlan_interfaces_have_ip_addreses_configure_anti_spoofing
 
 Reference: 
 Remediation: Apply the command "ip verify unicast source reachable-via rx" to all VLAN interfaces
@@ -10,4 +10,4 @@ command variant has no affect.
 switch(config)# interface Vlan X
 switch(config-if)# ip verify unicast source reachable-via rx
 
-.
+.
diff --git a/...le_1_1_5_local_users,_groups_and_tasks.py → ...ule_1_1_5_local_users_groups_and_tasks.py b/...le_1_1_5_local_users,_groups_and_tasks.py → ...ule_1_1_5_local_users_groups_and_tasks.py
@@ -2,9 +2,9 @@
 
 
 @low(
-      name='rule_1_1_5_local_users,_groups_and_tasks',
+      name='rule_1_1_5_local_users_groups_and_tasks',
       platform=['cisco_xr'],
       commands=dict(chk_cmd='')
 )
-def rule_1_1_5_local_users,_groups_and_tasks(commands, ref):
+def rule_1_1_5_local_users_groups_and_tasks(commands, ref):
     assert '' in commands.chk_cmd, ref
diff --git a/...e_1_1_5_local_users,_groups_and_tasks.ref → ...le_1_1_5_local_users_groups_and_tasks.ref b/...e_1_1_5_local_users,_groups_and_tasks.ref → ...le_1_1_5_local_users_groups_and_tasks.ref
@@ -1,4 +1,4 @@
-.rule_1_1_5_local_users,_groups_and_tasks
+.rule_1_1_5_local_users_groups_and_tasks
 
 Reference: system-setup-cg-ncs5000-62x/b-system-setup-cg-ncs5000-
 62x_chapter_0101.html#id_134674
@@ -11,4 +11,4 @@ IOSXR(config)#username {username}
 IOSXR(config-un)#secret {password}
 IOSXR(config-un)#group {user_group}
 
-.
+.
diff --git a/CIS/Cisco_xr/1_management_plane/1_2_ssh/rule_1_2_1_set_the_hostname.py b/CIS/Cisco_xr/1_management_plane/1_2_ssh/rule_1_2_1_set_the_hostname.py
@@ -4,7 +4,7 @@
 @medium(
       name='rule_1_2_1_set_the_hostname',
       platform=['cisco_xr'],
-     # commands=dict(chk_cmd='sh run | incl hostname')
+      # commands=dict(chk_cmd='sh run | incl hostname')
 )
 def rule_1_2_1_set_the_hostname(configuration, ref):
     assert 'hostname' in configuration, ref
diff --git a/...nos/1_general_recommendations/rule_1_1_ensure_device_is_running_current_junos_software.py b/...nos/1_general_recommendations/rule_1_1_ensure_device_is_running_current_junos_software.py
@@ -4,7 +4,7 @@
 @medium(
       name='rule_1_1_ensure_device_is_running_current_junos_software',
       platform=['juniper'],
-      commands=dict(chk_cmd='')
+      commands=dict(chk_cmd='show version | match JUNOS')
 )
 def rule_1_1_ensure_device_is_running_current_junos_software(commands, ref):
-    assert '' in commands.chk_cmd, ref
+    assert '15.1X49-D150.2' in commands.chk_cmd, ref