You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm trying to create new rules and if I put anything under the "parent" flag, then it causes a pass.
This is the rule code.
---
severity: 2
desc: Deny all packets with IP options
check:
text: deny\s+ip\s+any\s+any\s+option\s+any-options
text_cnt: 4
parent: test test test #This should be ```ip access-list extended``` but whatever I put here is considered a "pass".
#I was looking to have it match multiple access-lists but I may have gotten the syntax wrong as well.
when: true
part_of_stig:
- test1
...
Output is as below. V216998 Deny all packets with IP options PASS
Also, is there a way to have an infinite number for text_cnt? Essentially, for use across multiple devices where they may have a varying number of access-lists, I want to ensure that every access-list has "deny ip any any option any-options". I couldn't figure out how to add an operator, because with an operator you could put in text_cnt: < 99
The ios config is as follows.
!@#type:ios
!@#stig:test1
Building configuration...
Current configuration : 1247 bytes
!
! Last configuration change at 18:08:38 EET Mon Apr 12 2021 by cisco
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router1
!
boot-start-marker
boot-end-marker
!
!
!
aaa new-model
!
!
aaa authentication login default local
!
!
!
!
!
aaa session-id common
!
!
!
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
clock timezone EET 2 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip domain name test.lab
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
cts logging verbose
!
!
username cisco secret 5 $1$ST2t$UdbDyYShuWozisvb/Q.YG0
username admin secret 5 $1$bKoT$RTrRe4Wh.waCuhf7fv4w9.
!
redundancy
!
!
ip ssh version 2
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
ip address dhcp
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
privilege level 15
transport input ssh
!
!
end
The text was updated successfully, but these errors were encountered:
Also, is there a way to have an infinite number for text_cnt: No, there is not. I've considered adding it, but have not gotten around to it. See issue #6 for details. Will examine the main issue later.
Also, is there a way to have an infinite number for text_cnt: No, there is not. I've considered adding it, but have not gotten around to it. See issue #6 for details. Will examine the main issue later.
Understood. I'll probably attempt to add those fields at some point. I had a pretty big issue even figuring out where to start with that though. I appreciate you taking a look though,
Thanks
I'm trying to create new rules and if I put anything under the "parent" flag, then it causes a pass.
This is the rule code.
Output is as below.
V216998 Deny all packets with IP options PASS
Also, is there a way to have an infinite number for text_cnt? Essentially, for use across multiple devices where they may have a varying number of access-lists, I want to ensure that every access-list has "deny ip any any option any-options". I couldn't figure out how to add an operator, because with an operator you could put in
text_cnt: < 99
The ios config is as follows.
The text was updated successfully, but these errors were encountered: