Audit Rules

set syslog facility
set syslog facility. See rules.html#setsyslogfacility for details.

no ip source-route
Disable unnecessary services. See rules.html#noipsource-route for details.

aux no exec-timeout
Disable exec on aux See rules.html#auxnoexec-timeout for details.

no service config
Disable unnecessary services. See rules.html#noserviceconfig for details.

aux no tranport
Disable transport on aux See rules.html#auxnotranport for details.

no ip proxy-arp
Disable proxy arp unless needed. See rules.html#noipproxy-arp for details.

ntp server
set ntp time source See rules.html#ntpserver for details.

no cdp run
Disable unnecessary services. See rules.html#nocdprun for details.

require line passwords
Require line passwords. See rules.html#requirelinepasswords for details.

console exec-timeout
Timeout on console in 5 minutes See rules.html#consoleexec-timeout for details.

enable secret
Require enable secret. See rules.html#enablesecret for details.

clock timezone GMT 0
Use GMT to avoid confusion. See rules.html#clocktimezoneGMT0 for details.

no ip finger
Disable unnecessary services. See rules.html#noipfinger for details.

forbid SNMP community private
Don't use default SNMP community strings. See rules.html#forbidSNMPcommunityprivate for details.

no service udp-small-servers
Disable unnecessary services such as echo,discard,chargen,etc. See rules.html#noserviceudp-small-servers for details.

service udp-small-servers
Disable unnecessary services such as echo,discard,chargen,etc. See rules.html#serviceudp-small-servers for details.

forbid SNMP community public
Don't use default SNMP community strings. See rules.html#forbidSNMPcommunitypublic for details.

service timestamps
timestamp messages. See rules.html#servicetimestamps for details.

Inbound antispoof ACL definition
Block RFC1918 addresses inbound See rules.html#InboundantispoofACLdefinition for details.

service password-encryption
encrypt passwords in configs See rules.html#servicepassword-encryption for details.

vty login
Require login See rules.html#vtylogin for details.

clock summer-time
Don't use summertime. Avoid confusion. See rules.html#clocksummer-time for details.

ntp source
ntp source See rules.html#ntpsource for details.

set syslog server
set syslog server(s). See rules.html#setsyslogserver for details.

logging console critical
set console logging level. See rules.html#loggingconsolecritical for details.

aux exec-timeout
Timeout on console in 10 seconds See rules.html#auxexec-timeout for details.

Apply inbound antispoof
Apply inbound anti-spoof filters. See rules.html#Applyinboundantispoof for details.

no service finger
Disable unnecessary services. See rules.html#noservicefinger for details.

logging trap debugging
set snmp trap level See rules.html#loggingtrapdebugging for details.

logging buffered
set logging buffered. See rules.html#loggingbuffered for details.

no ip directed broadcast
Disallow directed broadcasts by default. See rules.html#noipdirectedbroadcast for details.

no ip http server
Disable unnecessary services. See rules.html#noiphttpserver for details.

no ip identd
Disable unnecessary services. See rules.html#noipidentd for details.

enable logging
enable logging. See rules.html#enablelogging for details.

ip directed broadcast
Disallow directed broadcasts by default. See rules.html#noipdirectedbroadcast for details.

no ip bootp server
Disable unnecessary services. See rules.html#noipbootpserver for details.

no service tcp-small-servers
Disable unnecessary services such as echo,discard,chargen,etc. See rules.html#noservicetcp-small-servers for details.

service tcp-small-servers
Disable unnecessary services such as echo,discard,chargen,etc. See rules.html#servicetcp-small-servers for details.

Apply VTY ACL
Require ACL 92 to be applied to VTYs See rules.html#ApplyVTYACL for details.

vty exec-timeout
Timeout on console in 5 minutes See rules.html#vtyexec-timeout for details.

vty transport telnet
Permit only telnet transport See rules.html#vtytransporttelnet for details.

Define VTY ACL
Define VTY ACL. See rules.html#DefineVTYACL for details.

no snmp-server
Disable SNMP if not in use. See rules.html#nosnmp-server for details.