Create rule-test.yml

.flake8

@@ -1,2 +1,3 @@
 [flake8]
+exclude = .git,__pycache__,docs,old,build,dist,.env/*
 max-line-length = 120

.github/workflows/rule-test.yml

@@ -0,0 +1,14 @@
+name: CI
+on:
+  push:
+
+jobs:
+  container-test-job:
+    runs-on: ubuntu-latest
+    container:
+      image: netpicker/crt
+      options: --cpus 1
+    steps:
+      - uses: actions/checkout@v3
+      - name: Run yaml tests
+        run: test-rules -p runner.yaml_rules -vvvl --rootdir $PWD $PWD

.gitignore

@@ -1,3 +1,4 @@
 .idea
 **/__pycache__
 **/*.pyc
+.env/

.pre-commit-config.yaml

@@ -0,0 +1,12 @@
+repos:
+-   repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.6.0  # Update to the latest version available
+    hooks:
+    -   id: check-yaml
+    -   id: end-of-file-fixer
+    -   id: trailing-whitespace
+
+-   repo: https://github.com/pycqa/flake8
+    rev: 7.0.0  # Update to the latest version available
+    hooks:
+    -   id: flake8

CIS/.metadata

@@ -2,4 +2,4 @@ author: [email protected]
 description: ""
 enabled: true
 name: CIS
-type: null
+type: null

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_111_enable_aaa_new_model.ref → CIS/cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_111_enable_aaa_new_model.ref

@@ -1,7 +1,7 @@
 .rule_111_enable_aaa_new_model:
 
 
-    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a2.html#GUID-E05C2E00-C01E-4053-9D12-EC37C7E8EEC5 
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a2.html#GUID-E05C2E00-C01E-4053-9D12-EC37C7E8EEC5
 
 
     Remediation:  Globally enable authentication, authorization and accounting (AAA) using the new- model command. hostname(config)#aaa new-model

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_112_enable_aaa_authentication_login.ref → CIS/cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_112_enable_aaa_authentication_login.ref

@@ -4,6 +4,6 @@
     Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a1.html#GUID-3DB1CC8A-4A98-400B-A906-C42F265C7EA2  Additional Information: Only “the default method list is automatically applied to all interfaces except those that have a named method list explicitly defined. A defined method list overrides the default method list.” (1)
 
 
-    Remediation:  Configure AAA authentication method(s) for login authentication. hostname(config)#aaa authentication login {default | aaa_list_name} [passwd- expiry] [method1] [method2] 
+    Remediation:  Configure AAA authentication method(s) for login authentication. hostname(config)#aaa authentication login {default | aaa_list_name} [passwd- expiry] [method1] [method2]
 
 .

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_113_enable_aaa_authentication_enable_default.ref → CIS/cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_113_enable_aaa_authentication_enable_default.ref

@@ -1,7 +1,7 @@
 .rule_113_enable_aaa_authentication_enable_default:
 
 
-    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a1.html#GUID-4171D649-2973-4707-95F3-9D96971893D0 
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a1.html#GUID-4171D649-2973-4707-95F3-9D96971893D0
 
 
     Remediation:  Configure AAA authentication method(s) for enable authentication. hostname(config)#aaa authentication enable default {method1} enable

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_114_set_login_authentication_for_line_vty.ref → CIS/cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_114_set_login_authentication_for_line_vty.ref

@@ -1,9 +1,9 @@
 .rule_114_set_login_authentication_for_line_vty:
 
 
-    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/d1/sec-cr-k1.html#GUID- 297BDF33-4841-441C-83F3-4DA51C3C7284 
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/d1/sec-cr-k1.html#GUID- 297BDF33-4841-441C-83F3-4DA51C3C7284
 
 
     Remediation:  Configure management lines to require login using the default or a named AAA authentication list. This configuration must be set individually for all line types. hostname(config)#line vty {line-number} [<em>ending-line-number] hostname(config-line)#login authentication {default | aaa_list_name}
 
-.
+.

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_115_set_login_authentication_for_ip_http.ref → CIS/cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_115_set_login_authentication_for_ip_http.ref

@@ -1,9 +1,9 @@
 .rule_115_set_login_authentication_for_ip_http:
 
 
-    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/d1/sec-cr-k1.html#GUID- 297BDF33-4841-441C-83F3-4DA51C3C7284 
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/d1/sec-cr-k1.html#GUID- 297BDF33-4841-441C-83F3-4DA51C3C7284
 
 
     Remediation:  Configure management lines to require login using the default or a named AAA authentication list. This configuration must be set individually for all line types. hostname#(config)ip http secure-server hostname#(config)ip http authentication {default | _aaa\_list\_name_}
 
-.
+.

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_116_set_aaa_accounting_to_log_all_privileged_use_commands.ref → CIS/cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_116_set_aaa_accounting_to_log_all_privileged_use_commands.ref

@@ -1,9 +1,9 @@
 .rule_116_set_aaa_accounting_to_log_all_privileged_use_commands_using_commands_15:
 
 
-    Reference:    Additional Information: Valid privilege level entries are integers from 0 through 15. 
+    Reference:    Additional Information: Valid privilege level entries are integers from 0 through 15.
 
 
     Remediation:  Configure AAA accounting for commands. hostname(config)#aaa accounting commands 15 {default | list-name | guarantee- first} {start-stop | stop-only | none} {radius | group group-name}
 
-.
+.

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_117_set_aaa_accounting_connection.ref → CIS/cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_117_set_aaa_accounting_connection.ref

@@ -1,7 +1,7 @@
 .rule_117_set_aaa_accounting_connection:
 
 
-    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a1.html#GUID-0520BCEF-89FB-4505-A5DF-D7F1389F1BBA 
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a1.html#GUID-0520BCEF-89FB-4505-A5DF-D7F1389F1BBA
 
 
     Remediation:  Configure AAA accounting for connections. hostname(config)#aaa accounting connection {default | list-name | guarantee- first} {start-stop | stop-only | none} {radius | group group-name}

CIS/Cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_118_set_aaa_accounting_exec.ref → CIS/cisco_ios/11_local_authentication_authorization_and_accounting_rules/rule_118_set_aaa_accounting_exec.ref

@@ -1,7 +1,7 @@
 .rule_118_set_aaa_accounting_exec:
 
 
-    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a1.html#GUID-0520BCEF-89FB-4505-A5DF-D7F1389F1BBA 
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a1.html#GUID-0520BCEF-89FB-4505-A5DF-D7F1389F1BBA
 
 
     Remediation:  Configure AAA accounting for EXEC shell session. hostname(config)#aaa accounting exec {default | list-name | guarantee-first} {start-stop | stop-only | none} {radius | group group-name}

CIS/Cisco_ios/12_access_rules/rule_1211_set_exec_timeout_to_less_than_or_equal_to_10_min_on_ip_http.ref → CIS/cisco_ios/12_access_rules/rule_1211_set_exec_timeout_to_less_than_or_equal_to_10_min_on_ip_http.ref

@@ -4,7 +4,7 @@
     Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/fundamentals/command/D_through_E.html#GUID-76805E6F-9E89-4457-A9DC-5944C8FE5419
 
 
-    Remediation:  Configure device timeout (10 minutes or less) to disconnect sessions after a fixed idle time. 
+    Remediation:  Configure device timeout (10 minutes or less) to disconnect sessions after a fixed idle time.
                   ip http timeout-policy idle 600 life {nnnn} requests {nn}
 
 .

CIS/Cisco_ios/12_access_rules/rule_121_set_privilege_1_for_local_users.ref → CIS/cisco_ios/12_access_rules/rule_121_set_privilege_1_for_local_users.ref

@@ -1,10 +1,10 @@
 .rule_121_set_privilege_1_for_local_users:
 
 
-    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/s1/sec-cr-t2-z.html#GUID-34B3E43E-0F79-40E8-82B6-A4B5F1AFF1AD  
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/s1/sec-cr-t2-z.html#GUID-34B3E43E-0F79-40E8-82B6-A4B5F1AFF1AD
 
 
-    Remediation:  Set the local user to privilege level 1. 
+    Remediation:  Set the local user to privilege level 1.
                   hostname(config)#username <LOCAL_USERNAME> privilege 1
 
 .

CIS/Cisco_ios/12_access_rules/rule_122_set_transport_input_ssh_for_line_vty_connections.py → CIS/cisco_ios/12_access_rules/rule_122_set_transport_input_ssh_for_line_vty_connections.py

@@ -7,4 +7,4 @@
     commands=dict(chk_cmd='show running-config | sec vty')
 )
 def rule_122_set_transport_input_ssh_for_line_vty_connections(commands, ref):
-    assert ' transport input ssh' in commands.chk_cmd, ref
+    assert 'transport input ssh' in commands.chk_cmd, ref

CIS/Cisco_ios/12_access_rules/rule_122_set_transport_input_ssh_for_line_vty_connections.ref → CIS/cisco_ios/12_access_rules/rule_122_set_transport_input_ssh_for_line_vty_connections.ref

@@ -4,8 +4,8 @@
     Reference:    1. http://www.cisco.com/en/US/docs/ios/termserv/command/reference/tsv_s1.html#wp1069219
 
 
-    Remediation:  Apply SSH to transport input on all VTY management lines 
-                  hostname(config)#line vty <line-number> <ending-line-number> 
+    Remediation:  Apply SSH to transport input on all VTY management lines
+                  hostname(config)#line vty <line-number> <ending-line-number>
                   hostname(config-line)#transport input ssh
 
 .

CIS/Cisco_ios/12_access_rules/rule_123_set_no_exec_for_line_aux_0.ref → CIS/cisco_ios/12_access_rules/rule_123_set_no_exec_for_line_aux_0.ref

@@ -1,11 +1,11 @@
 .rule_123_set_no_exec_for_line_aux_0:
 
 
-    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/fundamentals/command/D_through_E.html#GUID-429A2B8C-FC26-49C4-94C4-0FD99C32EC34 
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/fundamentals/command/D_through_E.html#GUID-429A2B8C-FC26-49C4-94C4-0FD99C32EC34
 
 
-    Remediation:  Disable the EXEC process on the auxiliary port. 
-                  hostname(config)#line aux 0 
+    Remediation:  Disable the EXEC process on the auxiliary port.
+                  hostname(config)#line aux 0
                   hostname(config-line)#no exec
 
 .

CIS/Cisco_ios/12_access_rules/rule_124_create_access_list_for_use_with_line_vty.ref → CIS/cisco_ios/12_access_rules/rule_124_create_access_list_for_use_with_line_vty.ref

@@ -1,12 +1,12 @@
 .rule_124_create_access_list_for_use_with_line_vty:
 
 
-    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a2.html#GUID-9EA733A3-1788-4882-B8C3-AB0A2949120C 
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a2.html#GUID-9EA733A3-1788-4882-B8C3-AB0A2949120C
 
 
-    Remediation:  Configure the VTY ACL that will be used to restrict management access to the device. 
-                  hostname(config)#access-list <vty_acl_number> permit tcp <vty_acl_block_with_mask> any 
-                  hostname(config)#access-list <vty_acl_number> permit tcp host <vty_acl_host> any 
+    Remediation:  Configure the VTY ACL that will be used to restrict management access to the device.
+                  hostname(config)#access-list <vty_acl_number> permit tcp <vty_acl_block_with_mask> any
+                  hostname(config)#access-list <vty_acl_number> permit tcp host <vty_acl_host> any
                   hostname(config)#deny ip any any log
 
 .

CIS/Cisco_ios/12_access_rules/rule_125_set_access_class_for_line_vty.ref → CIS/cisco_ios/12_access_rules/rule_125_set_access_class_for_line_vty.ref

@@ -1,11 +1,11 @@
 .rule_125_set_access_class_for_line_vty:
 
 
-    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a2.html#GUID-FB9BC58A-F00A-442A-8028-1E9E260E54D3 
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/a1/sec-cr-a2.html#GUID-FB9BC58A-F00A-442A-8028-1E9E260E54D3
 
 
-    Remediation:  Configure remote management access control restrictions for all VTY lines. 
-                  hostname(config)#line vty <line-number> <ending-line-number> 
+    Remediation:  Configure remote management access control restrictions for all VTY lines.
+                  hostname(config)#line vty <line-number> <ending-line-number>
                   hostname(config-line)# access-class <vty_acl_number> in
 
 .

CIS/Cisco_ios/12_access_rules/rule_126_set_exec_timeout_to_less_than_or_equal_to_10_minutes_for_line_aux_0.ref → CIS/cisco_ios/12_access_rules/rule_126_set_exec_timeout_to_less_than_or_equal_to_10_minutes_for_line_aux_0.ref

@@ -1,11 +1,11 @@
 .rule_126_set_exec_timeout_to_less_than_or_equal_to_10_minutes_for_line_aux_0:
 
 
-    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/fundamentals/command/D_through_E.html#GUID-76805E6F-9E89-4457-A9DC-5944C8FE5419 
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/fundamentals/command/D_through_E.html#GUID-76805E6F-9E89-4457-A9DC-5944C8FE5419
 
 
-    Remediation:  Configure device timeout (10 minutes or less) to disconnect sessions after a fixed idle time. 
-                  hostname(config)#line aux 0 
+    Remediation:  Configure device timeout (10 minutes or less) to disconnect sessions after a fixed idle time.
+                  hostname(config)#line aux 0
                   hostname(config-line)#exec-timeout <timeout_in_minutes> <timeout_in_seconds>
 
 .

CIS/Cisco_ios/12_access_rules/rule_127_set_exec_timeout_to_less_than_or_equal_to_10_minutes_line_console_0.ref → CIS/cisco_ios/12_access_rules/rule_127_set_exec_timeout_to_less_than_or_equal_to_10_minutes_line_console_0.ref

@@ -1,11 +1,11 @@
 .rule_127_set_exec_timeout_to_less_than_or_equal_to_10_minutes_line_console_0:
 
 
-    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/fundamentals/command/D_through_E.html#GUID-76805E6F-9E89-4457-A9DC-5944C8FE5419 
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/fundamentals/command/D_through_E.html#GUID-76805E6F-9E89-4457-A9DC-5944C8FE5419
 
 
-    Remediation:  Configure device timeout (10 minutes or less) to disconnect sessions after a fixed idle time. 
-                  hostname(config)#line con 0 
+    Remediation:  Configure device timeout (10 minutes or less) to disconnect sessions after a fixed idle time.
+                  hostname(config)#line con 0
                   hostname(config-line)#exec-timeout <timeout_in_minutes> <timeout_in_seconds>
 
 .

CIS/Cisco_ios/12_access_rules/rule_128_set_exec_timeout_to_less_than_or_equal_to_10_minutes_line_vty.ref → CIS/cisco_ios/12_access_rules/rule_128_set_exec_timeout_to_less_than_or_equal_to_10_minutes_line_vty.ref

@@ -1,11 +1,11 @@
 .rule_128_set_exec_timeout_to_less_than_or_equal_to_10_minutes_line_vty:
 
 
-    Reference:    1. https://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/command/b_cisco_mds_9000_cr_book/l_commands.html#wp3716128869 
+    Reference:    1. https://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/command/b_cisco_mds_9000_cr_book/l_commands.html#wp3716128869
 
 
-    Remediation:  Configure device timeout (10 minutes or less) to disconnect sessions after a fixed idle time. 
-                  hostname(config)#line vty {line_number} [ending_line_number] 
+    Remediation:  Configure device timeout (10 minutes or less) to disconnect sessions after a fixed idle time.
+                  hostname(config)#line vty {line_number} [ending_line_number]
                   hostname(config-line)#exec-timeout <<span>timeout_in_minutes> <timeout_in_seconds</span>>
 
 .

CIS/Cisco_ios/13_banner_rules/rule_131_set_the_banner_text_for_banner_exec.ref → CIS/cisco_ios/13_banner_rules/rule_131_set_the_banner_text_for_banner_exec.ref

@@ -4,7 +4,7 @@
     Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/fundamentals/command/A_through_B.html#GUID-0DEF5B57-A7D9-4912-861F-E837C82A3881 Additional Information: The default is no banner.
 
 
-    Remediation:  Configure the EXEC banner presented to a user when accessing the devices enable prompt.  
+    Remediation:  Configure the EXEC banner presented to a user when accessing the devices enable prompt.
                   hostname(config)#banner exec c Enter TEXT message. End with the character 'c'. <banner-text> c
 
 .

CIS/Cisco_ios/13_banner_rules/rule_132_set_the_banner_text_for_banner_login.ref → CIS/cisco_ios/13_banner_rules/rule_132_set_the_banner_text_for_banner_login.ref

@@ -4,7 +4,7 @@
     Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/fundamentals/command/A_through_B.html#GUID-FF0B6890-85B8-4B6A-90DD-1B7140C5D22F
 
 
-    Remediation:  Configure the device so a login banner presented to a user attempting to access the device.  
+    Remediation:  Configure the device so a login banner presented to a user attempting to access the device.
                   hostname(config)#banner login c Enter TEXT message. End with the character 'c'. <banner-text> c
 
 .

CIS/Cisco_ios/13_banner_rules/rule_133_set_the_banner_text_for_banner_motd.ref → CIS/cisco_ios/13_banner_rules/rule_133_set_the_banner_text_for_banner_motd.ref

@@ -4,7 +4,7 @@
     Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/fundamentals/command/A_through_B.html#GUID-7416C789-9561-44FC-BB2A-D8D8AFFB77DD
 
 
-    Remediation:  Configure the message of the day (MOTD) banner presented when a user first connects to the device.  
+    Remediation:  Configure the message of the day (MOTD) banner presented when a user first connects to the device.
                   hostname(config)#banner motd c Enter TEXT message. End with the character 'c'. <banner-text> c
 
 .

CIS/Cisco_ios/13_banner_rules/rule_134_set_the_banner_text_for_webauth_banner.py → CIS/cisco_ios/13_banner_rules/rule_134_set_the_banner_text_for_webauth_banner.py

@@ -7,5 +7,5 @@
     commands={'chk_cmd': 'show ip admission auth-proxy-banner http'}
 )
 def rule_134_set_the_banner_text_for_webauth_banner(commands, ref):
-    banner_text = commands['chk_cmd']
+    banner_text = commands.chk_cmd
     assert 'Unauthorized access is prohibited' in banner_text, ref + " - Missing or incorrect banner text."

CIS/Cisco_ios/13_banner_rules/rule_134_set_the_banner_text_for_webauth_banner.ref → CIS/cisco_ios/13_banner_rules/rule_134_set_the_banner_text_for_webauth_banner.ref

@@ -4,7 +4,7 @@
     Reference:    1. https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9500/software/release/16-9/configuration_guide/sec/b_169_sec_9500_cg/configuring_web_based_authentication.html
 
 
-    Remediation:  Configure the webauth banner presented when a user connects to the device. 
+    Remediation:  Configure the webauth banner presented when a user connects to the device.
                   hostname(config)#ip admission auth-proxy-banner http {banner-text | filepath}
 
 .

CIS/Cisco_ios/14_password_rules/rule_141_set_password_for_enable_secret.ref → CIS/cisco_ios/14_password_rules/rule_141_set_password_for_enable_secret.ref

@@ -5,7 +5,7 @@
     Additional Information: Note: You cannot recover a lost encrypted password. You must clear NVRAM and set a new password.
 
 
-    Remediation:  Configure a strong, enable secret password. 
+    Remediation:  Configure a strong, enable secret password.
                   hostname(config)#enable secret 9 {ENABLE_SECRET_PASSWORD}
 
 .

CIS/Cisco_ios/14_password_rules/rule_142_enable_service_password_encryption.ref → CIS/cisco_ios/14_password_rules/rule_142_enable_service_password_encryption.ref

@@ -1,11 +1,11 @@
 .rule_142_enable_service_password_encryption:
 
 
-    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/s1/sec-cr-s1.html#GUID-CC0E305A-604E-4A74-8A1A-975556CE5871  
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/security/s1/sec-cr-s1.html#GUID-CC0E305A-604E-4A74-8A1A-975556CE5871
     Additional Information: Caution: This command does not provide a high level of network security. If you use this command, you should also take additional network security measures. Note: You cannot recover a lost encrypted password. You must clear NVRAM and set a new password.
 
 
-    Remediation:  Enable password encryption service to protect sensitive access passwords in the device configuration.  
+    Remediation:  Enable password encryption service to protect sensitive access passwords in the device configuration.
                   hostname(config)#service password-encryption
 
 .

CIS/Cisco_ios/14_password_rules/rule_143_set_username_secret_for_all_local_users.ref → CIS/cisco_ios/14_password_rules/rule_143_set_username_secret_for_all_local_users.ref

@@ -4,7 +4,7 @@
     Reference:    1. https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9600/software/release/16-12/configuration_guide/sec/b_1612_sec_9600_cg/controlling_switch_access_with_passwords_and_privilege_levels.html
 
 
-    Remediation:  Create a local user with an encrypted, complex (not easily guessed) password.  
+    Remediation:  Create a local user with an encrypted, complex (not easily guessed) password.
                   hostname(config)#username {{em}LOCAL_USERNAME{/em}} secret {{em}LOCAL_PASSWORD{/em}}
 
 .

CIS/Cisco_ios/15_snmp_rules/rule_1510_require_aes_128_as_minimum_for_snmp_server.py → CIS/cisco_ios/15_snmp_rules/rule_1510_require_aes_128_as_minimum_for_snmp_server.py

@@ -22,7 +22,7 @@ def rule_1510_require_aes_128_as_minimum_for_snmp_server(configuration, commands
         AssertionError: If any SNMPv3 user is not configured with AES 128 encryption.
     """
 
-    snmp_users_output = commands['show_snmp_user'].splitlines()
+    snmp_users_output = commands.show_snmp_user.splitlines()
     snmp_v3_users_aes128 = [line for line in snmp_users_output if 'AES 128' in line or 'AES128' in line]
 
     # Verify that there is at least one SNMPv3 user configured with AES 128

CIS/Cisco_ios/15_snmp_rules/rule_1510_require_aes_128_as_minimum_for_snmp_server_user_when_using_snmpv3.ref → CIS/cisco_ios/15_snmp_rules/rule_1510_require_aes_128_as_minimum_for_snmp_server_user_when_using_snmpv3.ref

@@ -1,10 +1,10 @@
 .rule_1510_require_aes_128_as_minimum_for_snmp_server_user_when_using_snmpv3:
 
 
-    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/snmp/command/nm-snmp-cr-s5.html#GUID-4EED4031-E723-4B84-9BBF-610C3CF60E31 
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/snmp/command/nm-snmp-cr-s5.html#GUID-4EED4031-E723-4B84-9BBF-610C3CF60E31
 
 
-    Remediation:  For each SNMPv3 user created on your router add privacy options by issuing the following command.  
+    Remediation:  For each SNMPv3 user created on your router add privacy options by issuing the following command.
                   hostname(config)#snmp-server user {user_name} {group_name} v3 auth sha {auth_password} priv aes 128 {priv_password} {acl_name_or_number}
 
 .

CIS/Cisco_ios/15_snmp_rules/rule_152_unset_private_for_snmp_server_community.ref → CIS/cisco_ios/15_snmp_rules/rule_152_unset_private_for_snmp_server_community.ref

@@ -4,7 +4,7 @@
     Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/snmp/command/nm-snmp-cr-s2.html#GUID-2F3F13E4-EE81-4590-871D-6AE1043473DE
 
 
-    Remediation:  Disable the default SNMP community string private 
+    Remediation:  Disable the default SNMP community string private
                   hostname(config)#no snmp-server community {private}
 
 .

CIS/Cisco_ios/15_snmp_rules/rule_153_unset_public_for_snmp_server_community.ref → CIS/cisco_ios/15_snmp_rules/rule_153_unset_public_for_snmp_server_community.ref

@@ -4,7 +4,7 @@
     Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/snmp/command/nm-snmp-cr-s2.html#GUID-2F3F13E4-EE81-4590-871D-6AE1043473DE
 
 
-    Remediation:  Disable the default SNMP community string "public"  
+    Remediation:  Disable the default SNMP community string "public"
                   hostname(config)#no snmp-server community {public}
 
 .

CIS/Cisco_ios/15_snmp_rules/rule_154_do_not_set_rw_for_any_snmp_server_community.ref → CIS/cisco_ios/15_snmp_rules/rule_154_do_not_set_rw_for_any_snmp_server_community.ref

@@ -1,10 +1,10 @@
 .rule_154_do_not_set_rw_for_any_snmp_server_community:
 
 
-    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/snmp/command/nm-snmp-cr-s2.html#GUID-2F3F13E4-EE81-4590-871D-6AE1043473DE 
+    Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/snmp/command/nm-snmp-cr-s2.html#GUID-2F3F13E4-EE81-4590-871D-6AE1043473DE
 
 
-    Remediation:  Disable SNMP write access.  
+    Remediation:  Disable SNMP write access.
                   hostname(config)#no snmp-server community {<em>write_community_string</em>}
 
 .

CIS/Cisco_ios/15_snmp_rules/rule_155_set_the_acl_for_each_snmp_server_community.ref → CIS/cisco_ios/15_snmp_rules/rule_155_set_the_acl_for_each_snmp_server_community.ref

@@ -4,7 +4,7 @@
     Reference:    1. http://www.cisco.com/en/US/docs/ios-xml/ios/snmp/command/nm-snmp-cr-s2.html#GUID-2F3F13E4-EE81-4590-871D-6AE1043473DE
 
 
-    Remediation:  Configure authorized SNMP community string and restrict access to authorized management systems.  
+    Remediation:  Configure authorized SNMP community string and restrict access to authorized management systems.
                   hostname(config)#snmp-server community <<em>community_string</em>> ro {<em>snmp_access-list_number | <span>snmp_access-list_name</span></em><span>}</span>
 
 .