#SecureSenses --verbose

There are two types of config files in Cisco switches and routers. They are "startup" and "running" configs.  Startup config - is a configuration file stored in NVRAM that a device will use to configure itself upon reload. It can be viewed by running "show startup-config" command.  Running config - is a currently used configuration stored in volatile memory. It can be viewed by running "show running-config" command. When an admin logs in to a switch and makes configuration changes they are applied to running config. In order for them to be retained after switch reload, those changes must be committed to startup config by running "copy running-config startup-config" or simply "wr". If changes are not committed they will be lost upon reboot.  Output of "show running-config" at the very beginning includes information regarding when last changes were made and when they were last committed. In this example we ca

CIS RAT (Centre for Internet Security - Router Assessment Tool) is a free Perl tool that audits Cisco config files against CIS benchmarks, it creates an HTML report and shows where your config meets or fails CIS benchmark.  We can audit against benchmark level 1 and 2. The tool is supported on both Linux and Windows (though getting it to work on Windows required a bit of source code tweaking).  RAT can audit configuration of the following devices: IOS ASA PIX FWSM RAT can be downloaded here:  http://benchmarks.cisecurity.org/en-us/?route=downloads.show.single.rat.unix.252 Installation on Windows requires ActiveState Perl to be installed. Detailed installation instruction can be found in "rat\etc\install.win32.txt" upon extraction.  Upon installing RAT I had to edit "rat.pl" and change the following (this shouldn't be required so it may work in your case) line 669: to point to the correct directory use lib 'c:\rat\lib';. lines 7

To use this feature you need to be a Nessus professional feed subscriber. Tebnable provides a  number of audit policy files. They are available for download from support portal.  You can download CIS benchmark for both IOS devices and ASA firewalls as well as DISA switch and perimeter router audit files. Setting up a policy is straight forward. It requires that plugin 46689 "Cisco IOS Compliance Checks" is enabled. I generally keep scans separate for sake of report clarity so I enable only this plugin.  I normally enable SYN & UDP scans on all ports as well. As always with UDP, it makes scans much longer. On top of that I find that Nessus UDP scanner is not as reliable as NMAP.  Next we configure credentials. We configure user/pass in "SSH Settings" on "Credentials" tab. Nessus supports only SSH for Cisco audits and requires a user with privileges sufficient to get a full output of "show running-config" or "show startup-c