IOS Device Support

Configuration
=============
hostname
version
service password-encryption
snmp-server
snmp-server location
snmp-server contact
snmp-server community
snmp-server tftp-server-list
snmp-server chassis-id
snmp-server manager
snmp-server manager session-timeout
snmp-server group
snmp-server view
snmp-server user
snmp-server host
snmp-server packetsize
snmp-server queue-length
snmp-server shutdown
snmp-server enable traps
snmp-server trap
snmp-server trap-authentication
snmp-server trap-source
snmp-server trap-timeout
line
  transport input
  transport output
  absolute-timeout
  session-timeout
  login timeout respose
  exec-timeout
  authorization
  accounting
  privilege level
  callback
  access-class <ACL> in
  access-class <ACL> out
  login
  password
  exec
banner exec
banner login
banner incoming
banner motd
access-list remark
access-list compiled
banner slip-ppp
access-list (standard)
access-list (extended)
ip access-list
  remark
  permit
  deny
ip ssh version
ip ssh port
ip ssh authentication-retries
ip ssh timeout
ip http server
ip http secure-server
ip http secure-port
ip http port
ip http access-class
ip http secure-ciphersuite
ip bootp server
ip finger
service finger
enable password
enable secret
ip dns spoofing
ip dns server
ip domain list
ip domain-list
ip domain lookup
ip domain-lookup
ip domain name
ip domain-name
ip domain retry
ip domain round-robin
ip domain timeout
username
aaa authentication banner
aaa authentication enable
aaa authentication login
aaa authentication dot1x
aaa authentication ppp
aaa authentication sgbp
aaa authentication eou
aaa group server tacacs+
  server
  server-private
aaa group server radius
  server
tacacs-server key
tacacs-server timeout
tacacs-server host
radius-server timeout
radius-server key
radius-server retransmit
radius-server host
kerberos server
cdp run
interface
  ip address
  ip proxy-arp
  description
  shutdown
  ip access-group
  mop enable
  ip unreachables
  ip redirects
  ip mask-reply
  ip directed-broadcast
  ip information-reply
  cdp enable
  switchport mode
  switchport port-security
  switchport port-security violation
  switchport access vlan


Security Audit
==============

Reference        Title
---------------------------------------------------
IOS.PASSENCR.1   Service password-encryption
IOS.SNMPSHUT.1   SNMP System Shutdown Enabled
IOS.SNMPTFTP.1   SNMP TFTP Server List Not Configured
IOS.LINENACL.1   Line Without ACL Configured
IOS.LINETMOT.1   Weak Line Timeout Configured
IOS.LINENOPA.1   Login With No Password - (no logon)
IOS.LINETROT.1   Outbound Administrative Access Configured
IOS.LINEACLO.1   Outbound Lines Without ACL Configured
IOR.LINERLOG.1   RLogin Enabled - For IOS Routers
IOS.DNSCLOOK.1   Broadcast Domain Lookups Enabled


TODO stuff for lines...
Lines table to configuration report, to show timeouts and so on
IOS.LINETACA.1   TACACS
IOS.LINEAUTH.1   Line Authorisation Not Configured
IOS.LINEACCO.1   Line Accounting Not Configured
IOS.LINETIAL.1   All Transport Input Enabled
IOS.LINEAUXN.1   AUX Enabled With No Callback
IOS.LINEPRIV.1   Line Privilege Level Is 15
IOS.AUTHENPA.1   Enable Password