Skip to content
This repository has been archived by the owner on Dec 3, 2021. It is now read-only.

Added stage3 for lesson-32-stigcompliance #238

Merged
merged 2 commits into from
Jul 8, 2019
Merged

Added stage3 for lesson-32-stigcompliance #238

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c9e7a23
add stage3, fix lesson diagram
Jun 28, 2019
41f8429
fixed some formatting issues
Jun 28, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions lessons/workflows/lesson-32-stigcompliance/lesson.meta.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,14 @@ tier: prod
prereqs:
- 13 # NAPALM
- 12 # JSNAPy
- 24 # PyEZ
description: Security Technical Implementation Guides (STIGs) are the configuration standards for United States Department of Defense (DoD) infrastructure. Any network engineer that has experience in running any part of these systems has had to spent countless hours going over infrastructure elements and ensuring they're compliant with these standards. In this lesson, we'll explore two appraoches for automating STIG compliance checks, and saving countless hours of manual data-gathering.
slug: STIG
tags:
- jsnapy
- napalm
- stig
- pyez

endpoints:
- name: linux1
Expand All @@ -29,9 +31,12 @@ endpoints:
- name: cli
port: 22
type: ssh
additionalPorts: [830]

stages:
- id: 1
description: STIG Compliance Validation with NAPALM
- id: 2
description: STIG Compliance Validation with JSNAPy
- id: 3
description: STIG Compliance Validation with custom scripts
Binary file modified lessons/workflows/lesson-32-stigcompliance/lessondiagram.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
172 changes: 172 additions & 0 deletions lessons/workflows/lesson-32-stigcompliance/stage3/configs/vqfx1.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,172 @@
<configuration operation="replace">
<version>15.1X53-D60.4</version>
<system>
<host-name>vqfx1</host-name>
<root-authentication>
<encrypted-password>$1$mlo32jo6$BOMVhmtORai2Kr24wRCCv1</encrypted-password>
<ssh-rsa>
<name>ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key</name>
</ssh-rsa>
</root-authentication>
<login>
<user>
<name>antidote</name>
<class>super-user</class>
<authentication>
<encrypted-password>$1$iH4TNedH$3RKJbtDRO.N4Ua8B6LL/v/</encrypted-password>
</authentication>
</user>
<password>
<change-type>set-transitions</change-type>
<minimum-changes>0</minimum-changes>
</password>
</login>
<services>
<ssh>
<root-login>allow</root-login>
</ssh>
<netconf>
<ssh>
</ssh>
<rfc-compliant/>
</netconf>
<rest>
<http>
<port>8080</port>
</http>
<enable-explorer/>
</rest>
</services>
<syslog>
<user>
<name>*</name>
<contents>
<name>any</name>
<emergency/>
</contents>
</user>
<file>
<name>messages</name>
<contents>
<name>any</name>
<notice/>
</contents>
<contents>
<name>authorization</name>
<info/>
</contents>
</file>
<file>
<name>interactive-commands</name>
<contents>
<name>interactive-commands</name>
<any/>
</contents>
</file>
</syslog>
<extensions>
<providers>
<name>juniper</name>
<license-type>
<name>juniper</name>
<deployment-scope>commercial</deployment-scope>
</license-type>
</providers>
<providers>
<name>chef</name>
<license-type>
<name>juniper</name>
<deployment-scope>commercial</deployment-scope>
</license-type>
</providers>
</extensions>
</system>
<interfaces operation="merge">
<interface>
<name>em0</name>
<unit>
<name>0</name>
<family>
<inet>
<address>
<name>{{ mgmt_addr }}</name>
</address>
</inet>
</family>
</unit>
</interface>
<interface>
<name>em3</name>
<unit>
<name>0</name>
<family>
<inet>
<address>
<name>10.12.0.11/24</name>
</address>
</inet>
</family>
</unit>
</interface>
<interface>
<name>em4</name>
<unit>
<name>0</name>
<family>
<inet>
<address>
<name>10.31.0.11/24</name>
</address>
</inet>
</family>
</unit>
</interface>
</interfaces>
<snmp>
<location>123 Datacenter Way</location>
<contact>[email protected]</contact>
<community>
<name>antidote</name>
<authorization>read-write</authorization>
</community>
</snmp>
<forwarding-options>
<storm-control-profiles>
<name>default</name>
<all>
</all>
</storm-control-profiles>
</forwarding-options>
<routing-options>
<autonomous-system>
<as-number>64001</as-number>
</autonomous-system>
</routing-options>
<protocols>
<bgp operation="replace">
<group>
<name>PEERS</name>
<type>external</type>
<neighbor>
<name>10.31.0.13</name>
<peer-as>64003</peer-as>
</neighbor>
<neighbor>
<name>10.12.0.12</name>
<peer-as>64002</peer-as>
</neighbor>
</group>
</bgp>
<igmp-snooping>
<vlan>
<name>default</name>
</vlan>
</igmp-snooping>
</protocols>
<vlans>
<vlan>
<name>default</name>
<vlan-id>1</vlan-id>
</vlan>
</vlans>
</configuration>
Loading