Debug mode enabled-cisco-ios
Vendor: cisco
OS: ios
Description:
Indeni will alert if one of the debug mechanisms on a device is enabled when the default is for it to be disabled.
Remediation Steps:
Turn off the debug as soon as possible.
How does this work?
This script logs into the Cisco IOS switch using SSH and retrieves the status of running debugs using the ‘show debugging’ CLI command. In normal operation there should not be any debugs enabled.
Why is this important?
Enabling debugging on a Cisco IOS device enables the system administrator to get low level information about the system’s operation. This functionality is often used for troubleshooting and it has a potential high impact on CPU utilization and system stability. It is highly undesirable to keep debugging enabled for extended periods of time.
Without Indeni how would you find this?
Enabled debug can be detected by logging to the device or by monitoring syslog message in case debug level logging has been enabled.
ios-show-debug
name: ios-show-debug
description: IOS show debug
type: monitoring
monitoring_interval: 5 minute
requires:
vendor: cisco
os.name: ios
comments:
debug-status:
why: |
Enabling debugging on a Cisco IOS device enables the system administrator to get low level information about the system's operation. This functionality is often used for troubleshooting and it has a potential high impact on CPU utilization and system stability. It is highly undesirable to keep debugging enabled for extended periods of time.
how: |
This script logs into the Cisco IOS switch using SSH and retrieves the status of running debugs using the 'show debugging' CLI command. In normal operation there should not be any debugs enabled.
can-with-snmp: false
can-with-syslog: true
steps:
- run:
type: SSH
command: show debug
parse:
type: AWK
file: show_debug.parser.1.awk
cross_vendor_debug_on_vsx
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/cross_vendor_debug_on_vsx.scala