Add golden_configurations tool for golden config tree management #63
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Tested from Claude against Itential Platform_6
Perfect! I've successfully created a comprehensive basic golden configuration tree for Cisco IOS devices on the Itential Platform. Here's a summary of what was created:
Golden Configuration Tree Structure
Root Configuration: Cisco-IOS-Basic-Golden-Config
Device Type: cisco-ios
Configuration ID: 685f03ac786de064a8168c2e
Main Configuration Categories:
Hostname Check: Template for setting device hostname with variable support
Banner Check: Login banner with unauthorized access warning
NTP Configuration: Network time protocol setup with multiple servers and timezone
Password Policy: Service password encryption, minimum length requirements, enable secret, and admin user
SSH Configuration: SSH version 2, timeout settings, authentication retries, and VTY line security
ACL Check: Management access control list with VTY line restrictions
Interface Description: Template for ensuring all interfaces have proper descriptions
Unused Ports: Template for shutting down and labeling unused interfaces
Default Route: Template for configuring default gateway
Key Features:
Template Variables: Each template supports Jinja2 templating with default values, allowing for:
Customizable hostnames, IP addresses, and network ranges
Flexible NTP server configuration
Variable management networks for ACLs
Dynamic interface handling
Security Best Practices: The configuration includes:
Password encryption and complexity requirements
SSH-only access with proper timeout settings
Management access restrictions via ACLs
Proper login banners for compliance
Operational Standards: Ensures:
All interfaces are documented with descriptions
Unused ports are properly secured
Network time synchronization is configured
Default routing is properly established
This golden configuration tree provides a solid foundation for Cisco IOS device compliance checking and can be easily extended with additional configuration requirements as needed. You can now assign devices or device groups to these configuration nodes and set up remediation workflows for non-compliant configurations.
