24、等保2.0 思科交换机命令

少于1分钟

检查密码复杂度要求：show running-config | include password complexity

检查密码加密算法：show running-config | include password encryption

检查登录失败锁定策略：show running-config | include login block-for

查看登录失败计数器：show login failures

检查超时策略：show running-config | include exec-timeout

检查登录访问控制策略：show running-config | include access-class

检查管理员访问权限：show running-config | include privilege

检查用户角色和权限：show running-config | include username

安全审计：检查审计日志配置：show running-config | include logging audit-trail

检查日志中心配置：show logging

检查入侵防御配置：show running-config | include ips

检查登录地址限制策略：show running-config | include login block-for

检查日志备份配置：show running-config | include logging host

检查配置文件备份策略：show running-config | include archive

传输完整性和保密性：检查SSH配置：show running-config | include ssh

检查SSL/TLS配置：show running-config | include crypto

存储完整性和保密性：检查文件系统安全配置：show running-config | include file system

检查磁盘加密配置：show running-config | include disk encryption