All scripts
isp
Intermediate
2–5 min
T-ISP-037 · AAA / TACACS+ Config Audit
Audit device AAA configuration for management-plane security: enforced TACACS+ authentication/authorization/accounting, command logging, fallback-local guardrails, and absence of shared local accounts.
Cisco IOS-XR
Cisco IOS/XE
Juniper Junos
You're viewing a preview
The full script, parameters, and execution console are available with a free account.
Already have access? Sign in →
Capabilities
- AAA method-list audit
- Command accounting check
- Local fallback guardrail
- Shared-account detection
- Session timeout policy
- Per-device scorecard
Required inputs
Parameters the script accepts. Defaults shown; some are vendor- or context-gated.
| Parameter | Type | Default | Notes |
|---|---|---|---|
Require command accounting require_accounting | bool | true | — |
Max allowed local users max_local_users | number | 2 | — |
Sample inventory schema
Authoritative shape of the device/policy data this script consumes.
No bundled inventory sample. The script accepts standard device lists (CSV/YAML) with hostname, mgmt IP, vendor, and credentials.
Expected output
Reference terminal output the script should produce — used as a stylistic and structural target.
terminal
2026-06-15 18:50:00 INFO Audited 20 devices for AAA compliance 2026-06-15 18:50:01 WARN agg-04: command accounting not configured 2026-06-15 18:50:01 WARN agg-07: 4 local users (max 2) 2026-06-15 18:50:01 INFO Report written to aaa-audit.json (avg score 86%)