All scripts
isp
Intermediate
2–5 min

T-ISP-037 · AAA / TACACS+ Config Audit

Audit device AAA configuration for management-plane security: enforced TACACS+ authentication/authorization/accounting, command logging, fallback-local guardrails, and absence of shared local accounts.

Cisco IOS-XR
Cisco IOS/XE
Juniper Junos
Open in GeneratorOpen in Platform
You're viewing a preview

The full script, parameters, and execution console are available with a free account.

Already have access? Sign in →

Capabilities

  • AAA method-list audit
  • Command accounting check
  • Local fallback guardrail
  • Shared-account detection
  • Session timeout policy
  • Per-device scorecard

Required inputs

Parameters the script accepts. Defaults shown; some are vendor- or context-gated.

ParameterTypeDefaultNotes
Require command accounting
require_accounting
booltrue
Max allowed local users
max_local_users
number2

Hint 1Name your vendors and OS versions

Mention the exact platforms you run (Cisco IOS-XR, Cisco IOS/XE, Juniper Junos) so the generated isp & peering logic uses the right CLI/NETCONF syntax.

Hint 2State your real thresholds

Provide concrete values for Require command accounting, Max allowed local users instead of the defaults — they shape what counts as a fault.

Hint 3Prioritize the checks you need

This tool can aAA method-list audit and command accounting check. Ask for the subset relevant to your incident to keep output focused.

Hint 4Describe your inventory format

Tell the assistant whether your device list is CSV, YAML, or JSON and which columns it has, so parsing matches your data.

Sample inventory schema

Authoritative shape of the device/policy data this script consumes.

No bundled inventory sample. The script accepts standard device lists (CSV/YAML) with hostname, mgmt IP, vendor, and credentials.

Expected output

Reference terminal output the script should produce — used as a stylistic and structural target.

terminal
2026-06-15 18:50:00 INFO  Audited 20 devices for AAA compliance
2026-06-15 18:50:01 WARN  agg-04: command accounting not configured
2026-06-15 18:50:01 WARN  agg-07: 4 local users (max 2)
2026-06-15 18:50:01 INFO  Report written to aaa-audit.json (avg score 86%)