lucashalbert/Hardened Vanilla Cisco Configuration

## Hardened Vanilla Cisco Configuration
en
conf t
crypto key zeroize
no ip finger
no service tcp-small-servers
no service udp-small-servers
no service config
no ip source-route
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
username manager privilege 15 secret {remote manager password}
username support privilege 15 secret {support password}
ip tacacs source-interface vlan{xxxx}
ip tftp source-interface vlan{site_vlan}
archive
log config
logging enable
logging size 200
hidekeys
exit
path flash:archived-configs
maximum 5
write-memory
time-period 10080
exit
logging on
logging host {log host}
logging source-interface vlan{xx}
logging console critical
logging trap errors
hostname {hostname}
ip domain-name {client domain name}
crypto key generate rsa general-keys modulus 2048
no ip http server
no ip http secure-server
enable secret {remote manager password}
ip ssh time-out 60
ip ssh authentication-retries 2
password encryption aes
login block-for 15 attempts 5 within 5
login on-failure log
errdisable recovery cause bpduguard
int range g1/0/1 - 48
switch access vlan {site_vlan}
switchport host
spanning-tree bpduguard enable
no shut
int vlan{site_vlan}
no shut
desc Connection to LAN - Site {hostname}
ip address {site_lan_ip} {mask}
exit
int vlan1
shut
exit
ntp server {ntp server ip} prefer source {vlan id} version 3
ntp server {ntp server ip} source {vlan id} version 3
clock timezone EST -5
clock summer-time EDT recurring 2 Sunday March 2:00 1 Sunday November 2:00
snmp-server community {RO Community} RO 10
snmp-server contact {Contact Info}
snmp-server host {trap server if used}
snmp-server location {site_location}
access-list 10 remark Access list for SNMP Connections
access-list 10 permit {network} {wildcard mask}
ip default-gateway {site_default_gateway}
line con 0
exec-timeout 5
session-timeout 10
logging synchronous
line vty 0 15
exec-timeout 5
session-timeout 10
transport input ssh
logging synchronous
exit
configuration mode exclusive auto
vtp mode trans
aaa new-model

aaa authentication attempts login 5
aaa authentication login default local
aaa authentication login console none
aaa authorization exec default local

banner exec ^
*****************************************************************************
*                                Corporation                                *
* WARNING:                                                                  *
*           FOR AUTHORIZED USE ONLY.  This system and all data              *
*           are the property of Corporation. Unauthorized                   *
*           use or attempted unauthorized use of this system                *
*           by persons not issued a user account is not permitted and       *
*           may constitute a state or federal offense.  Use of this         *
*           system is only permitted under the authority of Corporation     *
*           and subject to the polices, procedures and acceptable use as    *
*           defined by Corporation.                                         *
*           Any use of this computer system constitutes express consent     *
*           for authorized personnel to monitor, intercept, record,         *
*           read, copy access and capture such information for use or       *
*           disclosure without additional prior notice.  Users have         *
*           no legitimate expectation of privacy during any use of this     *
*           system or in any data on this system. Your access may be        *
*           logged at any time.                                             *
*                                                                           *
*           By logging into this system, you are agreeing that you have     *
*           read and accepted the above terms and conditions.               *
*                                                                           *
*****************************************************************************^
banner login ^
***************************************************************
*   ACCESS IS RESTRICTED TO AUTHORIZED USERS ONLY!            *
*   UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL,  *
*   CIVIL AND CRIMINAL LAWS.                                  *
***************************************************************^
exit
wr mem
	en
	conf t
	crypto key zeroize
	no ip finger
	no service tcp-small-servers
	no service udp-small-servers
	no service config
	no ip source-route
	no service pad
	service tcp-keepalives-in
	service tcp-keepalives-out
	service timestamps debug datetime msec localtime show-timezone
	service timestamps log datetime msec localtime show-timezone
	service password-encryption
	service sequence-numbers
	username manager privilege 15 secret {remote manager password}
	username support privilege 15 secret {support password}
	ip tacacs source-interface vlan{xxxx}
	ip tftp source-interface vlan{site_vlan}
	archive
	log config
	logging enable
	logging size 200
	hidekeys
	exit
	path flash:archived-configs
	maximum 5
	write-memory
	time-period 10080
	exit
	logging on
	logging host {log host}
	logging source-interface vlan{xx}
	logging console critical
	logging trap errors
	hostname {hostname}
	ip domain-name {client domain name}
	crypto key generate rsa general-keys modulus 2048
	no ip http server
	no ip http secure-server
	enable secret {remote manager password}
	ip ssh time-out 60
	ip ssh authentication-retries 2
	password encryption aes
	login block-for 15 attempts 5 within 5
	login on-failure log
	errdisable recovery cause bpduguard
	int range g1/0/1 - 48
	switch access vlan {site_vlan}
	switchport host
	spanning-tree bpduguard enable
	no shut
	int vlan{site_vlan}
	no shut
	desc Connection to LAN - Site {hostname}
	ip address {site_lan_ip} {mask}
	exit
	int vlan1
	shut
	exit
	ntp server {ntp server ip} prefer source {vlan id} version 3
	ntp server {ntp server ip} source {vlan id} version 3
	clock timezone EST -5
	clock summer-time EDT recurring 2 Sunday March 2:00 1 Sunday November 2:00
	snmp-server community {RO Community} RO 10
	snmp-server contact {Contact Info}
	snmp-server host {trap server if used}
	snmp-server location {site_location}
	access-list 10 remark Access list for SNMP Connections
	access-list 10 permit {network} {wildcard mask}
	ip default-gateway {site_default_gateway}
	line con 0
	exec-timeout 5
	session-timeout 10
	logging synchronous
	line vty 0 15
	exec-timeout 5
	session-timeout 10
	transport input ssh
	logging synchronous
	exit
	configuration mode exclusive auto
	vtp mode trans
	aaa new-model

	aaa authentication attempts login 5
	aaa authentication login default local
	aaa authentication login console none
	aaa authorization exec default local

	banner exec ^
	*****************************************************************************
	* Corporation *
	* WARNING: *
	* FOR AUTHORIZED USE ONLY. This system and all data *
	* are the property of Corporation. Unauthorized *
	* use or attempted unauthorized use of this system *
	* by persons not issued a user account is not permitted and *
	* may constitute a state or federal offense. Use of this *
	* system is only permitted under the authority of Corporation *
	* and subject to the polices, procedures and acceptable use as *
	* defined by Corporation. *
	* Any use of this computer system constitutes express consent *
	* for authorized personnel to monitor, intercept, record, *
	* read, copy access and capture such information for use or *
	* disclosure without additional prior notice. Users have *
	* no legitimate expectation of privacy during any use of this *
	* system or in any data on this system. Your access may be *
	* logged at any time. *
	* *
	* By logging into this system, you are agreeing that you have *
	* read and accepted the above terms and conditions. *
	* *
	*****************************************************************************^
	banner login ^
	***************************************************************
	* ACCESS IS RESTRICTED TO AUTHORIZED USERS ONLY! *
	* UNAUTHORIZED ACCESS IS A VIOLATION OF STATE AND FEDERAL, *
	* CIVIL AND CRIMINAL LAWS. *
	***************************************************************^
	exit
	wr mem