I'm trying to come up with a reliable way to check compliance for VTY lines on Cisco switches. I have something that almost works, but it isn't quite there yet and I think I'm probably missing some basic regex thing that I should know...
So, here's what I have right now: line vty 0 \d(.*\n)* transport input ssh
And here's (pieces of) the block of config I want to run it against:
line vty 0 4
session-timeout 10
exec-timeout 10 1
login local
transport input ssh
line vty 5 15
session-timeout 10
exec-timeout 10 1
login local
transport input ssh
My issue is that it matches the entire block, from the top VTY to the bottom transport input ssh. I've tried a variety of attempts at making it "lazy" with '?' so it would hopefully stop at the first instance, but I just can't seem to get it right. It either totally breaks the regex, or it continues to find the second transport line. I would do the check with two separate rules this way. That way I know which block is broken when it fails.
It wouldn't be an issue, but this means I'm not actually verifying that the first 5 VTY lines are actually set to what I want. And that makes me sad .
I do have a current workaround, which I think will be 100% effective, BUT I still want to be able to check the VTY groups individually.
Workaround: line vty 0 \d(.*\n)* transport input ssh(.*\n)*line vty 5 \d\d(.*\n)* transport input ssh
Just so I'm clear, I've hit up The Google and such, but I'm a regex n00b. No idea if it's an easy fix or peculiarly hard...
Thanks!