From 685491c7045fb789b9075e1f16cac7dbe8a5f925 Mon Sep 17 00:00:00 2001
From: mailsanjayhere <mailsanjayhere@gmail.com>
Date: Wed, 22 Oct 2025 18:53:30 +0530
Subject: [PATCH 1/3] ospf authentication rules updated

---
 ...entication_message_digest_for_ospf_area.py | 45 +++++++++++++++++
 ...tication_message_digest_for_ospf_area.ref} |  2 +-
 ...etnication_message_digest_for_ospf_area.py | 14 ------
 ...3322_set_ip_ospf_message_digest_key_md5.py | 49 ++++++++++++++-----
 4 files changed, 84 insertions(+), 26 deletions(-)
 create mode 100755 CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3321_set_authentication_message_digest_for_ospf_area.py
 rename CIS/cisco_ios/332_require_ospf_auth_if_used/{rule_3321_set_authetnication_message_digest_for_ospf_area.ref => rule_3321_set_authentication_message_digest_for_ospf_area.ref} (88%)
 delete mode 100755 CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3321_set_authetnication_message_digest_for_ospf_area.py

diff --git a/CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3321_set_authentication_message_digest_for_ospf_area.py b/CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3321_set_authentication_message_digest_for_ospf_area.py
new file mode 100755
index 00000000..6ce676d2
--- /dev/null
+++ b/CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3321_set_authentication_message_digest_for_ospf_area.py
@@ -0,0 +1,45 @@
+from comfy import medium
+import re
+
+
+@medium(
+    name='rule_3321_set_authentication_message_digest_for_ospf_area',
+    platform=['cisco_ios','cisco_xe'],
+)
+def rule_3321_set_authentication_message_digest_for_ospf_area(configuration, device):
+    config = str(configuration)
+    interfaces = re.split(r'\ninterface ', config)
+    failed_interfaces = []
+
+    for section in interfaces[1:]:  # skip any preamble before the first interface
+        lines = section.strip().splitlines()
+        if not lines:
+            continue
+
+        interface_name = lines[0].strip()
+
+        # exclude loopbacks
+        if interface_name.lstrip().lower().startswith('loopback'):
+            continue
+
+        # Check if this interface has OSPF enabled
+        has_ospf = any(re.search(r'\bip ospf\b', line) for line in lines)
+
+        if has_ospf:
+            # Check for authentication
+            has_auth = any(
+                re.search(r'\bip ospf authentication message-digest\b', line)
+                for line in lines
+            )
+            if not has_auth:
+                failed_interfaces.append(interface_name)
+    
+    combined_message = {
+        "message": (
+            "OSPF authentication (message-digest) missing on interfaces: "
+            + ", ".join(failed_interfaces)
+        ),
+        "ref": ref,
+    assert (
+        len(failed_interfaces) == 0
+    ), ref
\ No newline at end of file
diff --git a/CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3321_set_authetnication_message_digest_for_ospf_area.ref b/CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3321_set_authentication_message_digest_for_ospf_area.ref
similarity index 88%
rename from CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3321_set_authetnication_message_digest_for_ospf_area.ref
rename to CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3321_set_authentication_message_digest_for_ospf_area.ref
index 876356bd..e2978895 100755
--- a/CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3321_set_authetnication_message_digest_for_ospf_area.ref
+++ b/CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3321_set_authentication_message_digest_for_ospf_area.ref
@@ -1,4 +1,4 @@
-.rule_3321_set_authetnication_message_digest_for_ospf_area
+.rule_3321_set_authentication_message_digest_for_ospf_area
 
   References: 1. http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/command/ospf-i1.html#GUID-3D5781A3-F8DF-4760-A551-6A3AB80A42ED
               2. http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/command/ospf-a1.html#GUID-81D0F753-D8D5-494E-9A10-B15433CFD445
diff --git a/CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3321_set_authetnication_message_digest_for_ospf_area.py b/CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3321_set_authetnication_message_digest_for_ospf_area.py
deleted file mode 100755
index b7840e95..00000000
--- a/CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3321_set_authetnication_message_digest_for_ospf_area.py
+++ /dev/null
@@ -1,14 +0,0 @@
-from comfy import medium
-
-
-@medium(
-    name='rule_3321_set_authentication_message_digest_for_ospf_area',
-    platform=['cisco_ios'],
-    commands={'ospf_config': 'sh run | sec router ospf'}
-)
-def rule_3321_set_authentication_message_digest_for_ospf_area(commands, ref):
-    # Extracting the OSPF configuration section from the command output
-    ospf_config = commands.ospf_config
-
-    # Checking if 'authentication message-digest' is configured in the OSPF section
-    assert 'area' in ospf_config and 'authentication message-digest' in ospf_config, ref
diff --git a/CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3322_set_ip_ospf_message_digest_key_md5.py b/CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3322_set_ip_ospf_message_digest_key_md5.py
index 4d3eeb1d..00802ce3 100755
--- a/CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3322_set_ip_ospf_message_digest_key_md5.py
+++ b/CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3322_set_ip_ospf_message_digest_key_md5.py
@@ -1,19 +1,46 @@
-import pytest
 from comfy import medium
+import re
 
 
-@pytest.mark.skip("has to be reviewed")
 @medium(
     name='rule_3322_set_ip_ospf_message_digest_key_md5',
-    platform=['cisco_ios', 'cisco_xe'],
-    commands={'interface_config': 'sh run int {interface_name}'}
+    platform=['cisco_ios'],
 )
-def rule_3322_set_ip_ospf_message_digest_key_md5(commands, ref):
-    # Replace {interface_name} with the actual interface you want to test in the command dictionary or
-    # modify the rule to iterate through a list of interfaces if needed.
+def rule_3322_set_ip_ospf_message_digest_key_md5(configuration, device, ref):
+    config = str(configuration)
+    interfaces = re.split(r'\ninterface ', config)
+    failed_interfaces = []
 
-    # Extracting the OSPF MD5 key configuration from the command output
-    interface_config = commands.interface_config
+    for section in interfaces[1:]:  # skip any preamble before the first interface
+        lines = section.strip().splitlines()
+        if not lines:
+            continue
 
-    # Verifying the presence of the OSPF MD5 key in the interface configuration
-    assert 'ip ospf message-digest-key' in interface_config and 'md5' in interface_config, ref
+        interface_name = lines[0].strip()
+
+        # exclude loopbacks
+        if interface_name.lstrip().lower().startswith('loopback'):
+            continue
+
+        # Check if this interface has OSPF enabled
+        has_ospf = any(re.search(r'\bip ospf\b', line) for line in lines)
+
+        if has_ospf:
+            # Check for authentication
+            has_auth = any(
+                re.search(r'\bip ospf authentication message-digest key\b', line)
+                for line in lines
+            )
+            if not has_auth:
+                failed_interfaces.append(interface_name)
+    
+    combined_message = {
+        "message": (
+            "OSPF authentication (message-digest-key) missing on interfaces: "
+            + ", ".join(failed_interfaces)
+        ),
+        "ref": ref,
+    }
+    assert (
+        len(failed_interfaces) == 0
+    ), combined_message
\ No newline at end of file

From 9e93214a2aa68fbd81c0bc4e218d9af449fd5b95 Mon Sep 17 00:00:00 2001
From: mailsanjayhere <mailsanjayhere@gmail.com>
Date: Wed, 22 Oct 2025 23:37:51 +0530
Subject: [PATCH 2/3] ospf authentication rules updated

---
 ...le_3321_set_authentication_message_digest_for_ospf_area.py | 3 ++-
 .../rule_3322_set_ip_ospf_message_digest_key_md5.py           | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3321_set_authentication_message_digest_for_ospf_area.py b/CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3321_set_authentication_message_digest_for_ospf_area.py
index 6ce676d2..dbc964e7 100755
--- a/CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3321_set_authentication_message_digest_for_ospf_area.py
+++ b/CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3321_set_authentication_message_digest_for_ospf_area.py
@@ -40,6 +40,7 @@ def rule_3321_set_authentication_message_digest_for_ospf_area(configuration, dev
             + ", ".join(failed_interfaces)
         ),
         "ref": ref,
+    }
     assert (
         len(failed_interfaces) == 0
-    ), ref
\ No newline at end of file
+    ), ref
diff --git a/CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3322_set_ip_ospf_message_digest_key_md5.py b/CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3322_set_ip_ospf_message_digest_key_md5.py
index 00802ce3..31c5a83a 100755
--- a/CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3322_set_ip_ospf_message_digest_key_md5.py
+++ b/CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3322_set_ip_ospf_message_digest_key_md5.py
@@ -33,7 +33,7 @@ def rule_3322_set_ip_ospf_message_digest_key_md5(configuration, device, ref):
             )
             if not has_auth:
                 failed_interfaces.append(interface_name)
-    
+
     combined_message = {
         "message": (
             "OSPF authentication (message-digest-key) missing on interfaces: "
@@ -43,4 +43,4 @@ def rule_3322_set_ip_ospf_message_digest_key_md5(configuration, device, ref):
     }
     assert (
         len(failed_interfaces) == 0
-    ), combined_message
\ No newline at end of file
+    ), combined_message

From a57cdec3d9ac69c11f86fda004534aae07ab8cee Mon Sep 17 00:00:00 2001
From: mailsanjayhere <mailsanjayhere@gmail.com>
Date: Wed, 22 Oct 2025 23:42:20 +0530
Subject: [PATCH 3/3] ospf authentication rules updated

---
 ...321_set_authentication_message_digest_for_ospf_area.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3321_set_authentication_message_digest_for_ospf_area.py b/CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3321_set_authentication_message_digest_for_ospf_area.py
index dbc964e7..58a93bda 100755
--- a/CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3321_set_authentication_message_digest_for_ospf_area.py
+++ b/CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3321_set_authentication_message_digest_for_ospf_area.py
@@ -4,9 +4,9 @@
 
 @medium(
     name='rule_3321_set_authentication_message_digest_for_ospf_area',
-    platform=['cisco_ios','cisco_xe'],
+    platform=['cisco_ios', 'cisco_xe'],
 )
-def rule_3321_set_authentication_message_digest_for_ospf_area(configuration, device):
+def rule_3321_set_authentication_message_digest_for_ospf_area(configuration, device, ref):
     config = str(configuration)
     interfaces = re.split(r'\ninterface ', config)
     failed_interfaces = []
@@ -33,7 +33,7 @@ def rule_3321_set_authentication_message_digest_for_ospf_area(configuration, dev
             )
             if not has_auth:
                 failed_interfaces.append(interface_name)
-    
+
     combined_message = {
         "message": (
             "OSPF authentication (message-digest) missing on interfaces: "
@@ -43,4 +43,4 @@ def rule_3321_set_authentication_message_digest_for_ospf_area(configuration, dev
     }
     assert (
         len(failed_interfaces) == 0
-    ), ref
+    ), combined_message