Information
The running configuration must be synchronized with the startup configuration after changes have been made and implemented.
If the running and startup router configurations are not synchronized properly and a router malfunctions, it will not restart with all of the recent changes incorporated. If the recent changes were security related, then the routers would be vulnerable to attack.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Review the running and boot configurations to determine if they are synchronized.
IOS Procedure: With online editing, the 'show running-config' command will only show the current running configuration settings, which are different from the IOS defaults. The 'show startup-config' command will show the NVRAM startup configuration. Compare the two configurations to ensure they are synchronized.
JUNOS Procedure: This will never be a finding. The active configuration is stored on flash as juniper.conf. A candidate configuration allows configuration changes while in configuration mode without initiating operational changes. The router implements the candidate configuration when it is committed; thereby, making it the new active configuration--at which time it will be stored on flash as juniper.conf and the old juniper.conf will become juniper.conf.1.
If running configuration and boot configurations are not the same, this is a finding.
Solution
Add procedures to the standard operating procedure to keep the running configuration synchronized with the startup configuration.