Cisco Prime Infra compliance - finding unwanted commands
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-05-2019 10:12 PM - edited 01-15-2019 05:46 AM
Hello!
I want to create a policy for search unwanted, undesirable commands. Example, I have an ACL:
ip access-list standard ACL_TEST 10 deny any
If anyone adds here a some command, example, like this
ip access-list standard ACL_TEST 5 permit 1.1.1.1 10 deny any
I want to know about it.
I create a policy with two conditions:
1.
Condition Scope - Configuration
Block Options - Parse as Blocks, Block Start Expression 'ip access-list standard ACL_TEST'
Condition Match Criteria - Contains the string 'ip access-list standard ACL_TEST'
Select Match Action - Continue
Select Does not Match Action - Raise a Violation
2.
Condition Scope - Previously Matched Blocks
Condition Match Criteria - Does not match the expression (^ip access-list standard ACL_NTP_Serve-only|^\s*?deny +?any)
Select Match Action - Raise a Violation
Select Does not Match Action - Continue
But if ACL_TEST contains 'permit 1.1.1.1' the Compliance Audit Job Completed with Success.
What am I doing wrong?
- Labels:
-
Network Management
