cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
1227
Views
0
Helpful
0
Replies

Cisco Prime Infra compliance - finding unwanted commands

Sergey Prishchepa
Spotlight

Hello!

I want to create a policy for search unwanted, undesirable commands. Example, I have an ACL:

 ip access-list standard ACL_TEST
    10 deny   any

 

If anyone adds here a some command, example, like this

 ip access-list standard ACL_TEST
    5 permit 1.1.1.1
    10 deny   any

 

 I want to know about it.

I create a policy with two conditions:

1.

Condition Scope - Configuration

Block Options - Parse as Blocks, Block Start Expression 'ip access-list standard ACL_TEST'

Condition Match Criteria - Contains the string 'ip access-list standard ACL_TEST'

Select Match Action - Continue

Select Does not Match Action - Raise a Violation

2.

Condition Scope - Previously Matched Blocks

Condition Match Criteria - Does not match the expression (^ip access-list standard ACL_NTP_Serve-only|^\s*?deny +?any)

Select Match Action - Raise a Violation

Select Does not Match Action - Continue

 

But if ACL_TEST contains 'permit 1.1.1.1' the Compliance Audit Job Completed with Success.

What am I doing wrong?

0 Replies 0