cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
92
Views
0
Helpful
4
Replies

EEM system policy directory

Kleedje
Level 1
Level 1

Hi,

We have an simple tcl script as an event manager policy.
A new AAA design results in not enough privaleges for running this.
We can avoid this to create some new AAA authorizations lists, but I was wondering if i run this script as an system type, if it would bypass any user related 'rules'. 

As far as I understand this should work in theory, so i would like to test this.
Also, as far as i understand i should place this tcl script file in the system policy directory.

And that's my major blocking factor at the moment, i'm unable to find this directory or path.
Is this known to anyone and, does anybody have some experience in this matter ?

Running IOS XR 7.4.2 on an ASR9000 series router. 

4 Replies 4

@Kleedje 

 I would say that what you intent to do is not possible, otherwise, this would be a huge security flaw. Every kind of script should be running from the specific directories they are meant to.

 

Script Type Download Location

config

harddisk:/mirror/script-mgmt/config

exec

harddisk:/mirror/script-mgmt/exec

process

harddisk:/mirror/script-mgmt/process

eem

harddisk:/mirror/script-mgmt/eem

Kleedje
Level 1
Level 1

Thank you for the reply.
Allready tried to copy-paste the script into this directory, but since it was labeld 'mirror' I figured that it would not work as intended.

But, in response of your comments: running the script as a system type is only intended for, example, cisco support?
I'm used to that those types of parameters almost always appended with < (Cisco Support). 

cmd:
event manager policy xxxx.tcl username xxxx type user|system

is there another way, the right way, to do is ?

Thx again, I will look into this at a later point, nice to know this is posible.
unfortunatly little experience in python, so I have to pass (for now!).

Review Cisco Networking for a $25 gift card