12-11-2024 06:51 AM
Hi,
We have an simple tcl script as an event manager policy.
A new AAA design results in not enough privaleges for running this.
We can avoid this to create some new AAA authorizations lists, but I was wondering if i run this script as an system type, if it would bypass any user related 'rules'.
As far as I understand this should work in theory, so i would like to test this.
Also, as far as i understand i should place this tcl script file in the system policy directory.
And that's my major blocking factor at the moment, i'm unable to find this directory or path.
Is this known to anyone and, does anybody have some experience in this matter ?
Running IOS XR 7.4.2 on an ASR9000 series router.
12-11-2024 02:19 PM
I would say that what you intent to do is not possible, otherwise, this would be a huge security flaw. Every kind of script should be running from the specific directories they are meant to.
Script Type | Download Location |
---|---|
config |
harddisk:/mirror/script-mgmt/config |
exec |
harddisk:/mirror/script-mgmt/exec |
process |
harddisk:/mirror/script-mgmt/process |
eem |
harddisk:/mirror/script-mgmt/eem |
12-12-2024 01:43 AM
Thank you for the reply.
Allready tried to copy-paste the script into this directory, but since it was labeld 'mirror' I figured that it would not work as intended.
But, in response of your comments: running the script as a system type is only intended for, example, cisco support?
I'm used to that those types of parameters almost always appended with < (Cisco Support).
cmd:
event manager policy xxxx.tcl username xxxx type user|system
is there another way, the right way, to do is ?
12-12-2024 02:02 AM
12-12-2024 03:41 AM
Thx again, I will look into this at a later point, nice to know this is posible.
unfortunatly little experience in python, so I have to pass (for now!).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide