NCM Policy Report Rule for Unauthorized User Account

harold.denava

One of my clients would like to detect any unauthorized user account on device configs such that only USER A & USER B must reside on the config. I'm having a hard time checking every rule to possibly get a similar expression. Can anyone help me? Thanks in advance.

christopher.a.thornton

This should work for what you are needed. You can modify it to fit your needs such as changing the username, privilege level, and password encryption type as needed. Let me know if you have any issues.

Entries you can copy and paste

^username USERA privilege 15 secret 5 [$/A-Za-z0-9\.]{20,30}[\r\n]*$

^username USERB privilege 15 secret 5 [$/A-Za-z0-9\.]{20,30}[\r\n]*$

^username (?!(USERA|USERB)).*[\r\n]*$