Hi
We need to create a rule in NCM that should check if some extra username exists in device except for the allowed one. Pls suggest.
Regards
Rajiv Bahl
Are we assuming that the device config includes valid user information? If so, refer to the Orion NCM Administrator Guide for the existing rule, policy, and report functionality; "Managing Policy Reports".
In the upcoming release you will be able to auto-remediate parts of a config that triggers a rule alert.
Doug
Hi,
Am looking for a regular expression which should flag a violation in Policy Reporter if some username except for tac or netview is traced in device config.
For instance if anything but not tac or netview is traced in the lines given below is traced, then a violation should be flagged
username tac secret 5 .*
username netview privilege 2 secret 5 .*
When is the upcoming release expected, which would auto-remediate the things.
Meenakshi Garg
Did you ever get a response (or a solution to this)? This seems like a common requirement -- to validate the list of authorized usernames that are configured on Cisco routers/switches ... ensure the ones that should be there are and the ones that shouldn't area not. Thanks.
interesting. I was just looking for something like this. I guess I will see if I can use the Policy reporting tool to search for it, but I dont know if I can get what would be useful.
I know we can search for the string "username", but I dont know how to tell the report to "show me" the config snipit.
For example, if I just search for Username in the config, I would want to see this:
Switch ABCDEF -
Found Username -
username backdoor password <something encrypted>
not just a Found/not found.
You should be able to do this with a regex like ^username\s(cisco|username2)\s and look for lines that match (meaning they aren't contained within the regex OR segment). The trailing space assumes there will be further commands in the line (priviledge, secret, etc.) which also helps prevent a false postitive match of a username beginning with the allowed (e.g cisco1 would match as acceptable if the trailing \s wasn't used). I did not test this, just my $0.02.
This looks like it is true for NOT ( "username cisco") AND NOT ("username username2")
What I am looking for would be something that would flag as any exception any lines that the following sed expression would output:
(assuming the desired username is "cisco" and no others are allowed)
sed -n "/username/ ! d; /username cisco/ d; p"
(this says if the line doesn't contain "username" then drop it; else if the line contains "username cisco" then drop it; else print the line)
If the configuration policy checker could use sed-like processing and set a flag (instead of printing the line) it would be very powerful !
Regex string below works for me, you can try it.
^username\b((?!usernametobeexcluded).)*$
been quite some time since I looked at this thread - could you share your script?
