EEM Lightweight AAA Server Sample

Document

Jun 18, 2012 2:29 PM
Jun 18th, 2012

Sample applet to deny certain users from running commands, and also store each command users have entered into a file.

This applet uses a denylist file to compare against who is running each command.  If the user and command is listed in the denylist file, the user

will not be able to run the command.  This applet also creates a cmdhistory file that logs all commands.  This applet currently registers against files in disk2:  Please modify disk location when using.   EEM 4.0 is required to run this applet.

Sample denylist file:

cisco show users

cisco configure terminal

Applet:

event manager applet testcli

event cli pattern .* sync yes

action 101 file open in disk2:denylist r

action 102 file open out disk2:cmdhistory a

action 103 file read in _jpres

action 104 set tester "$_cli_username"

action 105 append tester " $_cli_msg"

action 106 foreach value "$_jpres" "\n"

action 107  if $tester eq $value

action 108   puts "$_cli_username is not authorized to run $_cli_msg"

action 109   file puts out "REJECT: $_cli_username: $_cli_msg"

action 110   exit 0

action 111  end

action 112 end

action 113 file puts out "ACCEPT: $_cli_username: $_cli_msg"

action 114 exit 1

Here is a demo showing how this applet works.

Average Rating: 5 (1 ratings)

Actions

Login or Register to take actions

This Document

Posted June 18, 2012 at 2:29 PM
Stats:
Comments:0 Avg. Rating:5
Views:974 Contributors:0
Shares:0
Categories: Security, User Interface
+

Related Content

Documents Leaderboard