Sample applet to deny certain users from running commands, and also store each command users have entered into a file.
This applet uses a denylist file to compare against who is running each command. If the user and command is listed in the denylist file, the user
will not be able to run the command. This applet also creates a cmdhistory file that logs all commands. This applet currently registers against files in disk2: Please modify disk location when using. EEM 4.0 is required to run this applet.
Sample denylist file:
cisco show users
cisco configure terminal
event manager applet testcli
event cli pattern .* sync yes
action 101 file open in disk2:denylist r
action 102 file open out disk2:cmdhistory a
action 103 file read in _jpres
action 104 set tester "$_cli_username"
action 105 append tester " $_cli_msg"
action 106 foreach value "$_jpres" "\n"
action 107 if $tester eq $value
action 108 puts "$_cli_username is not authorized to run $_cli_msg"
action 109 file puts out "REJECT: $_cli_username: $_cli_msg"
action 110 exit 0
action 111 end
action 112 end
action 113 file puts out "ACCEPT: $_cli_username: $_cli_msg"
action 114 exit 1
Here is a demo showing how this applet works.