Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSA - Cmd Shell Directory Listing

Although the documentation relates data access control rules to web services receiving URI strings, I noticed that some non-web based events were triggered by one of my dac rules. So I thought perhaps the dac rules would work with all applications receiving various data.

I created a rule called "Cmd Shell Directory Listing" as follows -

Taking the following action: Monitor

Applications in any of the following selected classes: Command Shell [V4.5.1 r654]

But not in any of the following selected classes: <none>

Attempt to access these data sets: *Directory of *:\*

My thoughts are, if I open cmd.exe, and type in "dir c:", I will receive data that contains "Directory of C:\" and should trigger this rule.

I tested it and it didn't work. So now I'm going to try changing the data set to just *dir*. In the Help File it notes that if any other application other IIS, Apache, or iPlanet is used, then the rule is ignored. So perhaps I'm doing this in vain.

Does anyone else have any other idea how to detect the use of cmd directory listings?

1 REPLY
Silver

Re: CSA - Cmd Shell Directory Listing

1. Reboot the server (this resolves any port conflict issues);

2. Stop Norton Anti-Virus (running anti-virus software slows down the installation considerably. This often causes installation hickups.) Note that we advise to double the memory requirements if a virus scanner is needed.

3. Stop other 3rd party tools

4. Install RME as explained in the URL above;

5. Reboot the CSA

6. Check if the RME registration is now OK

243
Views
0
Helpful
1
Replies
CreatePlease login to create content