Chapter 1 Authentication and Authorization

To create a command policy by using the NetScaler command line

At the NetScaler command prompt, type the following commands to create a command policy and verify the configuration:

wadd system cmdPolicy <policyname> <action> <cmdspec>

wsh system cmdPolicy

Example

>add system cmdPolicy read_all ALLOW (^show\s+(! system)(!ns ns.conf)(!ns runningConfig).*) (^stat.*)

Done

>sh system cmdPolicy

1)Command policy: operator

2)Command policy: read-only

3)Command policy: network

4)Command policy: superuser

5)Command policy: allow_portaladmin

6)Command policy: read_all

Done

To modify or remove a command policy by using the NetScaler command line

wTo modify a command policy, type the set system cmdPolicy <PolicyName> command and the parameters to be changed, with their new values.

wTo remove a command policy, type rm system cmdPolicy <PolicyName>.

Note: The built-in command policies cannot be removed.

Parameters for configuring a command policy

policyname

A name for the command policy you are creating. The name can begin with a letter, number, or the underscore symbol, and can consist of from one to 31 letters, numbers, and the hyphen (-), period (.), pound (#), space ( ), at sign (@), equals (=), colon (:), and underscore (_) symbols. (Cannot be changed for existing policies.)

action

The action the policy applies when the command specification pattern matches. Possible values: ALLOW, DENY

cmdspec

Rule (expression) that the policy uses for pattern matching.

30

Page 30
Image 30
Citrix Systems CITRIX NETSCALER 9.3 Parameters for configuring a command policy, Sh system cmdPolicy Example, Policyname