Rules

Rules are used to evaluate the detected registry value and determine the status of the registry value data element. All rules conform to simple rule grammar, and are composed of the following:

￿A rule operator

￿A rule value

￿A rule result

A rule that logically evaluates to true is called a matching rule. A rule that evaluates to false, or cannot be evaluated, is called a failing rule. The rules

listed in the VALUE_DATA_RULES parameter are evaluated sequentially from the top down until a matching rule is found, or the last rule is reached. If a matching rule is found, the status of the value data check is set to the rule’s result and no more rules are evaluated. If all the rules are evaluated without finding a matching rule, then the status of the check is set to the contents of the DEFAULT_RULE parameter. If the DEFAULT_RULE parameter does not have a value, then the check is set to PASS.

Rule operators

Rules can be evaluated in either a numeric or a string context. The valid operators are listed in Table 6-6,with their meanings in both numeric and string contexts.

Table 6-6 Valid rule operators

Operator

String context

Numeric context

 

 

 

eq

Equal

N/D

 

 

 

ne

Not equal

N/D

 

 

 

=

N/D

Equal

 

 

 

!=

N/D

Not equal

 

 

 

<

N/D

Less then

 

 

 

<=

N/D

Less then or equal

 

 

 

>

N/D

Greater then

 

 

 

>=

N/D

Greater then or equal

 

 

 

<>

Not set

Not set

 

 

 

*

Is set

Is set

 

 

 

174Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

Page 191 Page 193
Page 192
Image 192
IBM Tivoli and Cisco manual Rules, Rule operators
Page 191 Page 193
Top Page Image Contents