To create a command policy by using the NetScaler
command line
At the NetScaler command prompt, type the following commands to create a command
policy and verify the configuration:
w add system cmdPolicy <policyname> <action> <cmdspec>
w sh system cmdPolicy
Example
> add system cmdPolicy read_all ALLOW (^show\s+(!
system)(!ns ns.conf)(!ns runningConfig).*)|
(^stat.*)
Done
> sh system cmdPolicy
1) Command policy: operator
2) Command policy: read-only
3) Command policy: network
4) Command policy: superuser
5) Command policy: allow_portaladmin
6) Command policy: read_all
Done
To modify or remove a command policy by using the
NetScaler command line
w To modify a command policy, type the set system cmdPolicy <PolicyName>
command and the parameters to be changed, with their new values.
w To remove a command policy, type rm system cmdPolicy <PolicyName>.
Note: The built-in command policies cannot be removed.
Parameters for configuring a command policy
policyname
A name for the command policy you are creating. The name can begin with a letter,
number, or the underscore symbol, and can consist of from one to 31 letters,
numbers, and the hyphen (-), period (.), pound (#), space ( ), at sign (@), equals (=),
colon (:), and underscore (_) symbols. (Cannot be changed for existing policies.)
action
The action the policy applies when the command specification pattern matches.
Possible values: ALLOW, DENY
cmdspec
Rule (expression) that the policy uses for pattern matching.
Chapter 1 Authentication and Authorization
30
