Instruction manual
Chapter 2 Installation, Configuration and Management
2-68 NetScaler 9000 Series Installation and Configuration Guide - Volume 1
NSICG60_DEC04
The next set of examples puts these sample command specifications in to use
in full command policies.
> add system cmdPolicy deny_all_rm DENY “^rm.*”
= Prevents all removal actions
> add system cmdPolicy deny_all_sh DENY “^shell”
= Prevents access to the shell.
> add system cmdPolicy allow_shows ALLOW “^show.*”
= Allows show actions
> add system cmdPolicy allow_vserver ALLOW
“^add\s+vserver.*”
= Policy to allow creation of vservers.
> add system cmdPolicy deny_system_cmnd DENY “*.system.*”
= Prevents modification of system command group level
settings (including command policies)
> add system cmdPolicy default_deny_override ALLOW “^.*”
= Policy to override the system default DENY command
policy and allow full command access.
Note: Regular expression support is offered for those users with the
resources to maintain more customized expressions and those
deployments that require the flexibility regular expressions offer. For
most users it is recommended to use the built-in command policies
discussed in the following section and to adhere to simple expressions
as used in these examples to maintain policy readability.
2.6.4.7 Using the Built-in Command Policies
There are four default command policies available on the system to get started
with. These four policies are enumerated in the table below along with each