< Home

display rule

Function

The display rule command displays the list of the added rules of the host check policy and detailed information about the specified rules.

Format

display rule [ rule-name ]

Parameters

Parameter Description Value
rule-name Specifies the name of the rule. The value is a string of 1 to 63 case-sensitive characters.

Views

Eps-policy view

Default Level

2: Configuration level

Usage Guidelines

None

Example

# Display the list of the added rules for the host check policy policy1.

<sysname> system-view
[sysname] v-gateway abc
[sysname-abc] hostchecker
[sysname-abc-hostchecker] eps-policy policy1
[sysname-abc-hostchecker-policy1] display rule

                                                                                
                                  EPS Rule List                                 
                                  ---------------                               
                                                                                
  RuleName                                                          RuleType   
  ------------------------------------------------------------------------------
  rule4                                                             antivirus   
  rule2                                                             file        
  rule7                                                             firewall    
  rule1                                                             OS version  
  rule6                                                             port        
  rule3                                                             process     
  rule5                                                             registry    
  ------------------------------------------------------------------------------
                                             EPS End Point Security             
                                                                                
  ----End
Table 1 Description of the display rule command output

Item

Description

RuleName

Name of the rule

RuleType
Type of the added rule:

  • antivirus: rule for checking the antivirus software

  • file: rule for checking the file

  • firewall: rule for checking the firewall software

  • OS version: rule for checking the operating system

  • port: rule for checking the port

  • process: rule for checking the process

  • registry: rule for checking the registry

# Display detailed information about OS Version rule1, File rule2, Process rule3, Antivirus rule4, Registry rule5, Port rule6, and Firewall rule7 added to host check policy policy1.

<sysname> system-view
[sysname] v-gateway abc
[sysname-abc] hostchecker
[sysname-abc-hostchecker] eps-policy policy1
[sysname-abc-hostchecker-policy1] display rule rule1

                                                                                
  VG EPS Rule Information                                                       
  -------------------------------                                               
  Rule   Name:                   rule1                                          
  Belong to VG:                  abc                                            
  Belong to Policy:              policy1                                        
  Rule   Type:                   OS                                             
  OS Version:                    win2000                                        
  SP:                            SP3                                            
  OS Version:                    win2003                                        
  SP:                            ignore                                         
  OS Version:                    win2008                                        
  SP:                            ignore                                         
  OS Version:                    winxp                                          
  SP:                            ignore                                         
  OS Version:                    vista                                          
  SP:                            ignore                                         
                                                                                
  ----End

[sysname-abc-hostchecker-policy1] display rule rule2

                                                                                
  VG EPS Rule Information                                                       
  -------------------------------                                               
  Rule   Name:                   rule2                                          
  Belong to VG:                  abc                                            
  Belong to Policy:              policy1                                        
  Rule   Type:                   file                                           
  File   Name:                   abc.txt                                        
  Action:                        deny delete                                    
  MD5 value:                     ABCDE134ABCDE134ABCDE134ABCDE134               
  SHA256 value:                  268676e0861154b0f08f621fc914e97c9ace8f001d6232fa3c91a09e3e5cb960
  
  ----End

[sysname-abc-hostchecker-policy1] display rule rule3

                                                                                
  VG EPS Rule Information                                                       
  -------------------------------                                               
  Rule   Name:                   rule3                                          
  Belong to VG:                  abc                                            
  Belong to Policy:              policy1                                        
  Rule   Type:                   process                                        
  Process   Name:                xyz.exe                                        
  Action:                        deny terminate                                 
  MD5 value:                     abcde123abcde123abcde123abcde123               
  SHA256 value:                  268676e0861154b0f08f621fc914e97c9ace8f001d6232fa3c91a09e3e5cb960
                                                                                
  ----End

[sysname-abc-hostchecker-policy1] display rule rule4

                                                                                
  VG EPS Rule Information                                                       
  -------------------------------                                               
  Rule   Name:                   rule4                                          
  Belong to VG:                  abc                                            
  Belong to Policy:              policy1                                        
  Rule   Type:                   antivirus                                      
  Software:                      Norton Antivirus 2013                         
  Software:                      Ringstar Antivirus 2011                              
                                                                                
  ----End

[sysname-abc-hostchecker-policy1] display rule rule5

                                                                                
  VG EPS Rule Information                                                       
  -------------------------------                                               
  Rule   Name:                   rule5                                          
  Belong to VG:                  abc                                            
  Belong to Policy:              policy1                                        
  Rule   Type:                   registry                                       
  Key:                           HKEY_CLASSES_ROOT\dfads                        
  Item:                          ProxyEnable                                    
  Type:                          reg-sz                                         
  Value:                         fasdf                                          
  Action:                        unrepair                                       
                                                                                
  ----End

[sysname-abc-hostchecker-policy1] display rule rule6

                                                                                
  VG EPS Rule Information                                                       
  -------------------------------                                               
  Rule   Name:                   rule6                                          
  Belong to VG:                  abc                                            
  Belong to Policy:              policy1                                        
  Rule   Type:                   port                                           
  Port   List:                   70-75,80                                       
  Action:                        deny                                           
                                                                                
  ----End

[sysname-abc-hostchecker-policy1] display rule rule7
                                                                                
  VG EPS Rule Information                                                       
  -------------------------------                                               
  Rule   Name:                   rule7                                          
  Belong to VG:                  abc                                            
  Belong to Policy:              policy1                                        
  Rule   Type:                   firewall                                       
  Software:                      Any software
  ----End
Table 2 Description of the display rule rule1 command output

Item

Description

Rule Name

Name of the rule

Belong to VG

Virtual gateway which the rule belongs to

Belong to Policy

Host check policy which the rule belongs to

Rule Type
Type of the rule:

  • antivirus: rule for checking the antivirus software

  • file: rule for checking the file

  • firewall: rule for checking the firewall software

  • OS: rule for checking the operating system

  • port: rule for checking the port

  • process: rule for checking the process

  • registry: rule for checking the registry

OS Version
Version of the configured operating system:

  • win2000: Windows 2000

  • win2003: Windows Server 2003

  • win2008: Windows Server 2008

  • winxp: Windows XP

  • vista: Windows Vista

SP
The earliest patch version for the configured operating system:
  • When the operating system is Windows 2000, the earliest patch version that can be configured for the operating system is SP3, SP4, or ignore.
  • When the operating system is Windows Server 2003, the earliest patch version that can be configured for the operating system is SP1, SP2, and ignore.
  • When the operating system is Windows Server 2008, the earliest patch version that can be configured for the operating system is SP1, SP2, and ignore.
  • When the operating system is Windows XP, the earliest patch version that can be configured for the operating system is SP1, SP2, SP3, and ignore.
  • When the operating system is Windows Vista, the earliest patch version that can be configured for the operating system is SP1 and ignore.
Table 3 Description of the display rule rule2 command output

Item

Description

Rule Name

Name of the rule

Belong to VG

Virtual gateway that the rule belongs to

Belong to Policy

Host check policy which the rule belongs to

Rule Type
Type of the rule:

  • antivirus: rule for checking the antivirus software

  • file: rule for checking the file

  • firewall: rule for checking the firewall software

  • OS: rule for checking the operating system

  • port: rule for checking the port

  • process: rule for checking the process

  • registry: rule for checking the registry

File Name

Name of the file to be checked

Action
Action of the rule:
  • required: indicates that the user terminal, on which these files exist, is allowed to pass the rule check.
  • deny: indicates that the user terminal, on which these files exist, is not allowed to pass the rule check.
  • deny delete: indicates that the user is forced to delete these files that save on the user terminal.

MD5 value

MD5 value of the file

SHA256 value

SHA256 value of the file
Table 4 Description of the display rule rule3 command output

Item

Description

Rule Name

Name of the rule

Belong to VG

Virtual gateway which the rule belongs to

Belong to Policy

Host check policy which the rule belongs to

Rule Type
Type of the rule:

  • antivirus: rule for checking the antivirus software

  • file: rule for checking the file

  • firewall: rule for checking the firewall software

  • OS: rule for checking the operating system

  • port: rule for checking the port

  • process: rule for checking the process

  • registry: rule for checking the registry

Process Name

Name of the process to be checked

Action
Action of the rule:
  • required: indicates that the user terminal, on which these processes are running, is allowed to pass the rule check.
  • deny: indicates that the user terminal, on which these processes are running, is not allowed to pass the rule check.
  • deny terminate: indicates that the user is forced to terminate these processes that are running on the user terminal.

MD5 value

MD5 value of the process

SHA256 value

SHA256 value of the process
Table 5 Description of the display rule rule4 command output

Item

Description

Rule Name

Name of the rule

Belong to VG

Virtual gateway which the rule belongs to

Belong to Policy

Host check policy which the rule belongs to

Rule Type
Type of the rule:

  • antivirus: rule for checking the antivirus software

  • file: rule for checking the file

  • firewall: rule for checking the firewall software

  • OS: rule for checking the operating system

  • port: rule for checking the port

  • process: rule for checking the process

  • registry: rule for checking the registry

Software

Name of the antivirus software
Table 6 Description of the display rule rule5 command output

Item

Description

Rule Name

Name of the rule

Belong to VG

Virtual gateway which the rule belongs to

Belong to Policy

Host check policy which the rule belongs to

Rule Type
Type of the rule:

  • antivirus: rule for checking the antivirus software

  • file: rule for checking the file

  • firewall: rule for checking the firewall software

  • OS: rule for checking the operating system

  • port: rule for checking the port

  • process: rule for checking the process

  • registry: rule for checking the registry

Key

Key value of the registry

Item

Name of the registry item

Type
Type of the registry item:

  • reg-sz: character string with fixed length

  • reg-expand-sz: character string with non-fixed length

  • reg-binary: binary mode

  • reg-dword: double bytes

Value

Value of the registry item

Action
Action of the rule

  • repair: indicates that the registry on the user terminal is forcibly modified to be the registry configured on the FW when the two registries are different. If the registry is modified successfully, the user terminal is allowed to pass the rule check. Otherwise, the user terminal is not allowed to pass the rule check.

  • unrepair: indicates that the registry on the user terminal is not forcibly modified when the registry is different from the one configured on the FW. In addition, the user terminal is not allowed to pass the rule check.
Table 7 Description of the display rule rule6 command output

Item

Description

Rule Name

Name of the rule

Belong to VG

Virtual gateway which the rule belongs to

Belong to Policy

Host check policy which the rule belongs to

Rule Type
Type of the rule:

  • antivirus: rule for checking the antivirus software

  • file: rule for checking the file

  • firewall: rule for checking the firewall software

  • OS: rule for checking the operating system

  • port: rule for checking the port

  • process: rule for checking the process

  • registry: rule for checking the registry

Port List

List of the ports to be checked

Action
Action of the rule:

  • required: indicates that the user terminal, these ports of which are opened, is allowed to pass the rule check.

  • deny: indicates that the user terminal, these ports of which are opened, is not allowed to pass the rule check.
Table 8 Description of the display rule rule7 command output

Item

Description

Rule Name

Name of the rule

Belong to VG

Virtual gateway which the rule belongs to

Belong to Policy

Host check policy which the rule belongs to

Rule Type
Type of the rule:

  • antivirus: rule for checking the antivirus software

  • file: rule for checking the file

  • firewall: rule for checking the firewall software

  • OS: rule for checking the operating system

  • port: rule for checking the port

  • process: rule for checking the process

  • registry: rule for checking the registry

Software

Name of the firewall software
Parent Topic: End Point Security Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >