rule file
Function
The rule file command configures a rule for checking files to check files on the user terminal.
The undo rule file command cancels the preceding configuration.
Format
rule rule-name file { file-name { required | deny [ delete ] } | { md5 md5-value | sha256 sha256-value } }
undo rule rule-name file { md5 md5-value | sha256 sha256-value }
Parameters
| Parameter | Description | Value |
|---|---|---|
rule-name |
Specifies the name of the rule. |
The value is a string of 1 to 63 case-sensitive characters. |
file-name |
Specifies the name, including the extension name, and full path of the file to be checked. |
The value is a string of 1 to 127 case-sensitive characters. |
required |
Indicates that the user terminal, on which these files exist, is allowed to pass the rule check. |
- |
deny [ delete ] |
deny indicates that the user terminal, on which these files exist, is not allowed to pass the rule check. deny delete indicates that the user is forced to delete these files saved on the user terminal if these files exist on the user terminal. After these files are deleted, the user terminal passes the rule check. Otherwise, the user terminal is not allowed to pass. |
- |
md5-value |
Specifies the MD5 value of a file. |
The value is a string of 32 case-insensitive characters, which can be digits (0 to 9) or letters (a to f or A to F). |
sha256-value |
Specifies the SHA256 value of a file. |
The value is a string of 64 case-insensitive characters, which can be digits (0 to 9) or letters (a to f or A to F). |
The file name must be completely identical with the name of the file on the user terminal; otherwise, the rule is invalid.
The file name supports directory macros, Table 1 shows the detailed file paths mapping the Windows directory macros, provided that the operating system is installed on disk C.
For example, to delete 1.txt from the route directory of disk C, you can either enter C:\1.txt or use the directory macro, that is, enter %HOMEDRIVE%\1.txt. To delete files whose extensions are tmp from the Temp folder, you can either enter C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp or use the directory macro, that is, enter %TEMP%\*.tmp.
System Macro |
full Path |
|---|---|
%APPDATA% |
C:\Documents and Settings\<user name>\Application Data |
%windir% |
C:\WINDOWS |
%ProgramFiles% |
C:\Program Files |
%CommonProgramFiles% |
C:\Program Files\Common Files |
%USERPROFILE% |
C:\Documents and Settings\<user name> |
%HOMEDRIVE% |
C: |
%Temp% |
C:\Documents and Settings\<user name>\Local Settings\Temp |
%ProgramW6432% (Only the 64-bit OS supports this directory macro) |
C:\Program Files |
%CommonProgramW6432% (Only the 64-bit OS supports this directory macro) |
C:\Program Files\Common Files |
NOTE:
<user name> is the name of the current user. |
|
Usage Guidelines
The rule for checking files by file name may be invalid because the contents of files may be tampered with. Using the SHA256 or MD5 value that uniquely identifies a file can ensure the validity of file rules. A rule can have a maximum of five verification values.
Example
# Configure a rule for checking files as rule1 and allow the user terminal on which the c:\xyz.exe file exists to pass the rule check.
<sysname> system-view [sysname] v-gateway abc [sysname-abc] hostchecker [sysname-abc-hostchecker] eps-policy policy1 [sysname-abc-hostchecker-policy1] rule rule1 type file [sysname-abc-hostchecker-policy1] rule rule1 file c:\xyz.exe required