The rule process command configures a rule to check processes running on the user terminal.
The undo rule process command cancels the configuration.
rule rule-name process { process-name { required | deny [ terminate ] } | { md5 md5-value | sha256 sha256-value } }
undo rule rule-name process { md5 md5-value | sha256 sha256-value }
| Parameter | Description | Value |
|---|---|---|
rule-name |
Specifies the name of the rule. |
The value is a string of 1 to 63 case-sensitive characters. |
process-name |
Specifies the name, including the extension name, of the process. The process name must be completely identical with the name of the process running on the user terminal; otherwise, the rule is invalid. |
The value is a string of 1 to 127 case-sensitive characters. |
required |
Indicates that the user terminal, on which these processes are running, is allowed to pass the rule check. |
- |
deny [ terminate ] |
deny indicates that the user terminal, on which these processes are running, is not allowed to pass the rule check. deny terminate indicates that these processes are terminated if they are running on the user terminal. After these processes are terminated, the user terminal passes the rule check. Otherwise, the user terminal is not allowed to pass. |
- |
md5-value |
Specifies the MD5 value of a process. |
The value is a string of 32 case-insensitive characters, which can be digits (0 to 9) or letters (a to f or A to F). |
sha256-value |
Specifies the SHA256 value of a process. |
The value is a string of 64 case-insensitive characters, which can be digits (0 to 9) or letters (a to f or A to F). |
The rule for checking processes by process name may be invalid because the contents of processes may be tampered with. Using the SHA256 or MD5 value that uniquely identifies a process can ensure the validity of process rules. A rule can have a maximum of five verification values.
# Configure a rule for checking processes as rule1 and the user terminal on which the xyz.exe process is running is not allowed to pass the rule check. If the xyz.exe process exists, the process is terminated automatically.
<sysname> system-view [sysname] v-gateway abc [sysname-abc] hostchecker [sysname-abc-hostchecker] eps-policy policy1 [sysname-abc-hostchecker-policy1] rule rule1 type process [sysname-abc-hostchecker-policy1] rule rule1 process xyz.exe deny terminate