7-29
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 7 Configuring Event Action Rules
Configuring OS Identifications
• configured-os-map {edit | insert | move] name1[begin | end | inactive | before | after}—Specifies
a collection of administrator-defined mappings of IP addresses to OS IDs (configured OS mappings
take precedence over imported and learned OS mappings).
• ip—Specifies the host IP address (or addresses) running the specified OS. The value is
<A.B.C.D>-<A.B.C.D>[,<A.B.C.D>-<A.B.C.D>], for example,
10.20.1.0-10.20.1.255,10.20.5.0-10.20.5.255.
Note The second IP address in the range must be greater than or equal to the first IP address.
• os—Specifies the OS type the host (or hosts) is running:
–
general-os—All OS types
–
ios—Variants of Cisco IOS
–
mac-os—Variants of the Apple System OS prior to OS X
–
netware—Netware
–
other —Any Other OS
–
unix—Variants of UNIX
–
aix—Variants of AIX
–
bsd—Variants of BSD
–
hp-ux—Variants of HP-UX
–
irix—Variants of IRIX
–
linux—Variants of Linux
–
solaris—Variants of Solaris
–
windows—Variants of Microsoft Windows
–
windows-nt-2k-xp—Variants of NT, 2000, and XP
–
win-nt—Specific variants of Windows NT
–
unknown—Unknown OS
• default—Sets the value back to the system default setting.
• no—Removes an entry or selection setting.
• passive-traffic-analysis {enabled | disabled}—Enables/disables passive OS fingerprinting
analysis.
Configuring OS Maps
To configure OS maps, follow these steps:
Step 1 Log in to the CLI using an account with administrator privileges.
Step 2 Enter event action rules submode.
sensor# configure terminal
sensor(config)# service event-action-rules rules1
sensor(config-eve)#