Cisco Systems IPS 7.1 Home Security System User Manual


  Open as PDF
of 1042
 
7-30
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 7 Configuring Event Action Rules
Configuring OS Identifications
Step 3 Create the OS map. Use name1, name2, and so forth to name your OS maps. Use the begin | end |
inactive | before | after keywords to specify where you want to insert the filter.
sensor(config-eve)# os-identification
sensor(config-eve-os)# configured-os-map insert name1 begin
sensor(config-eve-os-con)#
Step 4 Specify the values for this OS map:
a. Specify the host IP address.
sensor(config-eve-os-con)# ip 192.0.2.0-192.0.2.255
b. Specify the host OS type.
sensor(config-eve-os-con)# os unix
Caution You can specify multiple operating systems for the same IP address. The last one in the list is the
operating system that is matched.
Step 5 Verify the settings for the OS map.
sensor(config-eve-os-con)# show settings
NAME: name1
-----------------------------------------------
ip: 192.0.2.0-192.0.2.255 default:
os: unix
-----------------------------------------------
sensor(config-eve-os-con)#
Step 6 Specify the attack relevance rating range for the IP address.
sensor(config-eve-os-con)# exit
sensor(config-eve-os)# calc-arr-for-ip-range 192.0.2.1 to 192.0.2.25
Step 7 Enable passive OS fingerprinting.
sensor(config-eve-os)# passive-traffic-analysis enabled
Step 8 Edit an existing OS map.
sensor(config-eve-os)# configured-os-map edit name1
sensor(config-eve-os-con)#
Step 9 Edit the parameters (see Steps 4 through 7).
Step 10 Move an OS map up or down in the OS maps list.
sensor(config-eve-os-con)# exit
sensor(config-eve-os)# configured-os-map move name5 before name1
Step 11 Verify that you have moved the OS maps.
sensor(config-eve-os)# show settings
os-identification
-----------------------------------------------
calc-arr-for-ip-range: 192.0.2.1-192.0.2.25 default: 0.0.0.0-255.255.255.255
configured-os-map (ordered min: 0, max: 50, current: 2 - 2 active, 0 inactive)
-----------------------------------------------
ACTIVE list-contents
-----------------------------------------------
NAME: name2
-----------------------------------------------
ip: 192.0.2.33 default:
 previous next