Cisco Systems IPS 7.1 Home Security System User Manual


  Open as PDF
of 1042
 
8-5
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 8 Defining Signatures
Configuring Signature Variables
Adding, Editing, and Deleting Signature Variables
To add, edit, and delete signature variables, follow these steps:
Step 1 Log in to the CLI using an account with administrator or operator privileges.
Step 2 Enter signature definition submode.
sensor# configure terminal
sensor(config)# service signature-definition sig1
Step 3 Create a signature variable for a group of IP addresses.
sensor(config-sig)# variables IPADD ip-addr-range 10.1.1.1-10.1.1.24
Step 4 Edit the signature variable for web ports. WEBPORTS has a predefined set of ports where web servers
are running, but you can edit the value. This variable affects all signatures that have web ports. The
default is 80, 3128, 8000, 8010, 8080, 8888, 24326.
sensor(config-sig)# variables WEBPORTS web-ports 80,3128,8000
Step 5 Verify the changes.
sensor(config-sig)# show settings
variables (min: 0, max: 256, current: 2)
-----------------------------------------------
variable-name: IPADD
-----------------------------------------------
ip-addr-range: 10.1.1.1-10.1.1.24
-----------------------------------------------
<protected entry>
variable-name: WEBPORTS
-----------------------------------------------
web-ports: 80,3128,8000 default: 80-80,3128-3128,8000-8000,8010-8010,80
80-8080,8888-8888,24326-24326
-----------------------------------------------
Step 6 Delete a variable.
sensor(config-sig)# no variables IPADD
Step 7 Verify the variable has been deleted.
sensor(config-sig)# show settings
variables (min: 0, max: 256, current: 1)
-----------------------------------------------
<protected entry>
variable-name: WEBPORTS
-----------------------------------------------
web-ports: 80,3128,8000 default: 80-80,3128-3128,8000-8000,8010-8010,80
80-8080,8888-8888,24326-24326
-----------------------------------------------
Step 8 Exit signature definition submode.
sensor(config-sig)# exit
Apply Changes:?[yes]:
Step 9 Press Enter to apply the changes or enter no to discard them.
 previous next