Filter
Top Products
174 Building a Network Access Control Solution with IBM Tivoli and Cisco Systems
Rules
Rules are used to evaluate the detected registry value and determine the status
of the registry value data element. All rules conform to simple rule grammar, and
are composed of the following:
A rule operator
A rule value
A rule result
A rule that logically evaluates to
true is called a matching rule. A rule that
evaluates to
false, or cannot be evaluated, is called a failing rule. The rules
listed in the VALUE_DATA_RULES parameter are evaluated sequentially from
the top down until a matching rule is found, or the last rule is reached. If a
matching rule is found, the status of the value data check is set to the rule’s result
and no more rules are evaluated. If all the rules are evaluated without finding a
matching rule, then the status of the check is set to the contents of the
DEFAULT_RULE parameter. If the DEFAULT_RULE parameter does not have a
value, then the check is set to PASS.
Rule operators
Rules can be evaluated in either a numeric or a string context. The valid
operators are listed in Table 6-6, with their meanings in both numeric and string
contexts.
Table 6-6 Valid rule operators
Operator String context Numeric context
eq Equal N/D
ne Not equal N/D
= N/D Equal
!= N/D Not equal
< N/D Less then
<= N/D Less then or equal
> N/D Greater then
>= N/D Greater then or equal
<> Not set Not set
* Is set Is set