This is a Privilege based feature: The user will be able to access, view, add, edit, delete, execute & export, only if privileges have been given by the administrator. This will be defined under roles and privileges.
This menu is accessible only if the below privilege has been checked.
Though most of the compliance checks can be performed automatically through NCCM, there are a few compliance checks that must be done manually. For example checking whether the access control on all entrance/exit of the organization is functional has to be done manually.
Follow the below steps to add Baseline Template
Click Validate to validate template.
Procedure to follow for writing Golden Template:
NCCM fetches “Device Configuration” of filtered Devices (based on filter), applies Ignore Patterns to filter the lines (remove unwanted lines) from Configuration and matches the Configuration Template* Patterns one by one. This is to ensure that the Configuration is adhered to the Golden Template or Policy.
Golden Template results include Missing configurations and illegal extra configurations for each Device (one by one). NCCM allows the user to ignore single configuration or Block of configuration before matching the template. This is based on input & Ignore patterns.
Procedure/Rules
!
start
end
Syntax: BlockStartPattern:banner exec \^C [$$$]BlockEndPattern:\^C[$$$]EndPattern:Ignore
BlockStartPattern, BlockEndPattern are key words
banner exec \^C is the start of pattern in configuration
\^C is end of pattern in configuration
[$$$] is separator for BlockStartPattern, BlockEndPattern & EndPattern
Ignore is to say ignore the last matching pattern or not. If you want to keep then input as Keep
version 12\.4
service password encryption
example is to match the configuration exec-timeout 0 0 , privilege level 25 and logging synchronous should exists inside the line con 0 Block (but not to match in MAIN or Other Sub Blocks)
If the configuration file contains the following configurations blocks (line con 0 and lone aux 0)
line con 0
exec-timeout 0 0
privilege level 25
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
Then the Match Pattern should be
Syntax: BlockStartPattern:line con 0
exec-timeout 0 0
privilege level 25
BlockEndPattern:logging synchronous[$$$]EndPattern:Keep
Explanation:
BlockStartPattern, BlockEndPattern are key words to match the Start and End of Block
line con 0 is the start of pattern in configuration to match in Block
exec-timeout 0 0 is pattern to match inside Block
privilege level 25 is pattern to match inside Block
logging synchronous is end of pattern in configuration to match in Block
[$$$] is separator for BlockEndPattern and EndPattern
‘Keep’ is used to consider the last line in the same block. If you want to ignore apply ‘Ignore’.