Rules, Rule operators – IBM Tivoli and Cisco User Manual

174

Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

Rules

Rules are used to evaluate the detected registry value and determine the status
of the registry value data element. All rules conform to simple rule grammar, and
are composed of the following:

A rule operator
A rule value
A rule result

A rule that logically evaluates to

true

is called a

matching rule

. A rule that

evaluates to

false

, or cannot be evaluated, is called a

failing rule

. The rules

listed in the VALUE_DATA_RULES parameter are evaluated sequentially from
the top down until a matching rule is found, or the last rule is reached. If a
matching rule is found, the status of the value data check is set to the rule’s result
and no more rules are evaluated. If all the rules are evaluated without finding a
matching rule, then the status of the check is set to the contents of the
DEFAULT_RULE parameter. If the DEFAULT_RULE parameter does not have a
value, then the check is set to PASS.

Rule operators

Rules can be evaluated in either a numeric or a string context. The valid
operators are listed in Table 6-6, with their meanings in both numeric and string
contexts.

Table 6-6 Valid rule operators

Operator

String context

Numeric context

eq

Equal

N/D

ne

Not equal

N/D

=

N/D

Equal

!=

N/D

Not equal

<

N/D

Less then

<=

N/D

Less then or equal

>

N/D

Greater then

>=

N/D

Greater then or equal

<>

Not set

Not set

*

Is set

Is set