< Day Day Up > |
Rule modules group rules or sets of rules that serve a similar purpose. After you group the rules, you can apply the rule module where necessary to specific policies. The CSA product includes several rule modules that serve functional purposes, but you can also create additional rule modules that apply to your specific environment and user base. The CSA architecture provides two types of rules for application: enforcement and detection. Enforcement rules either allow or deny actions from occurring. Detection rules monitor rules that do not enforce compliance or rules that tag processes to application classes and do not take enforcement actions themselves. Working with Rule ModulesThe CSA MC separates rule modules into two groups: UNIX and Windows. To access the predefined rule module list, which is also the page where you would begin to create your own new modules, choose Configuration > Rule Modules [UNIX] or Rule Modules [Windows]. Figure 4-33 shows the Windows Rule Modules screen. Figure 4-33. Windows Rule Module ScreenFrom this page, you can perform the following actions, which are discussed in the next few sections:
Comparing Rule ModulesOn occasion, you might want to compare two rule modules to find the similarities or differences between them. After choosing the two rule modules you want to compare and clicking the Compare button, a comparison page displays, as shown in Figure 4-34. This page presents a great deal of information, including all configuration parameters associated with the rule modules and all rules (including rule details) for the rule modules. The differences between the two modules display in red to help aid in picking out the differences. Similar rules are placed side by side, and rules with no similar counterpart are left blank on the opposite side of the comparison page. Figure 4-34. Rule Module Comparison PageAlso, notice that check boxes appear near the "uncommon" rules on the comparison screen. You can check the box next to the rule you want to copy and then click the Copy button at the bottom of the screen to copy the rule to the other module, a different module, or a new module. You can also click the Delete button to remove a rule from a policy from this view. Creating a Rule ModuleMore often than not, you will need to create your own rule modules to serve a purpose that is not accommodated by the built-in modules. To create a new rule module and view the settings available at the rule module level, perform the following steps, which correspond to Figure 4-35:
Figure 4-35. Viewing and Creating a Rule ModuleAt the top of the specific rule module page, you see the following quick links options:
Using CSA Predefined Rule ModulesSeveral rule modules that come installed with the CSA MC server can aid in the deployment and testing of the product. Some of the rule modules included are as follows:
This is only a sample of the rule modules included with the product. To view the included rule modules on your installation, choose Configuration > Rule Modules [UNIX] or Rule Modules [Windows] > All. Figure 4-41 shows the predefined rule modules. Figure 4-41. Predefined Rule ModulesNOTE This book does not attempt to explain the predefined rule modules and policies shown in Figure 4-41. These policies change over time, and the best method available for those wanting to better understand those modules is to investigate the locally installed modules and policies personally. To view the rule modules and better understand their function, click the name and then choose Modify Rules or Explain Rules from the quick links menu. |
< Day Day Up > |