Owners Manual

Table Of Contents
Standard Change Management Policies
31
Juniper JUNOS 'show cos drop-profiles' xml
Juniper JUNOS 'show cos classifiers' xml
Juniper JUNOS 'show configuration' xml
Juniper JUNOS 'show configuration'
Juniper JUNOS 'show class of service' xml
Juniper JUNOS 'show access' xml
Juniper JUNOS show system rollback ACLI
HP Procurve Adaptive CLIs
N/A
Brocade Adaptive CLIs
N/A
Standard Change Management Policies
Change Management comes with several policies and actions by default. These
include ProScan policies and policy groups, as well as the corresponding Actions for
correcting any violations, and Event Processing Rules that automate remedy actions.
The following sections briefly describe these.
Cisco Compliance Policies
Cisco Compliance Actions
Cisco Event Processing Rules
CAUTION:
Seeded Proscan policies are not necessarily correct by default. You must specify device targets
at least. Given the variance in responses, particularly for Cisco devices, best practice is to test
any such policy before you use it.
Cisco Compliance Policies
The following are Cisco Compliance policies included by default with your Change
Management installation. Policies listed here are part of Cisco Proscan Policy Groups
scanning for PCI, HIPPA, SOX, NSA, and CISP compliance. These appear at the bot-
tom of this list.
COMPLIANCE Cisco Enable SecretUse enable secret for enable level access to
device; PCI 8.4
COMPLIANCE Cisco Finger Service (12.1+)Disable Finger service; PCI 2.2.2
COMPLIANCE Cisco HTTP ServerHTTP server should not be running; PCI 2.2.2
COMPLIANCE Cisco Finger Service (11.3-12.0)Disables finger service; PCI 2.2.2
COMPLIANCE Cisco Identd ServiceDisable Identd service globally
COMPLIANCE Cisco Timestamps LoggingUse the timestamps service to show
date and time on all log messages; PCI 10.2
COMPLIANCE Cisco Disable MOPDisable MOP support on all Ethernet and
VLAN interfaces; PCI.
COMPLIANCE Cisco NTP Redundant ServersEnsures that more than one NTP
server is defined; PCI 10.4
COMPLIANCE Cisco Disable NTPDisable NTP if not in use; PCI 2.2