HP-UX CMGR A.02.00 Administrator's and Developer's Guide
3.4 Common Attributes
The CMGR template includes command attributes and handler specific attributes. You
can also create your own attributes.
The cmgr command supports the following attributes:
DescriptionAttribute
Element identity, does not have to be unique.
id
Specifies a condition that must be true for cmgr to process the element. Can
be any valid Perl condition statement.
if
Limits the cmgr processing of this element to cases with a matching cmgr
operation argument. Valid values are the complete form of any cmgr
operation argument. Multiple operations may be specified when seperated
with the | sign.
if_op
NOTE: The if and if_op attributes are very useful with the data element to specify
operations based processing for the Configuration Elements.
3.5 Example: Building a Template
Example 3-1 demonstrates the capabilities of CMGR by providing a simplified version
of dynamic host firewall rule management. With this example template, an administrator
or application that detects undesirable traffic on a TCP port can instruct cmgr to generate
an IPFilter rule to block all traffic from the offending source IP address for the specified
port, and to log these actions with syslog. By associating each blocking request with
an identifier, individual rules can be replaced or deleted with cmgr.
CAUTION: To avoid effecting system-wide IPFilter configuration, Example 3-1 operates
on an alternate IPFilter configuration file (/tmp/example_ipf.conf). HP recommends
that you do not use this template on a production system.
Figure 3-1 shows the sequence of actions that occur in Example 3-1. The sequence of
actions are labeled from 1 to 4 and are referred to in the example comments.
32 Building a Template