Cisco Cisco NAC Appliance 4.1.0
12-22
Cisco NAC Appliance - Clean Access Manager Installation and Administration Guide
OL-12214-01
Chapter 12 Configuring Clean Access Agent Requirements
Create Clean Access Agent Requirements
Configure Custom Checks, Rules and Requirements
A check is a condition statement used to examine the client system. In the simplest case, a requirement
can be a single rule made up of a single check. If the condition statement yields a true result, the system
is considered in compliance with the Clean Access Agent requirement and no remediation is called for.
can be a single rule made up of a single check. If the condition statement yields a true result, the system
is considered in compliance with the Clean Access Agent requirement and no remediation is called for.
To create a check, first find an identifying feature of the requirement. The feature (such as a registry key
or process name) should indicate whether the client meets the requirement. The best way to find such an
indicator is to examine a system that meets the requirement. If necessary, refer to the documentation
provided with the software to determine what identifying feature to use for the Clean Access check. Once
you have determined the indicator for the requirement, use the following procedure to create the check.
or process name) should indicate whether the client meets the requirement. The best way to find such an
indicator is to examine a system that meets the requirement. If necessary, refer to the documentation
provided with the software to determine what identifying feature to use for the Clean Access check. Once
you have determined the indicator for the requirement, use the following procedure to create the check.
Custom Requirements
You can create custom requirements to maps rules to the mechanism that allows users to meet the rule
condition. The mechanism may be an installation file, a link to an external resource, or simply
instructions. If a rule check is not satisfied (for example, required software is not found on the client
system), users can be warned or required to fix their systems, depending on your configuration. As
shown in
condition. The mechanism may be an installation file, a link to an external resource, or simply
instructions. If a rule check is not satisfied (for example, required software is not found on the client
system), users can be warned or required to fix their systems, depending on your configuration. As
shown in
, a rule can combine several checks with Boolean operators, “&” (and), “|” (or),
and “!” (not). A requirement can rely on more than one rule, specifying that any selected rule, all rules,
or no rule must be satisfied for the client to be considered in compliance with the requirement.
or no rule must be satisfied for the client to be considered in compliance with the requirement.
Figure 12-12
Custom Checks, Rules, and Requirements
The steps to create custom requirements are as follows:
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Look4SymAV
rules
requirements
Look4McAfeeAV
any
&
checks
sym_exeExists
processIsActive
RecentVDefExist
mcafee_exeExists
processIsActive
RecentVDefExist
MustHaveAntiVirus
&
campusAVInstall.zip
Message: install, update
or start software