Conditions

It is possible to define if/then/else logic in the Juniper audit policy. This allows the end-user to use a single file that is able to handle multiple configurations.

The syntax to perform conditions is the following:

<if>

<condition type:"or">

< Insert your audit here >

</condition>

<then>

< Insert your audit here >

</then>

<else>

< Insert your audit here >

</else>

</if>

Example:

<if>

<condition type: "OR">

 

<custom_item>

type: CONFIG_CHECK

description: "Configure Syslog Host"

regex: "syslog host [0-9\.]+"

not_expect: "syslog host 1.2.3.4"

</custom_item>

 

</condition>

<then>

<report type: "PASSED">

description: "Configure Syslog Host."

</report>

</then>

<else>

<custom_item>

type: CONFIG_CHECK

description: "Configure Syslog Host"

regex: "syslog host [0-9\.]+"

not_expect: "syslog host 1.2.3.4"

</custom_item>

 

</else>

</if>

The condition never shows up in the report - that is, whether it fails or passes it won’t show up (it’s a “silent” check).

Conditions can be of type “and” or “or”.