RFC 3871           Operational Security Requirements      September 2004

   Examples.

      Examples of configuration include setting interface addresses,

      defining and applying filters, configuring logging and

      authentication, etc.  Examples of management functions include

      displaying dynamic state information such as CPU load, memory

      utilization, packet processing statistics, etc.

   Warnings.

      None.

2.4.2.  'CLI' Supports Scripting of Configuration

   Requirement.

      The CLI or equivalent MUST support external scripting of

      configuration functions.  This CLI SHOULD support the same command

      set and syntax as that in Section 2.4.1.

   Justification.

      During the handling of security incidents, it is often necessary

      to quickly make configuration changes on large numbers of devices.

      Doing so manually is error prone and slow.  Vendor supplied

      management solutions do not always foresee or address the type or

      scale of solutions that are required.  The ability to script

      provides a solution to these problems.

   Examples.

      Example uses of scripting include: tracking an attack across a

      large network, updating authentication parameters, updating

      logging parameters, updating filters, configuration fetching/

      auditing, etc.  Some languages that are currently used for

      scripting include expect, Perl and TCL.

   Warnings.

      Some properties of the command language that enhance the ability

      to script are: simplicity, regularity and consistency.  Some

      implementations that would make scripting difficult or impossible

      include: "text menu" style interfaces (e.g., "curses" on UNIX) or

      a hard coded GUI interfaces (e.g., a native Windows or Macintosh

      GUI application) that communicate using a proprietary or

      undocumented protocol not based on a CLI.

Jones                        Informational                     [Page 23]