Hello all,
I am part of a team that manages 300+ SRX220, EX2200 devices. We would like to give our help desk the ablity to view, ping, and reboot the devices. We have created the class:
set system login class read-reboot permissions maintenance
set system login class read-reboot permissions network
set system login class read-reboot permissions view
set system login class read-reboot allow-commands "request system reboot"
However, I believe this gives the class more access than we are really looking for. From here I would also like to deny access to the following commands:
request system power-off
request system halt
request system zeroize
request system configuration
request systen storage
request system snapshot
request system firmware
request system autorecovery
request system commit
start shell
I believe the way to do this is using a regular expression - which I have a regex that validates against the text, but doesn't seem to play well with junos:
(^request system (power-off|snapshot|zeroize|storage|halt|configuration|firmware|autorecovery|commit)\b|^start shell)
How can I use this to deny the above commands?
Thanks
sb