Strong Password

Test suite to check the OSDx password strong-password level

Test Strong Password

Description

A password strength level and a strong password are configured and then attempting to configure a weak password fails.

Scenario

Step 1: Set the following configuration in DUT0:

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system ntp authentication-key 1 encrypted-key U2FsdGVkX19MjjtKgeFflrBM2GVBIlMSLNdKA2BEN+I=
set system strong-password level 2

Note

This password has a score of 4.

Step 2: Expect a failure in the following command: Modify the following configuration lines in DUT0:

set system ntp authentication-key 1 encrypted-key U2FsdGVkX19MjjtKgeFflm61NVmpMEDAD3cqIOZBd8Q=

Note

This password has a score of 0, which is lower than the strong-password level.

---

Test Password Display

Description

Check that additional information from the strong-password is displayed correctly

Scenario

Step 1: Set the following configuration in DUT0:

set system cli configuration logging global info
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system strong-password display
set system strong-password level 0

Step 2: Modify the following configuration lines in DUT0:

set system ntp authentication-key 1 encrypted-key U2FsdGVkX1/X3zBm9qPn2m7PPVP9S1dheOHG/qJu+Bo=

Step 3: Run command system journal show | tail -n 1000 at DUT0 and expect this output:

Show output

Jul 30 10:36:49.292484 osdx systemd-journald[60253]: Runtime Journal (/run/log/journal/22c37bf8be29452e87aca50c6265032f) is 2.3M, max 15.3M, 13.0M free.
Jul 30 10:36:49.293946 osdx systemd-journald[60253]: Received client request to rotate journal, rotating.
Jul 30 10:36:49.293988 osdx systemd-journald[60253]: Vacuuming done, freed 0B of archived journals from /run/log/journal/22c37bf8be29452e87aca50c6265032f.
Jul 30 10:36:49.302021 osdx OSDxCLI[90271]: User 'admin' executed a new command: 'system journal clear'.
Jul 30 10:36:49.644657 osdx osdx-coredump[91607]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
Jul 30 10:36:49.652518 osdx OSDxCLI[90271]: User 'admin' executed a new command: 'system coredump delete all'.
Jul 30 10:36:50.104941 osdx OSDxCLI[90271]: User 'admin' entered the configuration menu.
Jul 30 10:36:50.163303 osdx OSDxCLI[90271]: User 'admin' added a new cfg line: 'set system console log-level info'.
Jul 30 10:36:50.261951 osdx OSDxCLI[90271]: User 'admin' added a new cfg line: 'set system strong-password level 0'.
Jul 30 10:36:50.317913 osdx OSDxCLI[90271]: User 'admin' added a new cfg line: 'set system strong-password display'.
Jul 30 10:36:50.424256 osdx OSDxCLI[90271]: User 'admin' added a new cfg line: 'show working'.
Jul 30 10:36:50.488952 osdx modulelauncher[1112]: + Received data: ['90271', 'osdx.utils.xos', 'set_console_log_level', 'info']
Jul 30 10:36:50.509074 osdx OSDxCLI[90271]: Signal 10 received
Jul 30 10:36:50.520911 osdx ifmon[1142]: Changed log-level to info
Jul 30 10:36:50.521357 osdx cfgd[1242]: [90271]Completed change to active configuration
Jul 30 10:36:50.523825 osdx OSDxCLI[90271]: User 'admin' committed the configuration.
Jul 30 10:36:50.549539 osdx OSDxCLI[90271]: User 'admin' left the configuration menu.
Jul 30 10:36:50.752209 osdx OSDxCLI[90271]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Jul 30 10:36:50.752959 osdx OSDxCLI[90271]: pam_unix(cli:session): session closed for user admin
Jul 30 10:36:50.753443 osdx OSDxCLI[90271]: User 'admin' entered the configuration menu.
Jul 30 10:36:50.820086 osdx OSDxCLI[90271]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Jul 30 10:36:50.820498 osdx cfgd[1242]: Execute action [syntax] for node [system ntp authentication-key 1]
Jul 30 10:36:50.833389 osdx OSDxCLI[90271]: pam_unix(cli:session): session closed for user admin
Jul 30 10:36:50.833740 osdx OSDxCLI[90271]: User 'admin' added a new cfg line: 'set system ntp authentication-key 1 md5 qwER43@!'.
Jul 30 10:36:50.921733 osdx OSDxCLI[90271]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Jul 30 10:36:50.928665 osdx OSDxCLI[90271]: pam_unix(cli:session): session closed for user admin
Jul 30 10:36:50.929060 osdx OSDxCLI[90271]: User 'admin' added a new cfg line: 'show changes'.
Jul 30 10:36:50.981577 osdx OSDxCLI[90271]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)
Jul 30 10:36:50.986429 osdx cfgd[1242]: [90271]must validation for [system login user admin role] was skipped
Jul 30 10:36:50.999595 osdx WARNING[91649]: Short keyboard patterns are easy to guess.
Jul 30 10:36:50.999634 osdx INFO[91649]: Suggestions:
Jul 30 10:36:50.999663 osdx INFO[91649]:   Add another word or two. Uncommon words are better.
Jul 30 10:36:50.999682 osdx INFO[91649]:   Use a longer keyboard pattern with more turns.
Jul 30 10:36:50.999700 osdx INFO[91649]: Crack times (passwords per time):
Jul 30 10:36:50.999719 osdx INFO[91649]:   100 per hour:              centuries
Jul 30 10:36:50.999735 osdx INFO[91649]:   10 per second:             3 months
Jul 30 10:36:50.999792 osdx INFO[91649]:   10.000 per second:         3 hours
Jul 30 10:36:50.999816 osdx INFO[91649]:   10.000.000.000 per second: less than a second
Jul 30 10:36:51.004519 osdx cfgd[1242]: Execute action [end] for node [system ntp]
Jul 30 10:36:51.042324 osdx systemd[1]: Starting ntpsec.service - Network Time Service...
Jul 30 10:36:51.048236 osdx ntpd[91657]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting
Jul 30 10:36:51.048259 osdx ntpd[91657]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Jul 30 10:36:51.048540 osdx ntp-systemd-wrapper[91657]: 2024-07-30T10:36:51 ntpd[91657]: INIT: ntpd ntpsec-1.2.2+2-ga54c8dd: Starting
Jul 30 10:36:51.048540 osdx ntp-systemd-wrapper[91657]: 2024-07-30T10:36:51 ntpd[91657]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec
Jul 30 10:36:51.048883 osdx systemd[1]: Started ntpsec.service - Network Time Service.
Jul 30 10:36:51.049948 osdx cfgd[1242]: [90271]Completed change to active configuration
Jul 30 10:36:51.051807 osdx ntpd[91659]: INIT: precision = 0.065 usec (-24)
Jul 30 10:36:51.052440 osdx ntpd[91659]: INIT: successfully locked into RAM
Jul 30 10:36:51.052455 osdx ntpd[91659]: CONFIG: readconfig: parsing file: /etc/ntpsec/ntp.conf
Jul 30 10:36:51.052490 osdx ntpd[91659]: AUTH: authreadkeys: reading /etc/ntp.keys
Jul 30 10:36:51.052656 osdx ntpd[91659]: AUTH: authreadkeys: added 1 keys
Jul 30 10:36:51.052705 osdx ntpd[91659]: INIT: Using SO_TIMESTAMPNS(ns)
Jul 30 10:36:51.052720 osdx ntpd[91659]: IO: Listen and drop on 0 v6wildcard [::]:123
Jul 30 10:36:51.052734 osdx ntpd[91659]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123
Jul 30 10:36:51.053040 osdx OSDxCLI[90271]: pam_unix(cli:session): session closed for user admin
Jul 30 10:36:51.053178 osdx ntpd[91659]: IO: Listen normally on 2 lo 127.0.0.1:123
Jul 30 10:36:51.053198 osdx ntpd[91659]: IO: Listen normally on 3 lo [::1]:123
Jul 30 10:36:51.053222 osdx ntpd[91659]: IO: Listening on routing socket on fd #20 for interface updates
Jul 30 10:36:51.053229 osdx ntpd[91659]: INIT: MRU 10922 entries, 13 hash bits, 65536 bytes
Jul 30 10:36:51.053291 osdx ntpd[91659]: INIT: OpenSSL 3.0.11 19 Sep 2023, 300000b0
Jul 30 10:36:51.053333 osdx OSDxCLI[90271]: User 'admin' committed the configuration.
Jul 30 10:36:51.053799 osdx ntpd[91659]: NTSc: Using system default root certificates.
Jul 30 10:36:51.082986 osdx OSDxCLI[90271]: User 'admin' left the configuration menu.
Jul 30 10:36:51.200306 osdx OSDxCLI[90271]: pam_unix(cli:session): session opened for user admin(uid=1000) by admin(uid=1000)

---