Accounting

These scenarios show accounting feature when secure mode is enabled. All logs are stored in file: running://log/user/audit_file/audit_file

File Logs

Description

Show different logs stored in audit file

Scenario

Step 1: Run the command file show running://log/user/audit_file/audit_file on DUT0 and check whether the output contains the following tokens:

Secure mode started
Show output
2026-05-19 15:35:47.303970 daemon-info , modulelauncher[454275]:  Secure mode started
2026-05-19 15:35:48.829821 auth-notice , OSDxCLI:  User 'admin' has logged in.

Step 2: Run the command show running on DUT0 and expect the following output:

Show output
# Teldat OSDx VM version v4.2.10.0
# Tue 19 May 2026 15:35:48 +00:00
# Warning: Configuration has not been saved
set system login user admin authentication encrypted-password '$6$DULebVpBHuOucluz$Bgiv9U4JB5z8o9Tl3J1FpjPEzL3FC3cJF5gHMTL4ACs1YoBC1qUgNUocWzAarU7W4iA6CU8obci1CLaVaQLdl1'
set system security medium

Step 3: Run the command file show running://log/user/audit_file/audit_file on DUT0 and check whether the output contains the following tokens:

User 'admin' executed a new command: 'show running'
Show output
2026-05-19 15:35:47.303970 daemon-info , modulelauncher[454275]:  Secure mode started
2026-05-19 15:35:48.829821 auth-notice , OSDxCLI:  User 'admin' has logged in.
2026-05-19 15:35:48.944342 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'file show running://log/user/audit_file/audit_file'.
2026-05-19 15:35:48.982989 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'show running'.

Step 4: Set the following configuration in DUT0 :

set system cli configuration logging cli info
set system login user admin authentication encrypted-password '$6$DULebVpBHuOucluz$Bgiv9U4JB5z8o9Tl3J1FpjPEzL3FC3cJF5gHMTL4ACs1YoBC1qUgNUocWzAarU7W4iA6CU8obci1CLaVaQLdl1'
set system security medium

Step 5: Run the command file show running://log/user/audit_file/audit_file on DUT0 and check whether the output contains the following tokens:

User 'admin' committed the configuration
Show output
2026-05-19 15:35:47.303970 daemon-info , modulelauncher[454275]:  Secure mode started
2026-05-19 15:35:48.829821 auth-notice , OSDxCLI:  User 'admin' has logged in.
2026-05-19 15:35:48.944342 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'file show running://log/user/audit_file/audit_file'.
2026-05-19 15:35:48.982989 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'show running'.
2026-05-19 15:35:49.146019 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'file show running://log/user/audit_file/audit_file'.
2026-05-19 15:35:49.260324 auth-notice , OSDxCLI:  User 'admin' entered the configuration menu.
2026-05-19 15:35:49.314292 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'set system cli configuration logging cli info'.
2026-05-19 15:35:49.373001 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'show working'.
2026-05-19 15:35:49.448864 user-warning , OSDxCLI:  Signal 10 received
2026-05-19 15:35:49.455180 auth-notice , OSDxCLI:  User 'admin' committed the configuration.
2026-05-19 15:35:49.503939 auth-notice , OSDxCLI:  User 'admin' left the configuration menu.

Hidden Passwords

Description

Plain passwords are not displayed

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set system aaa server tacacs TAC1 address 10.215.168.1
set system aaa server tacacs TAC1 encrypted-key U2FsdGVkX1+p/WmbV+cvM99vFE2PsHYKTVTFH/rHGEQ=
set system login user admin authentication encrypted-password '$6$u/TrW/x2FKRSvgLP$7Rl2qQSw7h7Se11uPCOSgaQTlJbGvTT2cAB5WHZDygWMJBx3amLy/HTc2eVyieG/hjq0/1EbbGVCIaYNjzGel0'
set system security medium

Step 2: Run the command file show running://log/user/audit_file/audit_file on DUT0 and check whether the output contains the following tokens:

User 'admin' added a new cfg line: 'set system aaa server tacacs TAC1 key ******'
Show output
2026-05-19 15:35:57.045964 daemon-info , modulelauncher[454698]:  Secure mode started
2026-05-19 15:35:58.470095 auth-notice , OSDxCLI:  User 'admin' has logged in.
2026-05-19 15:35:58.598559 auth-notice , OSDxCLI:  User 'admin' entered the configuration menu.
2026-05-19 15:35:58.676302 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
2026-05-19 15:35:58.755756 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'set system aaa server tacacs TAC1 key ******'.
2026-05-19 15:35:58.802956 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'set system aaa server tacacs TAC1 address 10.215.168.1'.
2026-05-19 15:35:58.906720 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'show working'.
2026-05-19 15:35:59.210309 auth-notice , OSDxCLI:  User 'admin' committed the configuration.
2026-05-19 15:35:59.224645 auth-notice , OSDxCLI:  User 'admin' left the configuration menu.

Audit file permissions

Description

Non admin user is allowed to open audit file

Scenario

Step 1: Set the following configuration in DUT0 :

set system login role cfg level 10
set system login user admin authentication encrypted-password '$6$9FlkyKFf61IvceQU$92KML9tQLx6.5z.rCAs66BttMRNRtIeGha2G8swEjXHbD1Uni2GcXD9e.Rjgp/XphMVeJzPTB8x92Y6MeqB3v1'
set system login user test authentication encrypted-password '$6$LHg/WrYob.5Op2Wh$ymOTlzfn85CSM4dgI45lS5MHEIKjTrXezfRkq3bu2mg6wtaZCRLqWTpLPCKKGJZW7.4ZlcVEIhww.Fn.bCyai1'
set system login user test role cfg
set system security medium

Step 2: Login as test with password tEst!2qqqqqq:

test@osdx

Note

After a security level change, the device requires re-authentication with credentials that comply with the new security policy.

Step 3: Run the command file show running://log/user/audit_file/audit_file on DUT0 and check whether the output contains the following tokens:

Permission denied
Show output
hexdump: /opt/vyatta/etc/config/log/user/audit_file/audit_file: Permission denied
hexdump: all input file arguments failed