Accounting

These scenarios show accounting feature when secure mode is enabled. All logs are stored in file: running://log/user/audit_file/audit_file

File Logs

Description

Show different logs stored in audit file

Scenario

Step 1: Run the command file show running://log/user/audit_file/audit_file on DUT0 and check whether the output contains the following tokens:

Secure mode started

Show output

2026-06-03 10:42:14.510721 daemon-info , modulelauncher[80047]:  Secure mode started
2026-06-03 10:42:15.899086 auth-notice , OSDxCLI:  User 'admin' has logged in.

Step 2: Run the command show running on DUT0 and expect the following output:

Show output

# Teldat OSDx VM version v4.2.10.1
# Wed 03 Jun 2026 10:42:16 +00:00
# Warning: Configuration has not been saved
set system login user admin authentication encrypted-password '$6$YpFDQ4Y/A042/3J0$sJlE22AzIOmjHyLqXMqZEHkncrmNuFJXCcsMZRTV3dgWyTLT2uAjzsoaYsxRab/CzZZr5.m3.8Ve6zCCpxPDh.'
set system security medium

Step 3: Run the command file show running://log/user/audit_file/audit_file on DUT0 and check whether the output contains the following tokens:

User 'admin' executed a new command: 'show running'

Show output

2026-06-03 10:42:14.510721 daemon-info , modulelauncher[80047]:  Secure mode started
2026-06-03 10:42:15.899086 auth-notice , OSDxCLI:  User 'admin' has logged in.
2026-06-03 10:42:16.023163 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'file show running://log/user/audit_file/audit_file'.
2026-06-03 10:42:16.062671 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'show running'.

Step 4: Set the following configuration in DUT0 :

set system cli configuration logging cli info
set system login user admin authentication encrypted-password '$6$YpFDQ4Y/A042/3J0$sJlE22AzIOmjHyLqXMqZEHkncrmNuFJXCcsMZRTV3dgWyTLT2uAjzsoaYsxRab/CzZZr5.m3.8Ve6zCCpxPDh.'
set system security medium

Step 5: Run the command file show running://log/user/audit_file/audit_file on DUT0 and check whether the output contains the following tokens:

User 'admin' committed the configuration

Show output

2026-06-03 10:42:14.510721 daemon-info , modulelauncher[80047]:  Secure mode started
2026-06-03 10:42:15.899086 auth-notice , OSDxCLI:  User 'admin' has logged in.
2026-06-03 10:42:16.023163 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'file show running://log/user/audit_file/audit_file'.
2026-06-03 10:42:16.062671 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'show running'.
2026-06-03 10:42:16.248075 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'file show running://log/user/audit_file/audit_file'.
2026-06-03 10:42:16.361318 auth-notice , OSDxCLI:  User 'admin' entered the configuration menu.
2026-06-03 10:42:16.423526 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'set system cli configuration logging cli info'.
2026-06-03 10:42:16.487338 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'show working'.
2026-06-03 10:42:16.572265 user-warning , OSDxCLI:  Signal 10 received
2026-06-03 10:42:16.577800 auth-notice , OSDxCLI:  User 'admin' committed the configuration.
2026-06-03 10:42:16.635770 auth-notice , OSDxCLI:  User 'admin' left the configuration menu.

---

Hidden Passwords

Description

Plain passwords are not displayed

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set system aaa server tacacs TAC1 address 10.215.168.1
set system aaa server tacacs TAC1 encrypted-key U2FsdGVkX18XiX4eDmzjuM2oLRBRKAs/mxFLoPClXEg=
set system login user admin authentication encrypted-password '$6$s8dvt33721iWRnOv$q0dfZUjDSL0DzthcPFQYFdcEOve5R55CffLtJOKnuKfic4N1nUft0xB0EC9VV5NixiLbzu5O/cd0RWB7eNkY41'
set system security medium

Step 2: Run the command file show running://log/user/audit_file/audit_file on DUT0 and check whether the output contains the following tokens:

User 'admin' added a new cfg line: 'set system aaa server tacacs TAC1 key ******'

Show output

2026-06-03 10:42:24.140951 daemon-info , modulelauncher[80471]:  Secure mode started
2026-06-03 10:42:25.755937 auth-notice , OSDxCLI:  User 'admin' has logged in.
2026-06-03 10:42:25.885928 auth-notice , OSDxCLI:  User 'admin' entered the configuration menu.
2026-06-03 10:42:25.972877 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
2026-06-03 10:42:26.062397 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'set system aaa server tacacs TAC1 key ******'.
2026-06-03 10:42:26.135978 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'set system aaa server tacacs TAC1 address 10.215.168.1'.
2026-06-03 10:42:26.207457 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'show working'.
2026-06-03 10:42:26.617505 auth-notice , OSDxCLI:  User 'admin' committed the configuration.
2026-06-03 10:42:26.632499 auth-notice , OSDxCLI:  User 'admin' left the configuration menu.

---

Audit file permissions

Description

Non admin user is allowed to open audit file

Scenario

Step 1: Set the following configuration in DUT0 :

set system login role cfg level 10
set system login user admin authentication encrypted-password '$6$CAqjhtOuYqc6gSw2$itOatL463zk6PrMGpDGDJ2TiVMgZ9je9fdRuGpZsS42DDBdLFwS45E58MgG9cy5Oho47mO92taWkZmNS5WL3..'
set system login user test authentication encrypted-password '$6$PVy1jSdl7DkCDCMG$y.WusDQQ/46seZ9Sov9joGCChEiD7ni59QFzCj94p.v6iKNNZb2LC2vrHwdfj4/iMjNfnUS/CLYNF9D5sfio3/'
set system login user test role cfg
set system security medium

Step 2: Login as test with password tEst!2qqqqqq:

test@osdx

Note

After a security level change, the device requires re-authentication with credentials that comply with the new security policy.

Step 3: Run the command file show running://log/user/audit_file/audit_file on DUT0 and check whether the output contains the following tokens:

Permission denied

Show output

hexdump: /opt/vyatta/etc/config/log/user/audit_file/audit_file: Permission denied
hexdump: all input file arguments failed

---