Accounting
These scenarios show accounting feature when secure mode is enabled. All logs are stored in file: running://log/user/audit_file/audit_file
File Logs
Description
Show different logs stored in audit file
Scenario
Step 1: Run command file show running://log/user/audit_file/audit_file at DUT0 and check if output contains the following tokens:
Secure mode startedShow output
2025-05-26 10:10:58.809023 daemon-info , modulelauncher[105886]: Secure mode started 2025-05-26 10:11:00.328113 auth-notice , OSDxCLI: User 'admin' has logged in.
Step 2: Run command show running at DUT0 and expect this output:
Show output
# Teldat OSDx VM version v4.2.2.5 # Mon 26 May 2025 10:11:00 +00:00 # Warning: Configuration has not been saved set system login user admin authentication encrypted-password '$6$tNpBZZ8fNWnu2Qz/$m8KhVt.sz267nh34xFo1PKFECo9Lyh2XH2yc.f.m2RrAyeMkvfHIY4OZslI/y2upCe4wbOB8m9/MBB1NK8Y7N.' set system security medium
Step 3: Run command file show running://log/user/audit_file/audit_file at DUT0 and check if output contains the following tokens:
User 'admin' executed a new command: 'show running'Show output
2025-05-26 10:10:58.809023 daemon-info , modulelauncher[105886]: Secure mode started 2025-05-26 10:11:00.328113 auth-notice , OSDxCLI: User 'admin' has logged in. 2025-05-26 10:11:00.463115 auth-notice , OSDxCLI: User 'admin' executed a new command: 'file show running://log/user/audit_file/audit_file'. 2025-05-26 10:11:00.515115 auth-notice , OSDxCLI: User 'admin' executed a new command: 'show running'.
Step 4: Set the following configuration in DUT0 :
set system cli configuration logging cli info set system login user admin authentication encrypted-password '$6$tNpBZZ8fNWnu2Qz/$m8KhVt.sz267nh34xFo1PKFECo9Lyh2XH2yc.f.m2RrAyeMkvfHIY4OZslI/y2upCe4wbOB8m9/MBB1NK8Y7N.' set system security medium
Step 5: Run command file show running://log/user/audit_file/audit_file at DUT0 and check if output contains the following tokens:
User 'admin' committed the configurationShow output
2025-05-26 10:10:58.809023 daemon-info , modulelauncher[105886]: Secure mode started 2025-05-26 10:11:00.328113 auth-notice , OSDxCLI: User 'admin' has logged in. 2025-05-26 10:11:00.463115 auth-notice , OSDxCLI: User 'admin' executed a new command: 'file show running://log/user/audit_file/audit_file'. 2025-05-26 10:11:00.515115 auth-notice , OSDxCLI: User 'admin' executed a new command: 'show running'. 2025-05-26 10:11:00.700889 auth-notice , OSDxCLI: User 'admin' executed a new command: 'file show running://log/user/audit_file/audit_file'. 2025-05-26 10:11:00.840880 auth-notice , OSDxCLI: User 'admin' entered the configuration menu. 2025-05-26 10:11:00.925210 auth-notice , OSDxCLI: User 'admin' added a new cfg line: 'set system cli configuration logging cli info'. 2025-05-26 10:11:01.008541 auth-notice , OSDxCLI: User 'admin' added a new cfg line: 'show working'. 2025-05-26 10:11:01.088121 user-warning , OSDxCLI: Signal 10 received 2025-05-26 10:11:01.090390 auth-notice , OSDxCLI: User 'admin' committed the configuration. 2025-05-26 10:11:01.130348 auth-notice , OSDxCLI: User 'admin' left the configuration menu.
Audit file permissions
Description
Non admin user is allowed to open audit file
Scenario
Step 1: Set the following configuration in DUT0 :
set system login role cfg level 10 set system login user admin authentication encrypted-password '$6$Cmmpy/xAU.hSgFKa$w0Uf15TGILZlP.ODcUeRL.e9tAGu9GutjV07oMKK2ChV.oqwPVdkJOn/ftGIZ1iKGzlB5ZJZ8QlSVu3lD6kiU0' set system login user test authentication encrypted-password '$6$Res56RWyjHBI/DgZ$7a7rPxaA4eeZVQD79ZJ5kdnaR1NcwJmHptL2AYEKm3WXiUZrp0tIL5G9GxMCvgU9NqSPZAPZf5RrXKm.aFDMc.' set system login user test role cfg set system security medium
Step 2: Login as test with password tEst!2qqqqqq
Step 3: Run command file show running://log/user/audit_file/audit_file at DUT0 and check if output contains the following tokens:
Permission deniedShow output
hexdump: /opt/vyatta/etc/config/log/user/audit_file/audit_file: Permission denied hexdump: all input file arguments failed