Accounting

These scenarios show accounting feature when secure mode is enabled. All logs are stored in file: running://log/user/audit_file/audit_file

File Logs

Description

Show different logs stored in audit file

Scenario

Step 1: Run command file show running://log/user/audit_file/audit_file at DUT0 and check if output contains the following tokens:

Secure mode started

Show output

2025-06-23 10:26:37.548028 daemon-info , modulelauncher[402222]:  Secure mode started
2025-06-23 10:26:38.974719 auth-notice , OSDxCLI:  User 'admin' has logged in.

Step 2: Run command show running at DUT0 and expect this output:

Show output

# Teldat OSDx VM version v4.2.2.6
# Mon 23 Jun 2025 10:26:39 +00:00
# Warning: Configuration has not been saved
set system login user admin authentication encrypted-password '$6$u8H8TMERxr0oo9VZ$ua18r3BnW5FevbdDoYnEEM7mDLN1gKP7xTCa9SPlwKXCElW8G9sI0FhrIGAUhduB6n4z0OOJ5271RomHqJKjN1'
set system security medium

Step 3: Run command file show running://log/user/audit_file/audit_file at DUT0 and check if output contains the following tokens:

User 'admin' executed a new command: 'show running'

Show output

2025-06-23 10:26:37.548028 daemon-info , modulelauncher[402222]:  Secure mode started
2025-06-23 10:26:38.974719 auth-notice , OSDxCLI:  User 'admin' has logged in.
2025-06-23 10:26:39.090557 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'file show running://log/user/audit_file/audit_file'.
2025-06-23 10:26:39.132409 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'show running'.

Step 4: Set the following configuration in DUT0 :

set system cli configuration logging cli info
set system login user admin authentication encrypted-password '$6$u8H8TMERxr0oo9VZ$ua18r3BnW5FevbdDoYnEEM7mDLN1gKP7xTCa9SPlwKXCElW8G9sI0FhrIGAUhduB6n4z0OOJ5271RomHqJKjN1'
set system security medium

Step 5: Run command file show running://log/user/audit_file/audit_file at DUT0 and check if output contains the following tokens:

User 'admin' committed the configuration

Show output

2025-06-23 10:26:37.548028 daemon-info , modulelauncher[402222]:  Secure mode started
2025-06-23 10:26:38.974719 auth-notice , OSDxCLI:  User 'admin' has logged in.
2025-06-23 10:26:39.090557 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'file show running://log/user/audit_file/audit_file'.
2025-06-23 10:26:39.132409 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'show running'.
2025-06-23 10:26:39.306984 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'file show running://log/user/audit_file/audit_file'.
2025-06-23 10:26:39.425735 auth-notice , OSDxCLI:  User 'admin' entered the configuration menu.
2025-06-23 10:26:39.486239 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'set system cli configuration logging cli info'.
2025-06-23 10:26:39.586583 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'show working'.
2025-06-23 10:26:39.642515 user-warning , OSDxCLI:  Signal 10 received
2025-06-23 10:26:39.644966 auth-notice , OSDxCLI:  User 'admin' committed the configuration.
2025-06-23 10:26:39.705111 auth-notice , OSDxCLI:  User 'admin' left the configuration menu.

---

Hidden Passwords

Description

Plain passwords are not displayed

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set system aaa server tacacs TAC1 address 10.215.168.1
set system aaa server tacacs TAC1 encrypted-key U2FsdGVkX18/8frV8rhbTC/+7Kgc/ucH/MYSQYlsVoA=
set system login user admin authentication encrypted-password '$6$bAyGXStxIvnvJLm8$xqDxw3BqMZJRBdvsLPy9DflxE4/RinJgNvdzk2f3wIQZqNjbfGqCU57hZiJ9MM/eKPgh5oJtjx6rXpsB8CySp/'
set system security medium

Step 2: Run command file show running://log/user/audit_file/audit_file at DUT0 and check if output contains the following tokens:

User 'admin' added a new cfg line: 'set system aaa server tacacs TAC1 key ******'

Show output

2025-06-23 10:26:47.155308 daemon-info , modulelauncher[402579]:  Secure mode started
2025-06-23 10:26:48.759833 auth-notice , OSDxCLI:  User 'admin' has logged in.
2025-06-23 10:26:48.896947 auth-notice , OSDxCLI:  User 'admin' entered the configuration menu.
2025-06-23 10:26:48.977293 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
2025-06-23 10:26:49.069371 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'set system aaa server tacacs TAC1 key ******'.
2025-06-23 10:26:49.148831 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'set system aaa server tacacs TAC1 address 10.215.168.1'.
2025-06-23 10:26:49.230421 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'show working'.
2025-06-23 10:26:49.446584 auth-notice , OSDxCLI:  User 'admin' committed the configuration.
2025-06-23 10:26:49.464675 auth-notice , OSDxCLI:  User 'admin' left the configuration menu.

---

Audit file permissions

Description

Non admin user is allowed to open audit file

Scenario

Step 1: Set the following configuration in DUT0 :

set system login role cfg level 10
set system login user admin authentication encrypted-password '$6$1jOZazzHtcBZlhqn$a3.F14ApdsRDJBj56v47AfnwGFrfYwsJRrs05Z3bh7iCdWPOPIxwEM0YkOjDMqFLcagc5O5WucTD7CelpRFQ10'
set system login user test authentication encrypted-password '$6$XExyX4LmEDhzaihj$tIuKm6zTRsnY50soXaEdzL5jxBIMZz.i1cefv7/.M1kEjbRQLqcKFEWQVJJdvRt5BZ0IeNkkafDWHdycIoRGO/'
set system login user test role cfg
set system security medium

Step 2: Login as test with password tEst!2qqqqqq

Step 3: Run command file show running://log/user/audit_file/audit_file at DUT0 and check if output contains the following tokens:

Permission denied

Show output

hexdump: /opt/vyatta/etc/config/log/user/audit_file/audit_file: Permission denied
hexdump: all input file arguments failed

---