Accounting

These scenarios show accounting feature when secure mode is enabled. All logs are stored in file: running://log/user/audit_file/audit_file

File Logs

Description

Show different logs stored in audit file

Scenario

Step 1: Run command file show running://log/user/audit_file/audit_file at DUT0 and check if output contains the following tokens:

Secure mode started

Show output

2025-03-21 23:24:37.787985 daemon-info , modulelauncher[229990]:  Secure mode started
2025-03-21 23:24:39.464280 auth-notice , OSDxCLI:  User 'admin' has logged in.

Step 2: Run command show running at DUT0 and expect this output:

Show output

# Teldat OSDx VM version 202503211214.a3e79e6-master-snapshot
# Fri 21 Mar 2025 23:24:39 +00:00
# Warning: Configuration has not been saved
set system login user admin authentication encrypted-password '$6$K8lhjf/ioaD0IkoT$SNuTQJJGUBW.hmwwPDJhbVxI2KxOP9osz4FbFVMg2E130VrHNazDSN/eXxlUgTqdiavKyO6vpLOooqA8FT/Sl/'
set system security medium

Step 3: Run command file show running://log/user/audit_file/audit_file at DUT0 and check if output contains the following tokens:

User 'admin' executed a new command: 'show running'

Show output

2025-03-21 23:24:37.787985 daemon-info , modulelauncher[229990]:  Secure mode started
2025-03-21 23:24:39.464280 auth-notice , OSDxCLI:  User 'admin' has logged in.
2025-03-21 23:24:39.678431 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'file show running://log/user/audit_file/audit_file'.
2025-03-21 23:24:39.785241 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'show running'.

Step 4: Set the following configuration in DUT0 :

set system cli configuration logging cli info
set system login user admin authentication encrypted-password '$6$K8lhjf/ioaD0IkoT$SNuTQJJGUBW.hmwwPDJhbVxI2KxOP9osz4FbFVMg2E130VrHNazDSN/eXxlUgTqdiavKyO6vpLOooqA8FT/Sl/'
set system security medium

Step 5: Run command file show running://log/user/audit_file/audit_file at DUT0 and check if output contains the following tokens:

User 'admin' committed the configuration

Show output

2025-03-21 23:24:37.787985 daemon-info , modulelauncher[229990]:  Secure mode started
2025-03-21 23:24:39.464280 auth-notice , OSDxCLI:  User 'admin' has logged in.
2025-03-21 23:24:39.678431 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'file show running://log/user/audit_file/audit_file'.
2025-03-21 23:24:39.785241 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'show running'.
2025-03-21 23:24:40.043608 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'file show running://log/user/audit_file/audit_file'.
2025-03-21 23:24:40.219230 auth-notice , OSDxCLI:  User 'admin' entered the configuration menu.
2025-03-21 23:24:40.344806 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'set system cli configuration logging cli info'.
2025-03-21 23:24:40.481657 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'show working'.
2025-03-21 23:24:41.837652 user-warning , OSDxCLI:  Signal 10 received
2025-03-21 23:24:41.843043 auth-notice , OSDxCLI:  User 'admin' committed the configuration.
2025-03-21 23:24:41.891761 auth-notice , OSDxCLI:  User 'admin' left the configuration menu.

---

Hidden Passwords

Description

Plain passwords are not displayed

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set system aaa server tacacs TAC1 address 10.215.168.1
set system aaa server tacacs TAC1 encrypted-key U2FsdGVkX1/VyICh5kCkEUsbUGst/CtcTcjs4rQOlQA=
set system login user admin authentication encrypted-password '$6$9XCzJtFLgftA7K2Q$AAmRZzdSfxVft1OrRfjqBAuyrL.nqDtgoU2K2wNevMZ8aj92zRwWsur8Y02hr4XSfEXNDwhMmQkBT//9iYf9W.'
set system security medium

Step 2: Run command file show running://log/user/audit_file/audit_file at DUT0 and check if output contains the following tokens:

User 'admin' added a new cfg line: 'set system aaa server tacacs TAC1 key ******'

Show output

2025-03-21 23:25:07.505594 daemon-info , modulelauncher[230435]:  Secure mode started
2025-03-21 23:25:09.187671 auth-notice , OSDxCLI:  User 'admin' has logged in.
2025-03-21 23:25:09.440214 auth-notice , OSDxCLI:  User 'admin' entered the configuration menu.
2025-03-21 23:25:09.715948 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
2025-03-21 23:25:09.854475 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'set system aaa server tacacs TAC1 key ******'.
2025-03-21 23:25:09.970541 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'set system aaa server tacacs TAC1 address 10.215.168.1'.
2025-03-21 23:25:10.125569 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'show working'.
2025-03-21 23:25:10.672703 auth-notice , OSDxCLI:  User 'admin' committed the configuration.
2025-03-21 23:25:10.778557 auth-notice , OSDxCLI:  User 'admin' left the configuration menu.

---

Audit file permissions

Description

Non admin user is allowed to open audit file

Scenario

Step 1: Set the following configuration in DUT0 :

set system login role cfg level 10
set system login user admin authentication encrypted-password '$6$ulS/Tydb.eLioOZT$7EkgSqgzjJBY0goBjavOSAxhVHB5q7OWhCO8K5AcnHuAFnoOikNbi3tcer3S3exO7Gm.gu7Cvm8wA8cBzHPRZ0'
set system login user test authentication encrypted-password '$6$geuU71jHcu4anJDA$ZYNtKNSobMLBZXWj..o/Y57zc9rcBb3Cc5JVLn0.3jdy7Nq9yPJvB2cwnYSHoJYkYpdrvTy/HG5OExjACT25T.'
set system login user test role cfg
set system security medium

Step 2: Login as test with password tEst!2qqqqqq

Step 3: Run command file show running://log/user/audit_file/audit_file at DUT0 and check if output contains the following tokens:

Permission denied

Show output

hexdump: /opt/vyatta/etc/config/log/user/audit_file/audit_file: Permission denied
hexdump: all input file arguments failed

---