Accounting

These scenarios show accounting feature when secure mode is enabled. All logs are stored in file: running://log/user/audit_file/audit_file

File Logs

Description

Show different logs stored in audit file

Scenario

Step 1: Run command file show running://log/user/audit_file/audit_file at DUT0 and check if output contains the following tokens:

Secure mode started

Show output

2025-08-20 13:18:31.406544 daemon-info , modulelauncher[90530]:  Secure mode started
2025-08-20 13:18:32.956780 auth-notice , OSDxCLI:  User 'admin' has logged in.

Step 2: Run command show running at DUT0 and expect this output:

Show output

# Teldat OSDx VM version v4.2.4.7
# Wed 20 Aug 2025 13:18:33 +00:00
# Warning: Configuration has not been saved
set system login user admin authentication encrypted-password '$6$mDsgyU8e7uQcavXN$uvyhLRGh1LEj7bCdpDGo9EHTiErd8DjnhKaWz8nJWLmFqEDDpMBjGskb1voadN.G5WsgL15ZL1jmi810TECon0'
set system security medium

Step 3: Run command file show running://log/user/audit_file/audit_file at DUT0 and check if output contains the following tokens:

User 'admin' executed a new command: 'show running'

Show output

2025-08-20 13:18:31.406544 daemon-info , modulelauncher[90530]:  Secure mode started
2025-08-20 13:18:32.956780 auth-notice , OSDxCLI:  User 'admin' has logged in.
2025-08-20 13:18:33.066760 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'file show running://log/user/audit_file/audit_file'.
2025-08-20 13:18:33.109407 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'show running'.

Step 4: Set the following configuration in DUT0 :

set system cli configuration logging cli info
set system login user admin authentication encrypted-password '$6$mDsgyU8e7uQcavXN$uvyhLRGh1LEj7bCdpDGo9EHTiErd8DjnhKaWz8nJWLmFqEDDpMBjGskb1voadN.G5WsgL15ZL1jmi810TECon0'
set system security medium

Step 5: Run command file show running://log/user/audit_file/audit_file at DUT0 and check if output contains the following tokens:

User 'admin' committed the configuration

Show output

2025-08-20 13:18:31.406544 daemon-info , modulelauncher[90530]:  Secure mode started
2025-08-20 13:18:32.956780 auth-notice , OSDxCLI:  User 'admin' has logged in.
2025-08-20 13:18:33.066760 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'file show running://log/user/audit_file/audit_file'.
2025-08-20 13:18:33.109407 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'show running'.
2025-08-20 13:18:33.270898 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'file show running://log/user/audit_file/audit_file'.
2025-08-20 13:18:33.388927 auth-notice , OSDxCLI:  User 'admin' entered the configuration menu.
2025-08-20 13:18:33.449706 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'set system cli configuration logging cli info'.
2025-08-20 13:18:33.519742 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'show working'.
2025-08-20 13:18:33.598183 user-warning , OSDxCLI:  Signal 10 received
2025-08-20 13:18:33.600439 auth-notice , OSDxCLI:  User 'admin' committed the configuration.
2025-08-20 13:18:33.653964 auth-notice , OSDxCLI:  User 'admin' left the configuration menu.

---

Hidden Passwords

Description

Plain passwords are not displayed

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set system aaa server tacacs TAC1 address 10.215.168.1
set system aaa server tacacs TAC1 encrypted-key U2FsdGVkX18/Im2py1cxFSj/mSV+kOo65txI4V/Ie60=
set system login user admin authentication encrypted-password '$6$bI5WOjaymlgoZa.s$iR4odKy3W4WFfgN.ukHL8044Xsk7MhKbskKutujG.c62bwFva/Zks3DfFnYOfmduAf4Xqc5kH1wRFM6adC.aP1'
set system security medium

Step 2: Run command file show running://log/user/audit_file/audit_file at DUT0 and check if output contains the following tokens:

User 'admin' added a new cfg line: 'set system aaa server tacacs TAC1 key ******'

Show output

2025-08-20 13:18:41.214772 daemon-info , modulelauncher[90916]:  Secure mode started
2025-08-20 13:18:42.825361 auth-notice , OSDxCLI:  User 'admin' has logged in.
2025-08-20 13:18:42.997954 auth-notice , OSDxCLI:  User 'admin' entered the configuration menu.
2025-08-20 13:18:43.108763 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
2025-08-20 13:18:43.202399 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'set system aaa server tacacs TAC1 key ******'.
2025-08-20 13:18:43.257622 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'set system aaa server tacacs TAC1 address 10.215.168.1'.
2025-08-20 13:18:43.368476 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'show working'.
2025-08-20 13:18:43.551023 auth-notice , OSDxCLI:  User 'admin' committed the configuration.
2025-08-20 13:18:43.570952 auth-notice , OSDxCLI:  User 'admin' left the configuration menu.

---

Audit file permissions

Description

Non admin user is allowed to open audit file

Scenario

Step 1: Set the following configuration in DUT0 :

set system login role cfg level 10
set system login user admin authentication encrypted-password '$6$0GObE0TktFIkBgsr$ebms9cmb9dTOJujUi5DcLRWw5ilsc78z8oTWOpJMYWtMyf1inPijijZdrJBCqcbDIDoxGY.6bl89QYLocUW7F1'
set system login user test authentication encrypted-password '$6$sgzptJjgbnNCxLlw$IX5z6f/PambF.rCcQLvs3y.0RHhb2aEsom5SIBh2m1JWrEta/JrJTiF6qO89XHpCWaJ1v0I1lOvTIRPgypTNL0'
set system login user test role cfg
set system security medium

Step 2: Login as test with password tEst!2qqqqqq

Step 3: Run command file show running://log/user/audit_file/audit_file at DUT0 and check if output contains the following tokens:

Permission denied

Show output

hexdump: /opt/vyatta/etc/config/log/user/audit_file/audit_file: Permission denied
hexdump: all input file arguments failed

---