Accounting

These scenarios show accounting feature when secure mode is enabled. All logs are stored in file: running://log/user/audit_file/audit_file

File Logs

Description

Show different logs stored in audit file

Scenario

Step 1: Run command file show running://log/user/audit_file/audit_file at DUT0 and check if output contains the following tokens:

Secure mode started

Show output

2025-11-12 13:15:41.474155 daemon-info , modulelauncher[252338]:  Secure mode started
2025-11-12 13:15:43.151983 auth-notice , OSDxCLI:  User 'admin' has logged in.

Step 2: Run command show running at DUT0 and expect this output:

Show output

# Teldat OSDx VM version v4.2.7.1
# Wed 12 Nov 2025 13:15:43 +00:00
# Warning: Configuration has not been saved
set system login user admin authentication encrypted-password '$6$htprg0w/Mn3gT0bO$J1guHBb1MZIcp13Uhs2yROfV0Gqvh3IfxAjhy04yTu1PxMwLiqiY4jl1dckPbXqM0siJ1qT3if7s/w7KDIPGS0'
set system security medium

Step 3: Run command file show running://log/user/audit_file/audit_file at DUT0 and check if output contains the following tokens:

User 'admin' executed a new command: 'show running'

Show output

2025-11-12 13:15:41.474155 daemon-info , modulelauncher[252338]:  Secure mode started
2025-11-12 13:15:43.151983 auth-notice , OSDxCLI:  User 'admin' has logged in.
2025-11-12 13:15:43.254711 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'file show running://log/user/audit_file/audit_file'.
2025-11-12 13:15:43.292988 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'show running'.

Step 4: Set the following configuration in DUT0 :

set system cli configuration logging cli info
set system login user admin authentication encrypted-password '$6$htprg0w/Mn3gT0bO$J1guHBb1MZIcp13Uhs2yROfV0Gqvh3IfxAjhy04yTu1PxMwLiqiY4jl1dckPbXqM0siJ1qT3if7s/w7KDIPGS0'
set system security medium

Step 5: Run command file show running://log/user/audit_file/audit_file at DUT0 and check if output contains the following tokens:

User 'admin' committed the configuration

Show output

2025-11-12 13:15:41.474155 daemon-info , modulelauncher[252338]:  Secure mode started
2025-11-12 13:15:43.151983 auth-notice , OSDxCLI:  User 'admin' has logged in.
2025-11-12 13:15:43.254711 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'file show running://log/user/audit_file/audit_file'.
2025-11-12 13:15:43.292988 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'show running'.
2025-11-12 13:15:43.468467 auth-notice , OSDxCLI:  User 'admin' executed a new command: 'file show running://log/user/audit_file/audit_file'.
2025-11-12 13:15:43.609283 auth-notice , OSDxCLI:  User 'admin' entered the configuration menu.
2025-11-12 13:15:43.676983 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'set system cli configuration logging cli info'.
2025-11-12 13:15:43.766815 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'show working'.
2025-11-12 13:15:43.844455 user-warning , OSDxCLI:  Signal 10 received
2025-11-12 13:15:43.846430 auth-notice , OSDxCLI:  User 'admin' committed the configuration.
2025-11-12 13:15:43.931477 auth-notice , OSDxCLI:  User 'admin' left the configuration menu.

---

Hidden Passwords

Description

Plain passwords are not displayed

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set system aaa server tacacs TAC1 address 10.215.168.1
set system aaa server tacacs TAC1 encrypted-key U2FsdGVkX1/x3Pd6LtBenf+hk3Vziomp8IP0IqAKYBs=
set system login user admin authentication encrypted-password '$6$5MFHF08t2HToHKED$FNJLVFjH7WWGDCbGkdhzqhI5uVERZWbrf/a9uYDBgLQc5bwtAi.775B1ZGE4ZO/ZERCXfe6oRRTcOQ.0HrTtU/'
set system security medium

Step 2: Run command file show running://log/user/audit_file/audit_file at DUT0 and check if output contains the following tokens:

User 'admin' added a new cfg line: 'set system aaa server tacacs TAC1 key ******'

Show output

2025-11-12 13:15:51.291984 daemon-info , modulelauncher[252731]:  Secure mode started
2025-11-12 13:15:52.714707 auth-notice , OSDxCLI:  User 'admin' has logged in.
2025-11-12 13:15:52.893178 auth-notice , OSDxCLI:  User 'admin' entered the configuration menu.
2025-11-12 13:15:52.987482 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
2025-11-12 13:15:53.070060 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'set system aaa server tacacs TAC1 key ******'.
2025-11-12 13:15:53.179570 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'set system aaa server tacacs TAC1 address 10.215.168.1'.
2025-11-12 13:15:53.260181 auth-notice , OSDxCLI:  User 'admin' added a new cfg line: 'show working'.
2025-11-12 13:15:53.545437 auth-notice , OSDxCLI:  User 'admin' committed the configuration.
2025-11-12 13:15:53.591266 auth-notice , OSDxCLI:  User 'admin' left the configuration menu.

---

Audit file permissions

Description

Non admin user is allowed to open audit file

Scenario

Step 1: Set the following configuration in DUT0 :

set system login role cfg level 10
set system login user admin authentication encrypted-password '$6$eYIQKOr1vAYMKws7$8TTn624xhwcM4gUZP2vloBHgfPU4dkvkfXusXpQ6AX/ly4ICacC5Oh8TBlu6TwYSpPVG5XS/xr2IbBsCLzYJS0'
set system login user test authentication encrypted-password '$6$Y8XLr7uW9pJtWqnR$4Zqgf/i53y3JScqVYf044SawjHsBvEz8j4j2QLy.KK9JmDFC1zOG0fDwPBHSBOeqMt8EA0Rfxn1BddfxU2xku/'
set system login user test role cfg
set system security medium

Step 2: Login as test with password tEst!2qqqqqq

Step 3: Run command file show running://log/user/audit_file/audit_file at DUT0 and check if output contains the following tokens:

Permission denied

Show output

hexdump: /opt/vyatta/etc/config/log/user/audit_file/audit_file: Permission denied
hexdump: all input file arguments failed

---