Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1714
Views
0
Helpful
2
Replies

AAA, PIX, and audit tracking

dladen
Level 1
Level 1

‎03-12-2003 04:21 PM - edited ‎03-10-2019 07:12 AM

I would to be able to have an audit trail for all changes to our firewall. I have setup the PIX to use aaa for authentication. Commands associated with the user ID are sent to the syslog server until I provide the enable password. Afterwards, all commands are associated with the enable_15.

If I configure TACACS to allow enable access, I can get enable access and the user name is associated with the commands.

Can I have the user name associated with a command in syslog but use the generic enable command? I have PIX6.2.2 and ACS2.6. I used "Cisco - Authentication and Command Authorization for PIX 6.2" as a reference setting this up.

Labels:
0 Helpful
2 Replies 2

b.hsu
Level 5
Level 5

‎03-18-2003 01:01 PM

I don't think it's possible to hide the previlege level form the user... at least I do not know of ways of doing this. The user can always issue the 'show curpriv' command and figure out his/her privelege level.

0 Helpful

dladen
Level 1
Level 1
In response to b.hsu

‎03-18-2003 01:36 PM

Thanks for the info but that is not what I am trying to do.

If I enter the command aaa authentication telnet console TACSERVER, a remote user needs an TACACS id and password to get line access. The enable password is used to get enable access. In the syslog server, I can see the activities of the user until they run the enable command. All privledge 15 command are associated with user enable_15. I would like the user to use the enable password but still have the syslog information associated with there ID.

If I enter the command aaa authentication enable console TACSERVER, I can have the user gain enable access with a password from the TACACS server. In this configuration, all privledge 15 commands are assoicated wtih the user name. This works and will probably be what I implement but I was hoping to use a generic enable password.

Thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents