New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[TACACS+] Add audisp-tacplus for per-command accounting. #8750

Merged

liuh-80 merged 75 commits into sonic-net:master from liuh-80:dev/liuh/tacacs_accounting

Dec 1, 2021

+1,757 −8

Contributor

liuh-80 commented Sep 14, 2021

This pull request integrate audisp-tacplus to SONiC for per-command accounting.

Why I did it

To support TACACS per-command accounting, we integrate audisp-tacplus project to sonic.

How I did it

Add auditd service to SONiC
Port and patch audisp-tacplus to SONiC

How to verify it

UT with CUnit to cover all new code in usersecret-filter.c
Also pass all current UT.

Which release branch to backport (provide reason below if selected)

N/A

Description for the changelog

Add audisp-tacplus for per-command accounting.

A picture of a cute animal (not mandatory but encouraged)

liuh-80 added 8 commits

August 31, 2021 10:34


          [TACACS+]: Add TACACS support library and fix memory leak issue.

00e9867


          Add Bash TACACS+ plugin.

7dcf307


          Improve code.

fff5f0c


          Integrate audisp-tacplus to SONiC for per-command accounting.

b614455


          Fix code according to discussion and PR comments.

dcc782b


          Fix PR comments

d90e0c8


          Improve PR.

2f636c5


          Fix build issue.

fe7d54a

Contributor Author

liuh-80 commented Sep 14, 2021

This just draft PR still ongoing.
Need new code to remov user secret from accounting message.
Also need local accounting with syslog support.

liuh-80 marked this pull request as ready for review

September 16, 2021 03:06

liuh-80 requested review from lguohan, qiluo-msft and xumia as code owners

September 16, 2021 03:06

liuh-80 closed this

liuh-80 reopened this

liuh-80 marked this pull request as draft

September 16, 2021 03:31

Contributor Author

liuh-80 commented Sep 16, 2021

Not ready for review, publish by mistake, switch back to draft. still need following change:

Remove user secret from accounting message.
Support syslog as 'local' accounting
Make accounting method 'local' & 'tacacs' configurable.

liuh-80 and others added 6 commits

September 16, 2021 11:42


          Improve code by PR comments.

b53c4f8


          Fix make file

22cfd79


          Merge remote-tracking branch 'origin/master' into dev/liuh/tac_suppor…

2648dcd

…t_lib


          Merge remote-tracking branch 'origin/master' into dev/liuh/bash_tacplus

8d70ebb


          Merge remote-tracking branch 'origin/master' into dev/liuh/tacacs_acc…

660da58

…ounting


          Build package with dpkg-buildpackage

db26d95

qiluo-msft reviewed

View reviewed changes

src/tacacs/audisp/Makefile Show resolved Hide resolved

qiluo-msft reviewed

View reviewed changes

src/tacacs/audisp/patches/0001-Port-audisp-tacplus-to-sonic.patch Outdated Show resolved Hide resolved

liuh-80 and others added 5 commits

September 29, 2021 14:13


          Remove user secret from accounting log.

abe81f2


          Add setting flag for authorization and accounting.

bb9fec3


          Add local accounting support.

6b97d25


          Merge remote-tracking branch 'origin/dev/liuh/tac_support_lib' into d…

85db4dc

…ev/liuh/tacacs_accounting


          Fix source address code issue..

7022bb3


          Reset submodule to master branch version.

d1e1c9a

qiluo-msft previously approved these changes

View reviewed changes

Contributor Author

liuh-80 commented Nov 26, 2021

/azp run Azure.sonic-buildimage

azure-pipelines bot commented Nov 26, 2021

Azure Pipelines successfully started running 1 pipeline(s).


          Fix sonic build image failed issue.

e80dd6b

liuh-80 dismissed qiluo-msft’s stale review via

e80dd6b

November 26, 2021 02:23

xumia approved these changes

View reviewed changes

Contributor Author

liuh-80 commented Nov 26, 2021

This PR build break because file permission of build_debian.sh change to 644, so fix this by:
'git update-index --chmod=+x build_debian.sh' and submit a new commit.

Contributor Author

liuh-80 commented Nov 26, 2021

/azp run Azure.sonic-buildimage

azure-pipelines bot commented Nov 26, 2021

Azure Pipelines successfully started running 1 pipeline(s).

Contributor Author

liuh-80 commented Nov 26, 2021

/azp run Azure.sonic-buildimage

azure-pipelines bot commented Nov 26, 2021

Azure Pipelines successfully started running 1 pipeline(s).

Contributor Author

liuh-80 commented Nov 28, 2021

/azp run Azure.sonic-buildimage

azure-pipelines bot commented Nov 28, 2021

Azure Pipelines successfully started running 1 pipeline(s).

Contributor Author

liuh-80 commented Nov 28, 2021

/azp run Azure.sonic-buildimage

azure-pipelines bot commented Nov 28, 2021

Azure Pipelines successfully started running 1 pipeline(s).

Contributor Author

liuh-80 commented Nov 29, 2021

/azp run Azure.sonic-buildimage

azure-pipelines bot commented Nov 29, 2021

Azure Pipelines successfully started running 1 pipeline(s).

Contributor Author

liuh-80 commented Nov 30, 2021

/azp run Azure.sonic-buildimage

azure-pipelines bot commented Nov 30, 2021

Azure Pipelines successfully started running 1 pipeline(s).

Contributor Author

liuh-80 commented Nov 30, 2021

/azp run Azure.sonic-buildimage

azure-pipelines bot commented Nov 30, 2021

Azure Pipelines successfully started running 1 pipeline(s).

qiluo-msft approved these changes

View reviewed changes

liuh-80 merged commit 739c456 into sonic-net:master

liuh-80 added a commit to liuh-80/sonic-buildimage that referenced this pull request


          [TACACS+] Add audisp-tacplus for per-command accounting. (sonic-net#8750

97a30d5

)

This pull request integrate audisp-tacplus to SONiC for per-command accounting.

To support TACACS per-command accounting, we integrate audisp-tacplus project to sonic.

1. Add auditd service to SONiC
2. Port and patch audisp-tacplus to SONiC

UT with CUnit to cover all new code in usersecret-filter.c
Also pass all current UT.

N/A

Add audisp-tacplus for per-command accounting.

liuh-80 added a commit to liuh-80/sonic-buildimage that referenced this pull request


          [TACACS+] Add audisp-tacplus for per-command accounting. (sonic-net#8750

76b3d02

)

This pull request integrate audisp-tacplus to SONiC for per-command accounting.

To support TACACS per-command accounting, we integrate audisp-tacplus project to sonic.

1. Add auditd service to SONiC
2. Port and patch audisp-tacplus to SONiC

UT with CUnit to cover all new code in usersecret-filter.c
Also pass all current UT.

N/A

Add audisp-tacplus for per-command accounting.

qiluo-msft pushed a commit that referenced this pull request


          [202012] [TACACS+] Add audisp-tacplus for per-command accounting. (#8750

4df2bc9

) (#15788)

This pull request integrate audisp-tacplus to SONiC for per-command accounting.

##### Work item tracking
- Microsoft ADO **(number only)**: 24433713

#### Why I did it
To support TACACS per-command accounting, we integrate audisp-tacplus project to sonic.

#### How I did it
1. Add auditd service to SONiC
2. Port and patch audisp-tacplus to SONiC

#### How to verify it
UT with CUnit to cover all new code in usersecret-filter.c
Also pass all current UT.

#### Tested branch (Please provide the tested image version)
Extract tacacs support functions into library, this will share TACACS config file parse code with other project.
Also fix memory leak issue in parse config code.

- [ ]  SONiC.202012-15723.312602-e230e2d3e

#### Description for the changelog
Add audisp-tacplus for per-command accounting.

liuh-80 mentioned this pull request

[202012] [TACACS+] Add audisp-tacplus for per-command accounting. (#8750) #15788

Merged

1 task

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet