Is there any provision to audit/log all commands in VyOS perhaps to a remote server (e.g. via syslog).
I know there’s “history” or “show history” - but not sure how this integrates with logging?
Is there any provision to audit/log all commands in VyOS perhaps to a remote server (e.g. via syslog).
I know there’s “history” or “show history” - but not sure how this integrates with logging?
https://wiki.vyos.net/wiki/Task_scheduler
I created a script that simply outputs show configuration commands
to a file on TFTP
Why not to use commit archive ?
see Configuration versioning and archiving in VyOS
A “commit archive” is only created when the configuration is saved. So, any commands executed will only be audited if they are saved. Still, if two users execute commands and only the last one saves the configuration, the archive will be saved with their user, thus breaking the audit.
In theory it should be possible since VyOS is using a custom bash called vbash as the default shell.
However you wont pick up any commands once the logged in user do something like “sudo bash”.
A tricky part by logging commands is that there are so many ways to go around this. For example upload a script and have crontab run that for you then the commands will go unnoticed aswell.
But even if such “backdoors” exists I would also prefer an option to enable command-audit in VyOS. Might need some filtering so passwords dont leak through the syslog (who often is unencrypted when logged remotely or even locally).