Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1636
Views
0
Helpful
1
Replies

Keystroke logging

Go to solution
MITCH JOHNSON
Level 1
Level 1

‎09-28-2006 07:09 PM - edited ‎03-10-2019 02:46 PM

Using ACS and tacacs+ can I record the keystrokes users type when they enter commands on a device such as a router or switch?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
pbunet
Level 1
Level 1

‎09-29-2006 12:56 AM

Yes , you can record whatever commands a user has run on the Cisco IOS box . For this you need to firstly configure command authorization on the IOS device along with the accounting. Below are the commands that you need.

aaa new-model

aaa authentication login default group tacacs local

aaa authorization exec default group tacacs if-autheticated

aaa authorization commands 0 default group tacacs if-authenticated

aaa authorization commands 1 default group tacacs if-authenticated

aaa authorization commands 15 default group tacacs if-authenticated

aaa accounting commands 0 default group tacacs

aaa accounting commands 1 default group tacacs

aaa accounting commands 15 default group tacacs

tacacs-server host x.x.x.x ket

We also need to configure command authorization in ACS server using the below link ( Note : this link show the sample configuration of ACS using PIX but you can configure the IOS devices similarly)

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2086/products_configuration_guide_chapter09186a00801fd7cb.html

Once we have configured the ACS and the IOS devices you can check the commands run by users in ACS by going to Reports & Activities > Tacacs admin logs .

View solution in original post

0 Helpful
1 Reply 1

Go to solution
pbunet
Level 1
Level 1

‎09-29-2006 12:56 AM

Yes , you can record whatever commands a user has run on the Cisco IOS box . For this you need to firstly configure command authorization on the IOS device along with the accounting. Below are the commands that you need.

aaa new-model

aaa authentication login default group tacacs local

aaa authorization exec default group tacacs if-autheticated

aaa authorization commands 0 default group tacacs if-authenticated

aaa authorization commands 1 default group tacacs if-authenticated

aaa authorization commands 15 default group tacacs if-authenticated

aaa accounting commands 0 default group tacacs

aaa accounting commands 1 default group tacacs

aaa accounting commands 15 default group tacacs

tacacs-server host x.x.x.x ket

We also need to configure command authorization in ACS server using the below link ( Note : this link show the sample configuration of ACS using PIX but you can configure the IOS devices similarly)

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2086/products_configuration_guide_chapter09186a00801fd7cb.html

Once we have configured the ACS and the IOS devices you can check the commands run by users in ACS by going to Reports & Activities > Tacacs admin logs .

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents