1.1.4.2 command accounting

Information

The router reports user activity to the TACACS+ or RADIUS security server in the form of accounting records. Each accounting record contains accounting AV pairs and is stored on the security server.

Authentication, authorization and accounting (AAA) systems provide an authoritative source for managing and monitoring access for devices. Centralizing control improves consistency of access control, the services that may be accessed once authenticated and accountability by tracking services accessed. Additionally, centralizing access control simplifies and reduces administrative costs of account provisioning and de-provisioning, especially when managing a large number of devices. AAA Accounting provides a management and audit trail for user and administrative sessions through TACACS+.

Solution

Configure an accounting list which for example includes the tacacs+ or radius server group, which was defined in the prerequisites or local or both:

IOSXR(config)#aaa accounting commands default start-stop group {tacacs_group|radius_group} local
IOSXR(config)#line console accounting commands default
IOSXR(config)#line default accounting commands default

Impact:

Enabling 'aaa accounting commands' records and sends any user entered command to the accounting servers and enables organizations to monitor and analyze the activity.

Command accounting is not supported for commands that are executed using Netconf, XML or GRPC.

See Also

https://workbench.cisecurity.org/benchmarks/10473

Item Details

Category: ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

References: 800-53|AC-2(1), 800-53|AU-2, 800-53|AU-7, 800-53|AU-12

Plugin: Cisco

Control ID: 239c462590d385bd6d025cc6de0f871fd58e7a9f4c34214a8e59f65dbcf27887