Final Year Project (FYP)

AAA+ Server with GUI Integration

Submitted By: Asmit PandEy

Networking (N3)

Student ID: 13051997

Submitted to: mr. Bikash Bhattarai

: Mr. Monil Adhikari

Acknowledgement

There are numerous persons behind the accomplishment of this project. Without their separate

contribution throughout the project, this project would have never been effective. Firstly, I want

to express gratitude toward Mr. Bikash Bhattarai, who is the supervisor of my project, for his

remarkable support all through this project. At whatever point I was dispirited that this project is

enormous and can't be done he continued inspiring me and gave me certainty to finish it. Further,

I would also like to thank my second supervisor Mr. Monil Adhikari in light of the fact that

without his assistance in doing this project it would questionably come up short. He has helped

me in each stride and never wavered in helping me and my task. Likewise, I might likewise want

to express my appreciation to Mr. Jems Rajbhandari, who is an individual from Wlink

Communications, for giving me immediate and realtime GUIdance wherever I got spooked and

got stuck with some errors. I would also like to thank Mr. Binod Shrestha who is also an

individual from Wlink Communications for providing me necessary leave and time to complete

my project. Further, I might likewise want to express gratitude toward some of my companions

for empowering me and furthermore furnishing me with thoughts of programming and others.

Last but not the least I also want to thank everybody, to whom I neglected to thank, for their

assistance and backing for the culmination of this project.

Abstract

Acknowledging the fact that we have completed long mile regarding security in the networking

field in a short period of time. If we go five years back from now and compare the network or

information security then versus the network or information security now; we will definitely find

a huge gap. We now have outstanding security measures that extremely minimize the risks of

data theft or any information misuse. There has been lots of research in the information security

field, mainly the research being focused on the measures to maintain the confidentiality, integrity

and availability of the information. The project I am doing is about secure ways to authenticate,

authorize the users accessing devices in wan or lan with the use of an AAA server and also to

maintain accounts on the tasks performed by those users. In the current scenario there are

different AAA servers, but the most dominant being radius and tacacs+ server. The reason for

choosing tacacs+ for this project is because it uses TCP over UDP.

This report is about the project in which an AAA server is developed with additional features

such as a GUI features like the log management and the system management. The AAA server

chosen to use is the tacacs+ server. An AAA server is used so that the effort of maintaining the

network devices in a large network will be easy. Suppose, in an ISP there are 300 switches, and

we have to maintain different user credentials for the network administrators and the system

administrators, imagine how hard the job will be if we were to configure the switches manually.

But with a centralized tacacs+ server all we need to do is to add those switches into the server.

This example proves the importance of an AAA server in terms of its value and its effort

reducing capability.

The AAA server developed the project is a tacacs+ server running on Ubuntu, which supports

authentication, authorization and accounting of network devices such as switches or routers. The

tacacs+ server is configured on the Ubuntu machine, and gns3 is used so as to use a virtual router

to act as a real router so that we can test the authentication, authorization and accounting

capability of the AAA server thus developed. The usage of gns3 however doesn’t concerns the

GUI sector of the project. The GUI interface is just created in order to make the job of the

administrator easy. The logs thus generated are fed to the database. The database that is used is

mysql. Then using web programming language, html, javascript, jquery, bootstrap and css to be

precise those logs are displayed in a graphical format. Whereas, in the server side programming

languages like nodejs., express, socket.io and mongoose are used. A tool known as sublime text

is used to write the programming codes. Likewise, a database known as mongodb is used to store

the files. And to make communication between the server side (backend) and the client side

(front end) REST API and socket are used. Thus, in this way a AAA server is developed with a

web based graphical integration.

Contents

Acknowledgement ........................................................................................................................................ 1

Abstract ......................................................................................................................................................... 2

List of Figures ................................................................................................................................................ 6

Abbreviations ................................................................................................................................................ 7

Section 1: Introduction ................................................................................................................................. 1

1.1 Introduction of Subject Matter ........................................................................................................... 1

1.2 Problem Domain ................................................................................................................................. 3

1.3 Client Information ................................................................................................................................... 4

1.4 Aims and Objectives ................................................................................................................................ 4

1.5 Report Structure ..................................................................................................................................... 5

Section 2: Background/Context .................................................................................................................... 6

2.1 Related Work ...................................................................................................................................... 8

TACACS: ................................................................................................................................................. 8

RADIUS: ................................................................................................................................................. 8

Section 3: Development ................................................................................................................................ 9

3.1Methodology ........................................................................................................................................ 9

3.1.1 Software Development Life Cycle (SDLC)..................................................................................... 9

3.1.2 Programming Approach ............................................................................................................. 14

3.1.3 Tools and Techniques................................................................................................................. 15

3.1.3.3 GNS3: ...................................................................................................................................... 17

3.2 Software Requirement Specification ................................................................................................ 20

3.2.1 System Overview ........................................................................................................................ 20

3.2.2 Dependencies ............................................................................................................................. 22

3.2.3 User Interface Requirements ..................................................................................................... 23

3.2.4 Functional Requirements ........................................................................................................... 23

3.2.5 Non-functional Requirement ..................................................................................................... 24

Section 3: Testing, Results and Conclusion ................................................................................................. 25

3.2 Critical Evaluation ............................................................................................................................. 39

3.3 Future Work ...................................................................................................................................... 39

Section 4: Conclusion .............................................................................................................................. 40

4.1 Personal Reflection ........................................................................................................................... 40

Section 5: Social and Ethical Issues ............................................................................................................. 41

Section 6: References .................................................................................................................................. 43

Appendix A .................................................................................................................................................. 45

TACACS+ Configuration files ................................................................................................................... 45

Init.d configuration file to start tacacs+ on startup ................................................................................ 49

Creating a virtual interface in ubuntu ..................................................................................................... 51

Client side HTML ..................................................................................................................................... 51

Server side HTML .................................................................................................................................... 65

List of Figures

Fig 1: RADIUS Authentication and Authorization Flow

Fig 2: SDLC Model

Fig 3: Prototyping Model

Fig 4: Typical AAA Server

Fig 5: Tacacs+ Operation

Fig 6: System Architecture

Fig 7: Successful ping between router and ubuntu and vice-versa

Fig 8: Verification that the tacacs+ server is running on port 49

Fig 9: To make sure the authentication process works.

Fig 10: Analyzing the tac_plus.log file

Fig 11: Analyzing the tac_plus.acct file

Fig 12: Verification that the backend server is running on port 300 and listening

Fig 13: Signing up for the webpage with email test@test.com and password test

Fig 14: Logging in with new email test@test.com

Fig 15: Successful login with the email test@test.com

Fig 16: Adding new user with username ‘test’ and password ‘test’ which is encrypted with DES

Fig 17: Tacacs+ server restarting after adding new user to the config.

Fig 18: Successful login to the router with the new username

Fig 19: Authentication logs generated in web module.

Fig 20: No logs are generated in the accounting log

Fig 21: Logging out of the webpage

Abbreviations

AAA: Authentication, Authorization and Accounting

TACACS: Terminal Access Controller Access-Control System

RADIUS: Remote Authentication Dial-in User Service

TCP: Transmission Control Protocol

UDP: User Datagram Protocol

REST API: Representational State Transfer Application Programming Interface

Page | 1

Section 1: Introduction

One of the most difficult jobs a network or a system administrator faces in today's network

security environment is constraining access to network devices to limited and authorized users.

Similarly as to try and frequently monitor what and when administrations are utilized, and their

recurrence of utilization. The requirement for system security puts a considerably more

noteworthy limitation on system overseers, as systems proceed to develop and turn out to be

more decentralized.

1.1 Introduction of Subject Matter

An AAA server is a server program that handles user requests for access to computer resources

and, for an enterprise, provides authentication, authorization, and accounting (AAA) services.

There are numerous AAA servers that are used widely, some of them are: XTACACS,

TACACS, TACACS +, RADIUS etc.

Mankind now has reached the information age, where theft of certain information can be

catastrophic. There are many such information’s which when gets laid on to the hands of

malicious persons can cause severe destruction. Also, there are some theories that suggest if

world war III will ever occur it will now start with information warfare. Thus, protecting certain

information is must in this information age. Likewise, securing computer resources specifically

being the network devices like router and switches in a network (lan or wan) is also essential.

The authentication of devices of network and the ways of maintain authorization is a crucial part

of maintaining and keeping a network or a system alive. And, one way of protecting those

devices is by implementing an AAA server. With the implementation of an AAA server we can

allow or deny access, control the level of access and also keep record of each and everything that

a user did in the system.

In an AAA server the first process is authentication, authentication provides a way of

identifying a user, typically by having the user enter a valid user name and a valid password

before access is granted. Following authentication, a user must gain authorization for doing

Page | 2

certain tasks. After logging into a system, for instance, the user may try to issue commands. The

final plank in the AAA framework is accounting, which measures the resources a user consumes

during access and also keeps the record or logs of the performed activities.

To see how AAA functions, the relationship between the AAA client and AAA server needs

clarification. The clarification is retrieved from data accumulated from the source referenced

toward the end of this passage. The AAA client is software that keeps running on a system

gadget, for example, a Cisco router. At the point when a client endeavors to associate with the

router, the function of the client software is to pass authentication, authorization and accounting

obligations to the AAA server so as to finish the association or the connection to the router. It

starts when the client sends the client's authentication request to the server utilizing either the

TACACS+ or the RADIUS or any other AAA server conventions. The server can check the

username and password and afterward tells the client whether the verification endeavor has

succeeded or fizzled. On the off chance that the verification is fruitful, the client is conceded

access to the system gadget. The server will give approval data to the customer permitting the

client to perform undertakings based upon the assigned privilege level. As of right now, the

client imparts recording activities to the server so the client's activities can be obviously

followed. The AAA server gives a brought together area to arrange and control these three

essential security capacities portrayed in the passage.

(Cisco Systems, Inc., User GUIde for Cisco Secure ACS 3.1 for Windows Server, “Overview

of Cisco Secure ACS”).

Another deliberation was the protocol that would be used to deliver the AAA services in this

project. The choices were TACACS+ and RADIUS. The difference between TACACS+ and

RADIUS are listed below:

TACACS+ RADIUS

It uses Transmission Control Protocol (TCP). It uses User Datagram Protocol (UDP).

It is more secure as it encrypts entire body of

the packet.

It is less secure as it encrypts only the

password.

It utilizes the full AAA architecture. It combines authentication and authorization

Page | 3

together.

It is cisco proprietary. It is industry standard.

It allows control of router commands on a

per-user and per-group basis.

It does not allow users to control which router

commands can be executed.

Although, the tacacs+ server is a cisco proprietary it is still supported by devices other than the

cisco devices; for e.g. on juniper devices. This is also one of the main reason of choosing tacacs+

for this project. Another potent reason to choose tacacs+ is because of security reason as tacacs+

works on tcp rather than udp.

1.2 Problem Domain

Almost all of the authentication, authorization and accounting servers used today are lacking

an important factor that is the GUI interface. In the current time it’s quite tedious to use the

command line to perform simple tasks. Also, there is not trend of graphical user friendly log

management system for the log generated from the tacacs+ server. Traditionally the logs are just

stored in a text file without proper ways of viewing them. This makes someone without file

system knowledge difficult to view the logs. This project aims to implement a web based log

management system which copes with the test files of log to retrieve information or logs.

The proposed system will thus be able to display the logs that are generated by the tacacs+

server in a graphical environment with some features like performing administration tasks like

adding groups and users etc.

Targeted Audience:

Internet service providers are the main targeted audience of this project. An internet service

provider is typically a company consisting of numerous network devices like router and

switches. In an ISP there are many executive people without information technology knowledge.

Thus, with the implementation of this project in the isp those people without information

Page | 4

technology knowledge can also use the tacacs+ server to add groups and users in the tacacs+

server.

The project also targets companies in which there are numerous network devices. Typically those

companies or organizations having a huge wan or an enormous lan connection.

1.3 Client Information The system model is being developed for Subisu Cablenet Private Limited., which is one of the

popular internet service provider in Nepal. It was established in 2001 and has been serving the

people of Nepal. Currently it has more than 40,000+ customers, subisu primarily provides cable

internet and television services through a HFC network. Thus, subisu has a large WAN network

consisting of numerous switches. Thus, subisu can implement the AAA+ server that is being

developed in the project so that they can manage the accounting issues of those switches with a

GUI support and also administer different users and group from the GUI interface as well.

1.4 Aims and Objectives

The main aim of this project is to develop and authentication, authorization and accounting

server with a better log management system and GUI interface to perform simple administration

tasks.

In order to accomplish these aims the following keen objectives are set and were followed:

Feasibility study for this project was done by evaluating some similar projects by

November 15th

2015.

The requirements for the system were gathered by scrutinizing and researching the

internet by 20th

November 2015.

The main principle of system development was idealized by 25th

November 2015.

Tutorials on AAA servers are examined by 30th

November 2015.

A system prototype will be developed by the end of March 2016.

The system will be assimilated and verified till 2nd

April 2016.

Necessary modification and debugging will be carried out till 20th

April 2016.

Page | 5

Documentation and evaluation of documentation will be carried out by 20th April 2016.

1.5 Report Structure The following is the organization that delineates how the tasks have been sorted out in the report.

Section 2: Background/Context

This section talks about the foundation and connection identified with the project. Further it

examines about the innovation utilized for the improvement of this project. It likewise represents

the improvement identified with this project that took after by the key contrast between them. In

addition, it also shows the position of this project in the subject field.

Section 3: Development

The Development segment comprises of Methodology, Software Requirement Specification

(SRS) and Design Process for this project. Methodology demonstrates the tools, approaches,

strategies, instruments and procedures utilized for the advancement, though SRS comprise of

framework outline, programming conditions, practical and non-useful necessities. At long last,

design process covers the designs like process flow, context diagram, DFD (Data Flow Diagram)

and flow charts.

Section 4: Testing, Results and Conclusion

This segment contains the test forms that have been made against the AAA server framework

alongside the test outcomes. Further conclusion is made for the whole framework and assessment

is finished. Likewise, the future improvements for the system that could be integrated in the

current system, is also mentioned.

Section 5: Social and Ethical Issues

This section talks about the issues that may emerge because of the arrangement of the AAA

server framework. Likewise, it additionally clears up that the task doesn't emerge any sort of

social and moral issues due to any information and data it contains.

Section 6: References

Page | 6

This segment rattles off general references of journals, conferences, books, website and others

that have been referred to all through the task.

Section 2: Background/Context

This project is about the development of an AAA server with the use of existing AAA server, i.e.

the tacacs+ server in this case with an GUI administration system and a graphical log

management system. The AAA server is the main backbone of the project.

Since the project is mainly based on the AAA server; understanding the various process of an

AAA server is a crucial thing. The processes of an AAA server are authentication, authorization

and accounting. As the first process, authentication gives a method for recognizing a client,

commonly by having the client enter a substantial client name and legitimate secret word before

access is allowed. The procedure of confirmation depends on every client having a one of a kind

arrangement of criteria for getting entrance. The AAA server contrasts a client's verification

certifications and other client accreditations put away in a database. On the off chance that the

authentication coordinates, the client is allowed access to the system. In the event that the

authentication mismatches or are at change, confirmation falls flat and system access is denied.

Following authentication, a client must pick up approval for doing certain undertakings. In the

wake of signing into a framework, for occasion, the client may attempt to issue charges. The

approval process figures out if the client has the power to issue such charges. Basically, approval

or authentication is the procedure of upholding strategies: figuring out what sorts or

characteristics of exercises, assets, or administrations a client is allowed. As of rule,

authentication happens inside the setting of confirmation. When a client is validated, they will be

approved for various sorts of access.

The last board in the AAA structure is accounting, which measures the assets a client expends

amid access. This can incorporate the measure of framework time or the measure of information

a client has sent and/or got amid a session. Bookkeeping is done by logging of session insights

and use data and is utilized for approval control, charging, pattern investigation, asset use, and

scope quantification exercises.

Page | 7

Authentication, authorization, and accounting services are regularly given by a committed AAA

server, a system that performs these functions.

Following the concepts of an AAA server, its working principle comes next. TACACS+ uses a

client server model methodology. The server (running on UNIX or NT) is addressed by the client

and the server thus answer by expressing whether the client passed or fizzled the confirmation.

Note that the client is not the user or the user's machine, but instead the device that is attempting

to figure out whether the client ought to be permitted passage into the system (generally a

switch/router or a firewall). TACACS+ utilizes TCP as the transport protocol – the default port is

49. On the off chance that required, the server can be arranged to listen on different ports.

TACACS+ is like RADIUS (remote Access Dial In User Server) with a couple key contrasts.

RADIUS utilizes UDP for correspondence between the client and the server whereas TACACS+

utilizes TCP. With TCP being connection oriented protocol and more dependable it makes for a

more vigorous transport protocol of choice. Both TACACS+ and RADIUS utilize a common

secret key to give encryption to correspondence between the client and the server. Radius

encodes the client's password when the customer makes a solicitation to the server. This

encryption keeps somebody from sniffing the client's password utilizing a packet analyzer.

However other data, for example, username and services that is being performed can be

analyzed. TACACS+ not just encrypts the whole payload when conveying, as well as scrambles

the client's password between the client and the server. This makes it harder to unravel

information about the correspondence between the client and the server. TACACS+ utilizes

MD5 hash capacity as a part of its encryption and decryption process.

Utilizing TACACS+ to provide authentication and authorization and accounting gives system

builds an additional layer of assurance in securing systems. It permits access to network

administrations to be directed on a more granular premise. Remote users associating with the

system can be screened against the client database and a custom strategy that controls what

devices a client can access as well as what administrations on a specific devices that a client can

get to. In the event that a clients record is bargained that record can be incapacitated. Accounting

gives a review trail that can be utilized to track what benefits the client had admittance. As more

workers work remotely from home, TACACS+ can make the undertaking of regulating client

records and system benefits more productive and secure. While Implementing TACACS+

Page | 8

recollect that if the servers that are running the TACACS+ applications are traded off an

assailant could have entry to your association’s whole client/secret word database.

Communication with the TACACS+ servers should be limited to the devices that need to

communicate with the server to perform authentication, authorization and accounting.

2.1 Related Work

TACACS:

Terminal access controller access-control system (TACACS) is the predecessor of

XTACACS and the TACACS+. It is a family related protocols that handles remote

authentication and related services for networked access control using a centralized server. The

initial TACACS protocol was announced in 1984. Back then it was used in order to

communicate with an authentication server commonly in older UNIX networks. It works under

either TCP or UDP port 49 by default. When a client enters username and password to the tacacs

server a query is send by the tacacs server to the tacacs authentication server usually called

tacacs daemon or simply tacacsd. It would figure out if to acknowledge or deny the

authentication ask for and send a reaction back. The TIP (routing node accepting dial-up line

associations, which the client would ordinarily need to sign in into) would then permit get to or

not, based upon the reaction. Along these lines, the procedure of settling on the choice is "opened

up" and the calculations and information used to settle on the choice are under the complete

control of whoever is running the TACACS daemon.

RADIUS:

Radius was developed by Livingston enterprise in 1991 and is a networking protocol that

provides centralized authentication, authorization and accounting. Radius runs in the application

layer using the UDP as transport.

Page | 9

Fig 2: RADIUS Authentication and Authorization Flow

The radius user sends a request to a Network Access Server (NAS) to gain access to a

certain network resource using pre-defined access credentials. Those credentials are then passed

to the NAS device through the link-layer protocol. For e.g. Point-to-Point Protocol.

Section 3: Development

3.1Methodology

3.1.1 Software Development Life Cycle (SDLC)

Software Development Life Cycle or SDLC is a systematic sequence of steps that offers a model

for the development of any application, system or software.

Page | 10

Fig 2: SDLC Model

In order to develop the software for this project, the prototyping model is used. The goal of

prototyping model is to build a prototype of the system so that requirements for the system are

better understood (Sommerville, 2009). In view of the underlying necessity a prototype is created

which is further tried and assessed. After assessment stage refinement of prototype would be all

the more effectively picked up and assist more refined prototype could be produced and at last

entire framework. The connection with the Prototype is the better route for clients to comprehend

the necessity of desired framework. Underneath figure shows the tasks that are included in this

life cycle.

Page | 11

Fig 3: Prototyping Model

The model used in this project that is the prototyping model consists of six stages. The first phase

of prototyping model starts by gathering requirement for the system that is being developed.

Following the requirement analysis an instant system design is performed. Consequently, a

system prototype is also developed. After the prototype is built, it is then evaluated by the

concerning party. Then after the evaluation and review, the prototype is again refined and the

development process again shifts to the design phase. This process in continued until and unless

the product is able to give its deliverables. And finally the development of the working

framework is initiated based on the same prototype.

The various phases of this model are described below:

1. Requirement gathering and analysis

This is the stage of the prototype model where the elementary or the fundamental

requirements are identified. In this phase the functional requirement of the project is

understood. After the understanding of functional and essential requirements, tool

requirement analysis is done.

2. Quick design:

This is the stage of the prototype model where a primary or the initial prototype of the

project is developed. The prototype is developed with a very basic requirement and the

Requirement gathering Quick Design Building Prototype

Prototype Evaluation Refining Prototype Finalizing Prototype

Page | 12

prototype is then given to the user to test the system. The system that is developed in this

stage will be nowhere close to the final project, but the system in this phase will be the

main backbone of the project which will be developed over time.

3. Building Prototypes:

This is the stage of the prototype model in which the outcome of the quick design is taken

and design of the system is started again. The prototype developed in this stage is closely

similar to the final system that will be developed.

4. Prototype Evaluation:

This is the stage of the prototype model in which the prototype developed is evaluated by

the client. The client evaluates the prototype with different aspects then suggests the

developer about the things that needs to be added and the things that are to be kept as it

is.

5. Refining Product:

In this stage of the prototype model the evaluation of the client is considered and the

system is refined as needed. If the project is meeting the requirement of the client then

the system goes to the next process, but if any problem or any limitation is acknowledged

by the client the development team refines the project.

6. Finalizing prototype:

In this stage of the prototype model a well functioning prototype meeting the requirement

of the client is sent for designing and development process.

Some of the advantages of using Prototyping model are as follows:

1. The end user or the actual client will get active involvement in the development

process.

2. The end user will understand the system better since this model is a working model.

3. The end users can give instant and spontaneous feedback so as to improve the quality

of the system that is being developed.

4. It is easier to detect and correct errors in the early stages.

5. Important features that might have missed can be identified in time so that it won’t

affect the development time of the project.

Page | 13

Some of the disadvantages of prototype model are as follows:

1. Developing and then repairing the system is a monotonous job for developers.

2. End users might not understand the incomplete prototype so they will be unable to

provide necessary feedback.

3. As end users are given chance to evaluate the product and then asked to add any

missing features, the scope of the project can turn into another direction than what

was planned before.

4. Incomplete problem analysis.

The prototyping model is suitable for expansive and confounded frameworks for which there is

no any current framework to help deciding the prerequisites. Thus, it is most proper for the

advancement of this project. As the venture joins different advanced innovations that are not

common, the prerequisites for this project are not clear at early stages. This methodology would

help this project to decide exact necessities and amid the phases of model improvement.

Additionally, it gives more adaptability than that of other programming improvement process

with respect to prerequisite assembling and plan. This would likewise help in more fulfillments

of the clients where different models could be created unless the client is completely fulfilled by

the framework. Thus, this approach is utilized for the advancement of this project.

The prototyping model also has two model of prototyping, them being evolutionary prototype

and throw away prototyping. In this project I have used evolutionary prototyping. The main

reason of not choosing throw away prototype is that it will require enormous amount of time to

complete the project as the prototype developed is thrown away (if any fault is found / in case of

key feature missing) and developed from scratch. However in case of the evolutionary prototype

the prototype that is developed at the initial phase is just improved so as to meet the required

needs. The evolutionary prototype works under four main phases. The first phase of evolutionary

prototype is to start a prototype with initial concept of the project. Then we move to design and

implementation of the initial prototype. Then we will refine the prototype until and unless it is

acceptable and finally the developed system is released. Hence, when developing a system using

evolutionary prototyping, the system is continuously refined and rebuilt making this prototyping

an ideal process where not all requirements are well understood, which is a very common

situation in developing a system.

Page | 14

The different phases of Evolutionary prototyping model are described in brief below:

1. Identification of the requirement:

Evolutionary prototyping is a continuous process, so we may not know all the

requirement at the beginning but we must be able to identify the basic requirement to

start the development process.

2. Creating or developing a prototype:

In the process of development many prototypes are developed such that the prototype

developed in each stage is better than its predecessor.

3. Verification of the prototype:

After the creating of a prototype the prototype is then evaluated and verified in the sense

that it is meeting the requirement of the client. Verification can be done by taking surveys

and other methods. But, typically verification is done by the client after evaluating the

prototype.

4. Changes in the prototype:

In this stage necessary adjustment and changes are made to the prototype analyzing the

results from the verification stage.

3.1.2 Programming Approach

“Modularization becomes more important as an application’s complexity increases” (Petri,

2010, pp 7). The AAA server incorporates a tacacs+ server, a database server, a gns3 module and

also a GUI module to perform simple administration tasks, making it a complex enough project

to use Modular Application Development approach. A module is independent programming

segment that can correspondence with different modules through very much characterized

interfaces, behind which their usage could be covered up. Designers can make every components

of an application into particular module, characterizing every module with its obligation in an

application.

The purpose for picking modular application development approach, in spite of old and trusted

programming philosophies is because of the weaknesses they have. Old programming procedures

Page | 15

scramble to keep up pace with bit by bit expanding highlights, abbreviated creation cycles, and

rising significance of programming quality. What's more, a suitable application advancement

methodology ought to have the capacity to give clear expansion focuses to correspondence with

different modules productively, and ought to have approximately coupled segments so that the

reliance is expelled. Utilizing old methodologies could be problematic to the point that one may

need to revise the application sans preparation and as basic application stays still same, this

likewise neglects to unravel application's structural defects.

Therefore, modular application development methodology is chosen for the advancement of this

project. Indeed, even modular methodology cannot so much keep away from the bad marks

specified previously. All things considered, the limited obligation of a module inside the

application makes it more engaged, bringing about the general application all the more plainly

planned.

3.1.3 Tools and Techniques

The necessary programming language, tools and applications needed to build the system

described in the report are described below:

3.1.3.1 Operating System Ubuntu:

Ubuntu is a Debian-based Linux operating system and distribution for personal computers,

smartphones and network servers. It uses Unity as its default user interface. Ubuntu is preferred

to use as an operating system for this project as it compatible with all the dependencies that are

required to run the tacacs+ server. It is also easy to install all the required repositories in ubuntu.

The ubuntu community is also very large such that required support can be obtained easily

through the helpful ubuntu community. The specification of the hardware machine to run ubuntu

is also minimal (768 mb ram and 5 gb hard disk space). This makes ubuntu the optimal operating

system of choice.

3.1.3.2 TACACS +:

Page | 16

Terminal Access Controller Access-Control System Plus (TACACS+) is a protocol created by

Cisco and discharged as an open standard starting in 1993. TACACS+ was derived from its

predecessor the very own TACACS. Even though it is derived from its predecessor it is a

separate protocol that handles authentication, authorization and accounting (AAA) services.

Fig 4: Typical AAA Server

TACACS+ is a TCP oriented protocol and is also secure as it encrypts all the

information and has less vulnerabilities. It is a cisco proprietary and full content

of each packet is encrypted in it. It also provides granular control i.e. command by

command authorization.

Page | 17

Fig 5: Tacacs+ Operation

3.1.3.3 GNS3:

GNS3 is a Graphical Network Simulator that allows simulation of complex networks. GNS3

allows the same kind of emulation utilizing Cisco Internetwork Operating Systems. It permits

you to run a Cisco IOS in a virtual domain on your PC. GNS3 permits the copying of Cisco IOSs

on your Windows or Linux based PC. For this project gns3 is installed in the ubuntu machine.

There are certain dependencies that are required in order to run the gns3 on ubuntu; it being the

python-qt4.

3.1.3.4 Web GUI integration tools:

Various programming language and tools including database are used in this project to get the

desired GUI.

i. Programming Language

a. Back end (nodejs):

In software development, Node.js is an open-source, cross-platform runtime environment for

creating server-side Web applications. In spite of the fact that Node.js is not a JavaScript framework,

many of its basic modules are composed in JavaScript, and developers can compose new modules in

JavaScript. The runtime environment interprets JavaScript utilizing Google's V8 JavaScript engine.

b. Client side (HTML, CSS, JavaScript):

HTML is a markup language used for describing web documents or the web pages. It stands for

Hyper Text Markup Language. Various set of markup tags makes a markup language. Each tag in an

HTML describes different document content.

CSS is a style sheet language and its used for describing the presentation of a webpage or a web

document written in a markup language. It stands for Cascading Style Sheets. The primary objective

of using CSS to design web pages is to enable the separation of document content from the

document presentation, including aspects such as the layout, fonts and colors. Thus providing

content accessibility, provide more flexibility and control in the specification of presentation

Page | 18

characteristics and also enable multiple HTML pages to share the same formatting by specifying the

relevant CSS in a .css file.

JavaScript is a dynamic, high-level and interpreted programming language. JavaScript is supported

by all modern web browsers and it works alongside with html and css and is one of the three core

technologies of the World Wide Web. It is prototype-based with first-class functions thus making it a

multi-paradigm language, supporting object-oriented, imperative and functional programming styles.

ii. Tools (Sublime Text):

Sublime Text is a cross-platform source code editorial manager with a Python application programming

interface (API). It locally underpins numerous programming languages and markup languages, and its

functionality can be reached out by users with modules, commonly group constructed (community built)

and maintained up under free-software licenses.

iii. Database (mongodb):

MongoDB (from humongous) is a cross-platform documented-oriented database. Named as NoSQL

database, MongoDB shuns the conventional table-based relational database structure for JSON-like

records with dynamic schemas (MongoDB calls the format BSON), making the coordination of

information in certain sorts of uses simpler and speedier.

iv. Connecting backend and frontend (Rest API)

In computing, representational state transfer (REST) is the software structural style of the World Wide

Web. More definitely, REST is a design style comprising of an organized arrangement of building

imperatives connected to segments, connectors, and information components, inside an distributed

hypermedia framework. REST disregards the subtle elements of component implementation and protocol

syntax structure keeping in mind the end goal to concentrate on the parts of components, the limitations

upon their communication with different components, and their understanding of critical information

elements. Through the utilization of REST architectural properties like Performance, Scalability,

Simplicity, Modifiability, Visibility, Portability, and Reliability can be achieved.

v. Software libraries:

a. Backend (express, socket.io, mongoose)

Page | 19

Express is a flexible and minimal Node.js web application framework that provides a robust set of

features for web and mobile applications. It provides a thin layer of fundamental web application

features, without obscuring Node.js features.

Socket.IO enables real-time bidirectional event-based communication. It works on every

platform, browser or device, focusing equally on reliability and speed.

Mongoose is an elegant mongodb object modeling for node.js. Mongoose provides a straight-

forward, schema-based solution to model your application data. It includes built-in type casting,

validation, query building, business logic hooks and more, out of the box.

b. Frontend (jquery, bootstrap)

Jquery is free and open-source software which is a most popular javascript library in use (65% of

the top 10 million highest-trafficked sites on the Web). jQuery is a cross-platform javascript library

designed to simplify the client-side scripting of HTML. The syntax is jQuery is designed to make

navigation of a document easier, select DOM elements, create animations, handle events and

develop Ajax applications.

Bootstrap is a free and open-source front-end library for creating web applications and websites.

It aims to ease the development of dynamic web applications and websites. It is a frond end web

framework which is an interface for the user, unlike the server-side code which stays on the ‘back

end’ or server.

Page | 20

3.2 Software Requirement Specification

3.2.1 System Overview

The system is being developed in a linux based platform, Ubuntu to be exact. The Ubuntu

machine updated will all the required repositories files and also all the required dependencies are

installed. The tacacs+ server is created in the linux machine itself. The configuration files are

attached below. (See Appendix). A virtualization program known as gns3 is also installed. The

main purpose of installing gns3 was to feed the tacacs+ server with virtual authentication client

and also feed the logs from the virtual router or any other end devices. The router in the gns3 is

configured to interact with the tacacs+ server. A database server, i.e. the mongodb database

server is also installed in which the log files that are generated by the tacacs+ server are stored.

The backend server is responsible for carrying out administration function for the tacacs+ server.

From the GUI the administrator can add user by generating a des password and adding that des

password to the user. Under the settings function in the UI there is an option to generate a DES

key for the required password. The configuration password of the tacacs+ server is also shown in

the side so that a new user or new group can be created. There is also a function to start and stop

the tacacs+ server. Then a simple user friendly webpage is developed so as to view the logs.

3.2.1.1 System Architecture

Page | 21

Fig 6: System Architecture

The above is the basic architecture of how the system works. A virtualization software is used so

that we have a virtual router that can perform the tasks needed. The router in gns3 is configured

such that it can communicate with the Tacacs+ server on Ubuntu. The tacacs+ server is

configured with different groups and users who have different privilege levels. Then from a

terminal window the router on gns3 is accessed through telnet. The router then forwards that

request to the tacacs+ server. Then the tacacs+ server asks for the authentication. After providing

the user credentials, the logs regarding the activities of that user are generated by tacacs+. This is

the basic principle about the how the tacacs+ server works. Then the next thing is the GUI for the

tacacs+ server. The GUI server is hosted in the same machine but can be accessed through other

computers in the same network as well. While setting up the GUI, the first thing we need to do is

to sign up for a user that can access the webpage. The backend server prompts a webpage asking

for a login or a way to sign up to the system. After signing up to the system, a user can login to

Database

User

Verification phase User Verification

Dashboard Dashboard

Tacacs+ log & server status Tacacs+ Config

Page | 22

the web page and perform administrative tasks. The webpage that is displayed after logging in to

the server has some basic functions to go to the settings tab and a small window where the logs

are displayed. The logs that are displayed are real time based; meaning that the logs are

populated as the tacacs+ server generates the logs. There is also a function through which

administrators can turn on and turn off the tacacs+ server. The home page also displays

information about the machine running the tacacs+ server and also displays the total amount of

memory and the amount of free memory. There is also a function so that users can log out of the

server.

The next tab on the webpage is the settings tab. Under the settings tab the administrator can

generate a des key for a specific text and add that key under the password while creating a new

user. Just below the configuration file there is a small button named ‘update’ with which the new

configuration file is loaded. The tacacs+ server is then stopped and started again. The logs

regarding the starting and stopping of the tacacs+ server is also displayed under the ‘live access

log’ in the home tab. This is the basic working principle of the GUI integrated tacacs+ server that

I named as an AAA+ server.

3.2.2 Dependencies

This section depicts the dependencies that the system possesses. The following are the conditions

that are required for appropriate running and execution of the system.

3.2.2.1 Software Dependencies

For the tacacs server to perform efficiently, proper environment should be created in the machine

where the tacacs server is hosted. In the case of my project the system where the tacacs+ is

hosted is Ubuntu 15.10. The Ubuntu machine also required various dependencies to run the

tacacs+ server. Those dependencies are gcc, bison, flex, libwrap0-dev. The project is also

dependent on the gns3 as the project utilizes a virtual router of gns3. The project is also

dependent on the proper utilization of node.js, sublime text, mongodb, rest API, express,

socket.io and mongoose.

3.2.2.2 Hardware Dependencies

Page | 23

In order to run a tacacs+ server smoothly the hardware requirements are, 1 GHz CPU, 256 MB

RAM and 500 MB HDD free. The hardware used in the projects is just a normal laptop running

Ubuntu in it with gns3, tacacs+ and other UI development kits.

3.2.2.3 Network Dependencies

For this project I have just used a virtual router from GNS3 to demonstrate that the AAA+ server

actually works. But in a real world scenario, the project has certain network dependencies. If the

system is to be implemented in a WAN system then the AAA+ server also should be hosted in

the same WAN and given proper ip route to make it work correctly.

3.2.3 User Interface Requirements

3.2.3.1 Client user interface

The clients in this project will simply interact with a regular terminal windows or any other telnet

client. Clients will just telnet to access the network devices of which they possesses

authentication. Then the clients are given access to those network devices and then they can

perform certain activities based on their access privilege level.

3.2.3.2 Admin user interface

The administrator operates the system through Ubuntu machine itself. The administrator is

responsible for creating groups and assigning specific users to the group. The administrator is

also responsible for giving privilege level to the specific users. For eg: the privilege level of the

network administrator and the privilege of the system administrator can be different. The admin

is also responsible for viewing the logs that are generated by the tacacs+ server.

3.2.4 Functional Requirements

The following are the functional requirements of the AAA+ server

i. System initialization:

After setting up the tacacs+ server along with all the prerequisites, the job of the

administrator is to verify that the tacacs+ server is listening. Typically the tacacs+

Page | 24

server is listening in the port 49. Then comes that part where we turn on the backend

server for the GUI part of the system. The backend server is running in port 3000.

ii. Managing groups and users:

The administrator is also responsible for creating different groups in the

authentication part of the tacacs+ server. There are two ways of creating users and groups

in the tacacs+ server. One my directly configuring the tacacs+ configuration file. The

next one is by logging in to the webpage. The server is configured with groups such that

all the people in the group have the same privilege level. And different users are assigned

those different groups. This is done in order to make the authentication process easier.

iii. Managing admin for the webpage

When someone logs in to the web user interface of the system, the system prompts the

user to either log in or to sign up to the system. The users who don’t have login

credentials can sign up and access the admin web page. The new user is then populated to

the database as soon as he signs up to the system.

iv. Adding and removing new users from the tacacs+ server:

After the admin gets his login credentials by signing up from the webpage he can then

login to the webpage and then add users to the tacasc+ server. Under the settings tab in

the webpage the admin can add new users and also define a new group. To create the user

the admin first generates a DES algorithm of the password that the user wants and then

adds the username and password defining his group in the configuration files that is in the

same page. After this job is completed he clicks on the ‘update’ function which adds the

new user, stops the tacacs+ server and start it again.

v. Logging out of the web interface:

Another important function of the web interface is to allow the users that are logged in to

the web interface log out of the system. The main reason to include this requirement is so

that the memory of the backend server can be saved.

3.2.5 Non-functional Requirement

3.2.5.1 Performance Requirements

The AAA+ server can be implemented in companies or even any institutions where regular

monitoring and maintenance is network devices is needed. The AAA+ server can just be hosted

Page | 25

in a regular pc inside the network of that company or institution, then all the network devices like

router or switches are configured to communicate with the AAA+ server. These are the entire

thing required to make the AAA+ server in use.

3.2.5.2 Usability Requirements

For users to use the AAA+ server, they just require a regular terminal or even a windows

command prompt with telnet services available. The users can also use any other third party

telnet clients such as putty or xshell. Now, in case of the administrator his/her usability

requirement is to make sure that the AAA+ server is working properly alongside with the

database server.

3.2.5.3 Security Requirements

The users of the AAA+ server will be using their username and passwords to login to the server,

so there are no security threats for the client side. The usage of DES algorithm to encrypt the

password of the users also creates a better security mechanism. However, some security issues

are present in the administrator side. The administrator is responsible for managing password

assigned to each user along with their username, so there should be a strong authentication

mechanism for logging into the server. In addition to this, there should also be a authentication

mechanism when accessing the mongodb database; thus making the administrators the only

people that can access the information stored in the database.

Section 3: Testing, Results and Conclusion 3.1.Unit Testing

Below are the lists of tests that were conducted on the system on modular basis.

3.1.1 Test Plan

3.1.1.1 Successful operation of Tacacs+ server

Test Case Objectives

1 To test whether the tacacs+ is executed.

2 To test connection between tacacs+ and the gns3 router with the use of ping

command and vice versa.

3 To check whether the tacacs+ is listening in port 49

4 To test whether the authentication process is carried out by tacacs+ server.

Page | 26

5 To test whether the user are authorized according to the privilege level by the

tacacs+ server.

6 To test whether the tacacs+ server is doing the accounting function properly.

7 To test whether the authentication, authorization and accounting logs are generated

as needed.

8 To test whether the tacacs+ server is running at startup.

3.1.1.2 Router Test Cases

Test Case Objectives

1 To test whether the router is running properly.

2 To test whether the router can be accessed from outside the ubuntu.

3 To test proper functioning of the router after the AAA commands are added.

3.1.1.2 GUI test Plan

Test Case Objectives

1 To test whether the GUI interface is running successfully and smoothly.

2 To test whether the web server is running at port 3000.

3 To test whether the server can function the sign up and sign in module successfully.

4 To test whether the live access log and live accounting log are functioning.

5 To test whether the start and stop tacacs+ server module is running.

6 To test whether the des key is generated by the web interface for the required

password.

7 To test whether user and groups can be added from the configuration file.

8 To test whether the ‘update’ function for the tacacs+ configuration file works.

9 To test whether the ‘log out’ function works.

Page | 27

3.1.2 Test Log

3.1.2.1 Successful operation of tacacs+ server.

The below is the test and screenshot about the communication between the virtual router in

gns3 and the ubuntu machine itself.

Test Case 1

Objective To test whether the gns3 router and ubuntu machine can communicate

Test Data Ping command is executed.

Expected Test

Result

Ping reply when pinging from ubuntu to the router & vice-versa.

Actual Test

Result

Ping request were replied successfully.

Conclusion Successfully done

Fig 7: Successful ping between router and ubuntu and vice-versa

Test Case 2

Objective To verifiy if the tacacs+ server is listening on port 49

Page | 28

Test Data netstat –an | grep :49 command is executed

Expected Test

Result

Tacacs+ server should be running and listening on port 49

Actual Test

Result

The tacacs+ server was running and listening on port 49

Conclusion Successfully done

Fig 8: Verification that the tacacs+ server is running on port 49

Test Case 3

Objective To test whether the authentication is performed by the tacacs+ server

Test Data A telnet command is issued using the ip address of the router.

Expected Test

Result

A username and password prompt should be asked.

Page | 29

Actual Test

Result

The router prompts for a username and password.

Conclusion Successfully done

Fig 9: To make sure the authentication process works.

Test Case 4

Objective To test whether the logs are generated regarding the authentication.

Test Data A file in the location /var/log/tac_plus.log is analyzed.

Expected Test

Result

There should be active logs of the authentication process.

Actual Test

Result

The authentication logs were present

Conclusion Successfully done

Page | 30

Fig 10: Analyzing the tac_plus.log file

Test Case 5

Objective To test whether the accounting logs are generated.

Test Data The file in the location /var/log/tac_plus.acct is analyzed.

Expected Test

Result

Theere should be active logs of accounting.

Actual Test

Result

The file was blank

Conclusion Accounting logs weren’t generated due to some errors.

Page | 31

Fig 11: Analyzing the tac_plus.acct file

Successful operation of GUI of the tacacs+ server

Test Case 1

Objective To test whether the gui backend server is running and listening on port 3000

Test Data “netstat –an | grep :49 command is executed

Expected Test

Result

The gui backend server should be running on port 3000

Actual Test

Result

The gui backend server was running on port 3000

Conclusion Successfully done

Page | 32

Fig 12: Verification that the backend server is running on port 300 and listening

Test Case 2

Objective To test whether the signup function works for the GUI module

Test Data A test user is created with test@test.com and password test.

Expected Test

Result

The new user should be able to login with the credentials.

Actual Test

Result

The new user can successfully login to the web page.

Conclusion Successfully done

Page | 33

Fig 13: Signing up for the webpage with email test@test.com and password test

Fig 14: Logging in with new email test@test.com

Page | 34

Fig 15: Successful login with the email test@test.com

Test Case 3

Objective To test whether a new user for the tacacs+ server can be added from the gui

module

Test Data A new user with username test and password test (encrypted with des) is

created and the tacacs+ server is restarted.

Expected Test

Result

Access to new router should be successful with the new username.

Actual Test

Result

Router can be accessed with the new user.

Conclusion Successfully done

Page | 35

Fig 16: Adding new user with username ‘test’ and password ‘test’ which is

encrypted with DES

Fig 17: Tacacs+ server restarting after adding new user to the config.

Page | 36

Fig 18: Successful login to the router with the new username

Test Case 4

Objective To test whether real time access log are displayed in the web module.

Test Data The home tab of the web interface is analyzed.

Expected Test

Result

Some logs should be generated under the access logs.

Actual Test

Result

Logs were generated under the access logs field.

Conclusion Successfully done

Page | 37

Fig 19: Authentication logs generated in web module.

Test Case 5

Objective To test whether the accounting logs are displayed in the web module.

Test Data The home tab of the web interface is analyzed.

Expected Test

Result

Some logs should be generated under the Accounting logs.

Actual Test

Result

No logs were generated under the accounting log.

Conclusion Not successful due to some errors.

Page | 38

Fig 20: No logs are generated in the accounting log

Test Case 6

Objective To test whether the ‘log out’ function works

Test Data The user is logged out from the web page.

Expected Test

Result

The current user should be logged out and the login page should be

displayed.

Actual Test

Result

The login page is displayed.

Conclusion Successfully done

Page | 39

Fig 21: Logging out of the webpage

3.2 Critical Evaluation

The testing process that are performed on the AAA+ server above and the test results thus

obtained are full evidence that the overall initial plans that were made are entirely successful.

AAA+ server is fully capable of handling the authentication, authorization and accounting

features from the network device that is the router in the case of this project.

The web integration of the tacacs+ server is also capable of adding new admin to the webpage

itself. Likewise, the admin can also add new users and group to the tacacs+ configuration file

from the webpage itself. When doing the FYP students can learn about various new technologies,

existing methodology in developing a system and also learn about various programming tools

and language. Therefore, in my view the final year project is a mandatory thing for all the final

year students. This makes the students who are about to graduate familiar with many

technologies that are out there in the real world.

3.3 Future Work

The additional features and tasks that can be added in the AAA+ server in the future so that it

would be effective for both the administration and the clients (users) are listed below:

Using md5 hash instead of des algorithm to encrypt password as it is impossible to

decrypt the md5 hash once encrypted.

Page | 40

Adding mobile application support rather than just a web integration. Adding mobile

application module will make the system far more portable. The administrator can just

add user and group from his smart phone. Nowadays, many phones have fingerprint

sensors so a fingerprint authentication system can also be added in order to communicate

with the backend server, which will be the best way of authenticating an administrator to

the server.

Section 4: Conclusion

The AAA+ server that is developed in the project is typically a tacacs+ server with GUI

integration. The system developed in this project will be able to perform authentication,

authorization, accounting functions. The system is developed in a linux platform that is in a

machine running Ubuntu. In the machine running ubuntu virtualization software known as GNS3

is used. GNS3 is used to demonstrate the successful working of the AAA+ server developed. A

router IOS image is added in the GNS3 and is connected to a cloud within the GNS3 so that the

router can be accessed from the ubuntu machine. Another, crucial part of the system is a

webpage through which various activities that can be done from the command line in the tacacs+

server can be performed. The administrator who has credentials to the web page can edit the

configuration file of the tacacs+ server from the web page itself. The administrator can also

generate a des hash of the required password from the web page. The web page is also developed

in such a way that the accounting logs and the authentication or access logs that are generated by

the tacacs+ server are generated. Thus, the project was completed in the ways mentioned above.

The project made me spooked at various stages and different steps, but with the continuous

support from my supervisor I was able to complete the project successfully.

4.1 Personal Reflection

Throughout the development of the project I came across various technologies that are being

integrated in the real world scenario. The first one being the AAA server. Considering the real

world scenario at this time the most dominant AAA server in use are TACACS+ and RADIUS

server. Studying different websites, articles, books and journals I was able to understand the

working principle of the AAA server specifically the tacacs+ server that is used in the project. I

understood about the core configuration of the tacacs+ server; precisely about how the

accounting file is defined, how access control lists are defined and also how different groups are

created along with assigning different users in certain groups. During the configuration of user

Page | 41

with I learned the way of encrypting a password with a DES algorithm. I also learned how to

configure the tacacs+ server to run with the startup of the system. I also used a GNS3, as a router

was required to test the working of the system developed. The development of this project made

me familiar with GNS3 and how it is the best virtualization tools there is out there for

networking students like me. During the development of this project I came across various

software, and programming languages. For the server side development the programming

language I used is node.js. To display those contents to the client side I have used html, css and

javascript. And the program that I used to write the program is Sublime Text. I have also used a

database system that is the mongodb database to store all the logs and the configuration files. A

Representational state transfer (REST) Application program interface (API) is also used to

connect the backend and the frontend part of the project. To develop the backend (the system

that is running in the server machine) the software libraries that are used are express, shocket.io

and mongoose. And to develop the frontend (the client side or the interface that the administrator

uses to perform configuration tasks) jquery and bootstrap is used.

Likewise, doing this project has also enhanced my researching skills as well as programming

skills. I was able to gather information and ideas quickly and assimilate them for the

advancement of my project. I can use all these skills gathered in the development of this project

in the future in many fields of Information Technology. Now, I have gained a full knowledge of

the working principle of an AAA server along with its working principle. The knowledge about

how a user is authenticated to access the AAA server, and the ways of providing authorization to

the groups and users in the group along with the ways carrying accounting functions. I have also

developed knowledge about creating a backend server and a front end web interface to perform

required administration tasks.

Section 5: Social and Ethical Issues The project described above is an academic project that is done as a final year project (FYP) of a

bachelor degree titled as “B.Sc. Hons Computer Networking and IT Security”, affiliated with

London Metropolitan University. The project is intended to provide ‘Subisu Cable Net Pvt. Ltd.’

with an AAA server having a GUI interface so that non-it personal can also perform

administration tasks. This project doesn’t plan to implement the AAA server directly to the

Page | 42

college devices but rather provide a prototype of how the AAA server with GUI interface can

actually work. Therefore, this project doesn’t violate Intellectual Property (IP) of the client.

During the development of this project different article, websites, books and journals are studied.

There are also such websites, books, journals and articles which inspired the ideas, views and

technologies used in the project. However, those ideas and concepts have been fully

acknowledged throughout the project using citations. Those journals, articles, books and

websites studied during the development of the project are also included in the Reference section

below. Therefore, the project doesn’t violate the IP of the authors whose ideas and concepts are

utilized in the project. In addition to the above things, the project idea and concept was provided

by Mr. Bikash Bhattarai. Therefore, special credit is also given to him in the acknowledgement

section of the project. So, this project doesn’t discredits the ideas of other people used in the

project rather provides citation and enlists necessary credits for them. In this way the project

hasn’t used any author’s ideas or concept without acknowledging them. Therefore, the social and

ethical issues that could come up with the violation of IP of the authors are entirely addressed.

Also, the project doesn’t account for any social and ethical issues. The project is mainly just a

prototype of how things can be better if the concepts described in the project is used, thus it

doesn’t concerns with any information of clients or any kind of privacy. Even if the project is

implemented in real life it will surely not possess any social and ethical issues. There is a slight

matter where the privacy part may come into play as the username and passwords of the users

can be monitored and set by the administrator but the user is just a part of the AAA server who

has given no personal information rather the user is just given login credentials of the network

devices that the organization solely own. The network devices that will be in used in corporation

with the AAA server will be a property of the company/institution that will be using the AAA

server. So, even if the project is implemented it will not hamper any kind of privacy or integrity

of the organization or the users using it.

Finally, the project also does not contain any unsuitable or unacceptable contents inside it that

may affect some ones social or intellectual life. Likewise, the project also does not concern any

matters regarding some ones religion, culture, tradition and even some ones personal life. Thus,

the project does not come up with any issues related to society or the existing ethics within the

society.

Page | 43

Section 6: References

TACACS+ on Ubuntu 14.04 LTS | The Routing Loop. 2016. TACACS+ on Ubuntu

14.04 LTS | The Routing Loop. [ONLINE] Available

at:http://www.routingloops.co.uk/cisco/tacacs-on-ubuntu-14-04-lts/[Accessed 1 6 April

2016].

Installation Setup of Free Tacacs+ server in Linux | Free Linux Tutorials.

2016. Installation Setup of Free Tacacs+ server in Linux | Free Linux Tutorials.

[ONLINE] Available at:http://freelinuxtutorials.com/tutorials/installation-setup-of-free-

tacacs-server-in-linux/

[Accessed 15 April 2016].

Shrubbery Networks - TACACS+ daemon. 2016. Shrubbery Networks - TACACS+

daemon. [ONLINE] Available at:http://www.shrubbery.net/tac_plus/.[Accessed 15 April

2016].

Tacacs Server Configuration in Debian - tacacs+ . 2016. Tacacs Server Configuration in

Debian - tacacs+ . [ONLINE] Available at:http://www.debianhelp.co.uk/tacas.htm.

[Accessed 15 April 2016].

Get To Know Linux: The /etc/init.d Directory - gHacks Tech News. 2016. Get To Know

Linux: The /etc/init.d Directory - gHacks Tech News. [ONLINE] Available

at:http://www.ghacks.net/2009/04/04/get-to-know-linux-the-etcinitd-directory/ [Accessed

10 April 2016].

UbuntuBootupHowto - Community Help Wiki. 2016. UbuntuBootupHowto - Community

Help Wiki. [ONLINE] Available

at:https://help.ubuntu.com/community/UbuntuBootupHowto. [Accessed 10 April 2016].

Cisco IOS Security Configuration Guide, Release 12.2 - Configuring Accounting [Cisco

IOS Software Releases 12.2 Mainline] - Cisco. 2016. Cisco IOS Security Configuration

Guide, Release 12.2 - Configuring Accounting [Cisco IOS Software Releases 12.2

Mainline] - Cisco. [ONLINE] Available

at:http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/s

cfacct.html#wp1000976. [Accessed 8 April 2016].

Page | 44

Cisco tacacs implementation 2016. . [ONLINE] Available

at:http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/command/reference/fsecur_r/s

rfathen.html#wp1055538. [Accessed 8 April 2016].

Configuration of tacacs+ on cisco devices 2016. . [ONLINE] Available

at:http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/command/reference/fsecur_r/s

rfauth.html#wp1021814. [Accessed 8 April 2016].

Node.js Tutorial. 2016. Node.js Tutorial. [ONLINE] Available

at: http://www.tutorialspoint.com/nodejs/

[Accessed 8 April 2016].

The Complete Visual Guide to Sublime Text 3: Getting Started and Keyboard Shortcuts

|Scotch. 2016.The Complete Visual Guide to Sublime Text 3: Getting Started and

Keyboard Shortcuts | Scotch. [ONLINE] Available at: https://scotch.io/bar-talk/the-

complete-visual-guide-to-sublime-text-3-getting-started-and-keyboard-shortcuts.

[Accessed 2 April 2016].

Getting Started with MongoDB (MongoDB Shell Edition) — Getting Started With

MongoDB 3.0.4. 2016. Getting Started with MongoDB (MongoDB Shell Edition) —

Getting Started With MongoDB 3.0.4. [ONLINE] Available

at: https://docs.mongodb.org/getting-started/shell/[Accessed 1 April 2016].

Getting Started with MongoDB (MongoDB Shell Edition) — Getting Started With

MongoDB 3.0.4. 2016. Getting Started with MongoDB (MongoDB Shell Edition) —

Getting Started With MongoDB 3.0.4. [ONLINE] Available

at:https://docs.mongodb.org/getting-started/shell/[Accessed 22 May 2016].

Node.js Express Framework. 2016. Node.js Express Framework. [ONLINE] Available

at:http://www.tutorialspoint.com/nodejs/nodejs_express_framework.htm[Accessed 22

May 2016].

Tutorial - Getting Started With Node.js, Express, MongoDB | Christopher Buecheler -

Web, Writing, Cocktails and More. 2016. Tutorial - Getting Started With Node.js,

Express, MongoDB | Christopher Buecheler - Web, Writing, Cocktails and More.

[ONLINE] Available at:http://cwbuecheler.com/web/tutorials/2013/node-express-

mongo/[Accessed 18 May 2016].

Page | 45

Node.js Tutorial With Socket.io – Daniel Nill. 2016. Node.js Tutorial With Socket.io –

Daniel Nill. [ONLINE] Available at: http://danielnill.com/nodejs-tutorial-with-

socketio/[Accessed 12 May 2016].

Mongoose - Node.js + MongoDB with Mongoose Tutorial. 2016. Mongoose - Node.js +

MongoDB with Mongoose Tutorial. [ONLINE] Available

at: http://www.javabeat.net/mongoose-nodejs-mongodb/ [Accessed 12 May 2016].

Mongoose - Node.js + MongoDB with Mongoose Tutorial. 2016. Mongoose - Node.js +

MongoDB with Mongoose Tutorial. [ONLINE] Available

at:http://www.javabeat.net/mongoose-nodejs-mongodb/[Accessed 6 May 2016].

Bootstrap Tutorial - Code School. 2016. Bootstrap Tutorial - Code School. [ONLINE]

Available at:https://www.codeschool.com/courses/blasting-off-with-bootstrap[Accessed

6 May 2016].

Appendix A Source Codes

TACACS+ Configuration files

# Encryption key

key = tac_test

# Set where to send accounting records

accounting syslog;

accounting file = /var/log/tac_plus.acct

# ACL for network_admin group

acl = network_admin {

# allow access from all sources

Page | 46

permit = .*

# implicit deny (ie: anything else)

}

# ACL for sys_admin group

acl = sys_admin {

# allow access from all sources

permit = .*

# implicit deny (ie: anything else)

}

# network_admin group, full access to network devices

group = network_admin {

default service = permit

expires = "Jan 1 2018"

acl = network_admin

service = exec {

priv-lvl = 15

}

}

# sys_admin group, only has read access to the network devices and can change the

access vlan on an interface

group = sys_admin {

default service = deny

expires = "Jan 1 2018"

acl = sys_admin

service = exec {

Page | 47

priv-lvl = 0

}

cmd = enable {

permit .*

}

cmd = show {

permit .*

}

cmd = exit {

permit .*

}

cmd = description {

permit .*

}

}

# User asmit using DES password and enable passwords

user = asmit {

member = network_admin

login = des dmeDcdKkEDpx6

enable = des AycmcttSCimXY

}

# User test using DES password and enable passwords test

user = test {

member = network_admin

login = des K5quUNHql83zk

enable = des K5quUNHql83zk

}

Page | 48

# User pandey using DES password

user = pandey {

member = sys_admin

login = des JEllJjrtpoCds

enable = des JEllJjrtpoCds

}

# Global enable level 15 password

user = $enab15$ {

login = des EzCWYqI4cae3M

}

# user test with password test

user = danny {

member = network_admin

login = des CQP9vvBY7wFDQ

}

Page | 49

Init.d configuration file to start tacacs+ on startup

#!/bin/sh

#

### BEGIN INIT INFO

# Provides: tac-plus

# Required-Start: $network

# Required-Stop:

# Default-Start: 2 3 4 5

# Default-Stop: S 0 1 6

# Short-Description: Start tac-plus server.

# Description: Run the tac-plus server listening for

# AAA ( access, acounting and autorization request )

# from routers or RAS (remote access servers) via

# tacacs+ protocol

### END INIT INFO

PATH=/sbin:/bin:/usr/sbin:/usr/bin

DAEMON=/usr/bin/tac_plus

NAME=tac_plus

DESC="Tacacs+ server"

OTHER_OPTS="-d 256" # Default, if no /etc/default/tac-plus available

Page | 50

CONFIG_FILE="/etc/tacacs/tac_plus.conf" # Default, if no /etc/default/tac-plus available

test -f $DAEMON || exit 0

if [ -r /etc/default/tac_plus ] ; then

. /etc/default/tac_plus

fi

DAEMON_OPTS="-C $CONFIG_FILE $OTHER_OPTS"

case "$1" in

start)

echo -n "Starting $DESC: "

start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid --exec $DAEMON --

$DAEMON_OPTS

echo "$NAME."

;;

stop)

echo -n "Stopping $DESC: "

start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid --exec $DAEMON

echo "$NAME."

;;

*)

N=/etc/init.d/$NAME

echo "Usage: $N {start|stop}" >&2

exit 1

Page | 51

;;

esac

exit 0

Creating a virtual interface in ubuntu

tunctl

ifconfig enp5s0 0.0.0.0 promisc up

ifconfig tap0 0.0.0.0 promisc up

brctl addbr br0

brctl addif br0 tap0

brctl addif br0 enp5s0

ifconfig br0 up

ifconfig br0 192.168.0.77/24

route add default gw 192.168.0.1

Client side HTML

<!doctype html>

<html lang="en">

<head>

<meta charset="utf-8">

<meta http-equiv="X-UA-Compatible" content="IE=edge">

<meta name="description" content="A front-end template that helps you build fast, modern

mobile web apps.">

Page | 52

<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-

scale=1.0">

<title>TACACS Dashboard</title>

<!-- Add to homescreen for Chrome on Android -->

<meta name="mobile-web-app-capable" content="yes">

<link rel="icon" sizes="192x192" href="images/android-desktop.png">

<!-- Add to homescreen for Safari on iOS -->

<meta name="apple-mobile-web-app-capable" content="yes">

<meta name="apple-mobile-web-app-status-bar-style" content="black">

<meta name="apple-mobile-web-app-title" content="Material Design Lite">

<link rel="apple-touch-icon-precomposed" href="images/ios-desktop.png">

<!-- Tile icon for Win8 (144x144 + tile color) -->

<meta name="msapplication-TileImage" content="images/touch/ms-touch-icon-144x144-

precomposed.png">

<meta name="msapplication-TileColor" content="#3372DF">

<link rel="shortcut icon" href="images/favicon.png">

<link rel="stylesheet" href="css/font.css">

<link rel="stylesheet" href="css/icon.css">

<link rel="stylesheet" href="css/material.cyan-light_blue.min.css">

Page | 53

<link rel="stylesheet" href="styles.css">

<style>

#view-source {

position: fixed;

display: block;

right: 0;

bottom: 0;

margin-right: 40px;

margin-bottom: 40px;

z-index: 900;

}

</style>

<style>

.mdl-textarea {

color: #2196F3;

background: #E0E0E0;

border-radius: 10px;

border: 1px solid #000;

padding: 20px;

}

#despwd{

Page | 54

text-align: left;

}

#tailcontainer{

height: 250px;

overflow-y:scroll;

border-radius: 10px;

border: 1px solid #000;

padding: 20px;

}

#tail1container{

height: 250px;

overflow-y:scroll;

border-radius: 10px;

border: 1px solid #000;

padding: 20px;

}

#tail { list-style-type: none; margin: 0; padding: 0;}

#tail li { padding: 5px 10px; color: #3F51B5 }

#tail li:nth-child(odd) { background: #eee; }

#tail1 { list-style-type: none; margin: 0; padding: 0;}

#tail1 li { padding: 5px 10px; color: #3F51B5 }

#tail1 li:nth-child(odd) { background: #eee; }

Page | 55

</style>

</head>

<body>

<div class="demo-layout mdl-layout mdl-js-layout mdl-layout--fixed-drawer mdl-layout--

fixed-header mdl-layout--fixed-tabs">

<header class="demo-header mdl-layout__header mdl-color--grey-100 mdl-color-text--grey-

600">

<div class="mdl-layout__header-row">

<span class="mdl-layout-title">TACACS Monitor/Control</span>

<div class="mdl-layout-spacer"></div>

<button class="mdl-button mdl-js-button mdl-js-ripple-effect mdl-button--icon"

id="hdrbtn">

<i class="material-icons">more_vert</i>

</button>

<ul class="mdl-menu mdl-js-menu mdl-js-ripple-effect mdl-menu--bottom-right"

for="hdrbtn">

<li class="mdl-menu__item"><span id="logout">Log Out</span></li>

</ul>

</div>

</header>

<div class="demo-drawer mdl-layout__drawer mdl-color--blue-grey-900 mdl-color-text--

blue-grey-50">

<header class="demo-drawer-header">

Page | 56

<img src="images/admin.png" class="demo-avatar">

<div class="demo-avatar-dropdown">

<span class="mdl-card__title-text">Admin Panel</span>

<div class="mdl-layout-spacer"></div>

</div>

</header>

<nav class="demo-navigation mdl-navigation mdl-color--blue-grey-800">

<a href="#fixed-tab-1" class="mdl-navigation__link" id="lnk1"><i class="mdl-color-text-

-blue-grey-400 material-icons" role="presentation">home</i>Home</a>

<a href="#fixed-tab-2" class="mdl-navigation__link" id="lnk2"><i class="mdl-color-text-

-blue-grey-400 material-icons" role="presentation">settings</i>settings</a>

</nav>

</div>

<main class="mdl-layout__content mdl-color--grey-100">

<section class="mdl-layout__tab-panel is-active" id="fixed-tab-1">

<div class="page-content">

<div class="mdl-grid demo-content">

<div class="demo-charts mdl-color--white mdl-shadow--2dp mdl-cell mdl-cell--12-col

mdl-grid">

<h2 class="mdl-card__title-text">Dashboard</h2>

</div>

Page | 57

<div class="demo-graphs mdl-shadow--2dp mdl-color--white mdl-cell mdl-cell--8-col" >

<h2 class="mdl-card__title-text" style="align-self: left">Live Access Log</h2>

<br />

<div id="tailcontainer">

<ul id="tail" class="mdl-color-text--grey-600"></ul>

</div>

<br />

<h2 class="mdl-card__title-text" style="align-self: left">Live Accounting Log</h2>

<br />

<div id="tail1container">

<ul id="tail1" class="mdl-color-text--grey-600"></ul>

</div>

</div>

<div class="demo-cards mdl-cell mdl-cell--4-col mdl-cell--8-col-tablet mdl-grid mdl-grid-

-no-spacing">

<div class="demo-updates mdl-card mdl-shadow--2dp mdl-cell mdl-cell--4-col mdl-cell--

4-col-tablet mdl-cell--12-col-desktop">

<div class="mdl-card__title mdl-card--expand mdl-color--teal-300">

<h2 class="mdl-card__title-text">Server Info</h2>

</div>

<div class="mdl-card__supporting-text mdl-color-text--grey-600" id="serverInfo">

</div>

Page | 58

</div>

<div class="demo-separator mdl-cell--1-col"></div>

<div class="demo-options mdl-card mdl-color--deep-purple-500 mdl-shadow--2dp mdl-

cell mdl-cell--4-col mdl-cell--3-col-tablet mdl-cell--12-col-desktop">

<div class="mdl-card__supporting-text mdl-color-text--blue-grey-50">

<h3>TACACS Start/Stop</h3>

<label class="mdl-switch mdl-js-switch mdl-js-ripple-effect" for="switch-1">

<input type="checkbox" id="switch-1" class="mdl-switch__input" checked>

<span class="mdl-switch__label"></span>

</label>

</div>

</div>

</div>

</div>

</div>

</section>

<section class="mdl-layout__tab-panel" id="fixed-tab-2">

<div class="page-content">

<div class="mdl-grid demo-content">

<div class="demo-charts mdl-color--white mdl-shadow--2dp mdl-cell mdl-cell--12-col

mdl-grid">

<h2 class="mdl-card__title-text">TACACS Config</h2>

</div>

Page | 59

<div class="demo-graphs mdl-shadow--2dp mdl-color--white mdl-cell mdl-cell--4-

col">

<div class="mdl-card__title">

<h2 class="mdl-card__title-text">Generate DES</h2>

</div>

<form action="#">

<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">

<input class="mdl-textfield__input" type="text" id="passwd">

<label class="mdl-textfield__label" for="passwd">Text...</label>

</div>

<!-- Raised button with ripple -->

<button class="mdl-button mdl-js-button mdl-button--raised mdl-js-ripple-effect"

id="desGenerate">

Generate

</button>

</form>

<h2 id="despwd"></h2>

</div>

<div class="demo-graphs mdl-shadow--2dp mdl-color--white mdl-cell mdl-cell--8-

col">

<div class="mdl-card__title">

Page | 60

<h2 class="mdl-card__title-text">Configuration File</h2>

</div>

<div class="mdl-card__supporting-text">

<div class="mdl-textfield mdl-js-textfield mdl-textarea" style="width:100%;">

<textarea class="mdl-textfield__input" id="tacace-config" type="text" rows=

"17" style="width:100%"></textarea>

</div>

</div>

<button class="mdl-button mdl-js-button mdl-button--raised mdl-js-ripple-effect"

id="btnUpdate">

Update

</button>

</div>

</div>

</div>

</section>

</main>

</div>

<script src="js/material.min.js"></script>

<script src="js/socket.io-1.2.0.js"></script>

<script src="login1/js/jquery.min.js"></script>

<script type="text/javascript">

Page | 61

$(document).ready(function(){

$('#fixed-tab-2').hide();

$('#lnk1').click(function(){

$('#fixed-tab-2').hide();

$('#fixed-tab-1').slideDown(100);

});

$('#lnk2').click(function(){

$('#fixed-tab-1').hide();

$('#fixed-tab-2').slideDown(100);

});

$("#desGenerate").click(function(){

socket.emit("generateDES",$('#passwd').val());

//alert($('#passwd').val());

});

$("#btnUpdate").click(function(){

console.log($('#tacace-config').val());

socket.emit("update_conf",$('#tacace-config').val());

});

Page | 62

$("#logout").click(function(){

console.log("logout");

$.ajax({

type: "GET",

url: "http://192.168.0.77:3000/logout",

success: function(response) {

console.log("success"+response);

location.href = "/";

},

complete: function(response) {

console.log("complete" + response);

// alert("complete"+response);

}

});

event.preventDefault();

});

console.log("cookie"+document.cookie);

});

</script>

<script>

Page | 63

var socket = io();

socket.emit("get_config","get");

socket.on('response', function(msg){

$('#messages').append($('<li>').text(msg));

});

socket.on('tail', function(msg){

console.log("tail : "+msg);

$('#tail').append($('<li>').text(msg));

$('#tail').scrollTop($('#tail')[0].scrollHeight);

});

socket.on('tail1', function(msg){

console.log("tail1 : "+msg);

$('#tail1').append($('<li>').text(msg));

$('#tail1').scrollTop($('#tail')[0].scrollHeight);

});

socket.on('config', function(msg){

$('#tacace-config').val(msg);

});

$('form').submit(function(){

Page | 64

$('#messages').empty();

socket.emit('request', $('#m').val());

$('#m').val('');

return false;

});

socket.on('response', function(msg){

$('#messages').append($('<li>').text(msg));

});

socket.on('memory', function(msg){

console.log(msg);

});

socket.on('serverInfo', function(msg){

console.log(msg);

$('#serverInfo').append("<p>"+msg+"</p>");

});

socket.on('despwd',function(msg){

$('#despwd').html("<h2 class=\"mdl-card__title-text\">DES

Password</h2><p>"+msg+"</p>");

});

Page | 65

socket.on('tacacs-status',function(msg){

$('#switch-1').prop('checked', msg);

});

$("#switch-1").click(function(){

if($("#switch-1").prop("checked")){

socket.emit('tacacs-control',true);

}else{

socket.emit('tacacs-control',false);

}

})

</script>

</body>

</html>

Server side HTML

<!DOCTYPE html>

<html >

<head>

<meta charset="UTF-8">

<title>Sign-Up/Login Form</title>

<link href='css/fonts.css' rel='stylesheet' type='text/css'>

Page | 66

<link rel="stylesheet" href="css/normalize.css">

<link rel="stylesheet" href="css/style.css">

</head>

<body>

<div class="form">

<ul class="tab-group">

<li class="tab"><a href="#signup">Sign Up</a></li>

<li class="tab active"><a href="#login">Log In</a></li>

</ul>

<div class="tab-content">

<div id="signup">

<h1>Sign UP NOW</h1>

<form role="form" id="register-form" >

Page | 67

<div class="top-row">

<div class="field-wrap">

<label>

First Name<span class="req">*</span>

</label>

<input type="text" required autocomplete="off" id="firstname"/>

</div>

<div class="field-wrap">

<label>

Last Name<span class="req">*</span>

</label>

<input type="text"required autocomplete="off" id="lastname"/>

</div>

</div>

<div class="field-wrap">

<label>

Email Address<span class="req">*</span>

</label>

<input type="email"required autocomplete="off" id="username"/>

</div>

Page | 68

<div class="field-wrap">

<label>

Set A Password<span class="req">*</span>

</label>

<input type="password"required autocomplete="off" id="password"/>

</div>

<button type="submit" class="button button-block"/>Get Started</button>

</form>

</div>

<div id="login">

<h1>Welcome Back!</h1>

<form id="login-form">

<div class="field-wrap">

<label>

Email Address<span class="req">*</span>

</label>

<input type="email"required autocomplete="off" id="username1"/>

Page | 69

</div>

<div class="field-wrap">

<label>

Password<span class="req">*</span>

</label>

<input type="password"required autocomplete="off" id="password1"/>

</div>

<button class="button button-block"/>Log In</button>

</form>

</div>

</div><!-- tab-content -->

</div> <!-- /form -->

<script src='js/jquery.min.js'></script>

<script src="js/index.js"></script>

<script type="text/javascript">

Page | 70

var register_form = document.getElementById("register-form");

register_form.onsubmit = function() {

//function submimt(){

var firstname = document.getElementById("firstname").value;

var lastname = document.getElementById("lastname").value;

var username = document.getElementById("username").value;

var password = document.getElementById("password").value;

var post_json = {

"firstname":firstname,

"lastname":lastname,

"username":username,

"password":password

};

console.log(post_json);

// alert(post_json);

$.ajax({

type: "POST",

url: "http://192.168.0.77:3000/register",

data: JSON.stringify(post_json),

contentType: "application/json; charset=utf-8",

success: function(response) {

console.log("success"+response);

location.href = "/";

Page | 71

},

complete: function(response) {

console.log("complete" + response);

// alert("complete"+response);

}

});

event.preventDefault();

}

var login_form = document.getElementById("login-form");

login_form.onsubmit = function() {

var username = document.getElementById("username1").value;

var password = document.getElementById("password1").value;

var post_json = {

"username":username,

"password":password

};

console.log(post_json);

// alert(post_json);

$.ajax({

type: "POST",

url: "http://192.168.0.77:3000/login",

data: JSON.stringify(post_json),

Page | 72

contentType: "application/json; charset=utf-8",

success: function(response) {

console.log("success"+response);

location.href = "/dashboard";

},

complete: function(response) {

console.log("complete" + response);

// alert("complete"+response);

}

});

event.preventDefault();

}

$(document).ready(function(){

console.log("ready");

$('#signup').hide();

$('#login').fadeIn();

});

</script>

</body>

Page | 73

</html>

Tacacs+ web integration .Js

const exec = require('child_process').exec;

var http = require('http');

var os = require('os');

var express = require('express');

var mongoose = require('mongoose');

var cookieParser = require('cookie-parser');

var bodyParser = require('body-parser');

var session = require('express-session');

var app = express();

var httpServer = http.Server(app);

var io = require('socket.io')(httpServer);

var Tail = require('tail').Tail;

var router = express.Router();

var User = require('./lib/User');

var tail = new Tail("/var/log/tac_plus.log");

var tail1 = new Tail("/var/log/tac_plus.acct");

mongoose.connect('mongodb://localhost/tacacs-gui',function(err){

if(err){

return console.log(err);

Page | 74

}

return console.log("mongoose connected!!");

});

app.use(bodyParser.json());

app.use(bodyParser.urlencoded({extended: false}));

app.use(cookieParser());

app.use(session({secret:"asdadwe1sdf", resave:false,saveUninitialized:true}));

var allClients = [];

io.on('connection',function(socket){

console.log("A user connected! : ");

if(allClients.length ==0){

tail1.watch();

tail.watch();

}

Page | 75

tail.on("line",function(data){

console.log("tail"+data);

socket.emit('tail',data);

});

tail.on("error",function(error){

console.log(error);

});

tail1.on("line",function(data){

console.log("tail1"+data);

socket.emit('tail1',data);

});

tail1.on("error",function(error){

console.log(error);

});

allClients.push(socket);

socket.emit('serverInfo',"Host Name :

"+os.hostname()+"<br>Type : "+os.type()+'<br>Platform : '+os.platform()+"<br>Architecture :

"+ os.arch()+"<br>Total Memory : "+os.totalmem()+"<br>Free Memory : "+os.freemem());

socket.emit('memory',os.totalmem()+","+os.freemem());

Page | 76

socket.on('get_config',function(msg){

console.log("Message :"+msg);

const child = exec('cat /etc/tacacs/tac_plus.conf',

//const child = exec('cat temp/tac_plus.conf',

(error, stdout, stderr) => {

socket.emit("config",stdout);

console.log(`stdout: ${stdout}`);

//console.log(`stderr: ${stderr}`);

if (error !== null) {

console.log(`exec error: ${error}`);

}

});

});

socket.on('update_conf',function(msg){

console.log("Message :"+msg);

const child = exec('echo \''+msg+"\' >

/etc/tacacs/tac_plus.conf",

//const child = exec('echo \"'+msg+"\" >

temp/tac_plus.conf",

(error, stdout, stderr) => {

Page | 77

console.log(typeof(stdout));

console.log(`stdout: ${stdout}`);

//console.log(`stderr: ${stderr}`);

if (error !== null) {

console.log(`exec error: ${error}`);

}

});

exec('/etc/init.d/tac_plus stop',

(error, stdout, stderr) => {

console.log(`stdout: ${stdout}`);

//console.log(`stderr: ${stderr}`);

if (error !== null) {

console.log(`exec error: ${error}`);

}else{

exec('/etc/init.d/tac_plus start',

(error, stdout, stderr) => {

console.log(`stdout: ${stdout}`);

//console.log(`stderr: ${stderr}`);

if (error !== null) {

console.log(`exec error: ${error}`);

}

});

Page | 78

}

});

});

socket.on('disconnect', function() {

console.log('Got disconnect!');

var i = allClients.indexOf(socket);

allClients.splice(i, 1);

if(allClients.length == 0){

tail.unwatch();

tail1.unwatch();

}

});

socket.on('generateDES',function(msg){

exec('echo '+msg+' | tac_pwd',

(error, stdout, stderr) => {

console.log(`stdout: ${stdout}`);

//console.log(`stderr: ${stderr}`);

if (error !== null) {

console.log(`exec error: ${error}`);

}else{

Page | 79

socket.emit('despwd',stdout);

}

});

});

socket.on('tacacs-control',function(msg){

if(msg){

console.log("start server");

exec('/etc/init.d/tac_plus start',

(error, stdout, stderr) => {

console.log(`stdout: ${stdout}`);

//console.log(`stderr: ${stderr}`);

if (error !== null) {

console.log(`exec error: ${error}`);

}

});

}else{

console.log("stop server");

exec('/etc/init.d/tac_plus stop',

(error, stdout, stderr) => {

console.log(`stdout: ${stdout}`);

//console.log(`stderr: ${stderr}`);

Page | 80

if (error !== null) {

console.log(`exec error: ${error}`);

}

});

}

});

});

router.get('/',function(req,res,next){

if(req.session != null){

if(!req.session.user){

return res.redirect('/login1');

}

return res.redirect('/dashboard');

}else{

res.redirect('/login1');

}

});

router.post('/login',function(req,res){

Page | 81

var username = req.body.username;

var password = req.body.password;

console.log(req.body);

console.log(username+" : "+password);

User.findOne({username:username,password:password},fu

nction(err,user){

if(err){

console.log(err);

return res.status(500).send("error");

}

if(!user){

return res.status(404).send("mismatch");

}

req.session.user = user;

return res.status(200).send("OK");

})

});

router.get('/logout',function(req,res){

req.session.destroy();

res.status(200).send();

Page | 82

});

router.post('/register',function(req,res){

console.log("register" + req.body.username +" : " +

req.body.password);

var newuser = new User();

newuser.username = req.body.username;

newuser.password = req.body.password;

newuser.firstname = req.body.firstname;

newuser.lastname = req.body.lastname;

newuser.save(function(err,savedUser){

if(err){

console.log(err);

return res.status(500).send("fail");

}

return res.status(200).send("success");

})

});

router.get('/dashboard',function(req,res){

Page | 83

if(req.session != null){

if(!req.session.user){

res.redirect('/login1');

}

res.sendFile(__dirname + '/views/index.html');

}else{

res.redirect('/login1');

}

});

var allowCrossDomain = function(req, res, next) {

res.header('Access-Control-Allow-Origin', "*");

res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');

res.header('Access-Control-Allow-Headers', 'Content-Type');

next();

}

app.use('/',router);

app.use(express.static(__dirname + '/public'));

Page | 84

app.use(allowCrossDomain);

httpServer.listen(3000,function(){

console.log("Server Listening on port 3000");

});