Tacacs+ with gui support

Final Year Project (FYP)
AAA+ Server with GUI Integration
Submitted By: Asmit PandEy
Networking (N3)
Student ID: 13051997
Submitted to: mr. Bikash Bhattarai
: Mr. Monil Adhikari

Acknowledgement
There are numerous persons behind the accomplishment of this project. Without their separate
contribution throughout the project, this project would have never been effective. Firstly, I want
to express gratitude toward Mr. Bikash Bhattarai, who is the supervisor of my project, for his
remarkable support all through this project. At whatever point I was dispirited that this project is
enormous and can't be done he continued inspiring me and gave me certainty to finish it. Further,
I would also like to thank my second supervisor Mr. Monil Adhikari in light of the fact that
without his assistance in doing this project it would questionably come up short. He has helped
me in each stride and never wavered in helping me and my task. Likewise, I might likewise want
to express my appreciation to Mr. Jems Rajbhandari, who is an individual from Wlink
Communications, for giving me immediate and realtime GUIdance wherever I got spooked and
got stuck with some errors. I would also like to thank Mr. Binod Shrestha who is also an
individual from Wlink Communications for providing me necessary leave and time to complete
my project. Further, I might likewise want to express gratitude toward some of my companions
for empowering me and furthermore furnishing me with thoughts of programming and others.
Last but not the least I also want to thank everybody, to whom I neglected to thank, for their
assistance and backing for the culmination of this project.
Abstract
Acknowledging the fact that we have completed long mile regarding security in the networking
field in a short period of time. If we go five years back from now and compare the network or
information security then versus the network or information security now; we will definitely find
a huge gap. We now have outstanding security measures that extremely minimize the risks of
data theft or any information misuse. There has been lots of research in the information security
field, mainly the research being focused on the measures to maintain the confidentiality, integrity
and availability of the information. The project I am doing is about secure ways to authenticate,
authorize the users accessing devices in wan or lan with the use of an AAA server and also to

maintain accounts on the tasks performed by those users. In the current scenario there are
different AAA servers, but the most dominant being radius and tacacs+ server. The reason for
choosing tacacs+ for this project is because it uses TCP over UDP.
This report is about the project in which an AAA server is developed with additional features
such as a GUI features like the log management and the system management. The AAA server
chosen to use is the tacacs+ server. An AAA server is used so that the effort of maintaining the
network devices in a large network will be easy. Suppose, in an ISP there are 300 switches, and
we have to maintain different user credentials for the network administrators and the system
administrators, imagine how hard the job will be if we were to configure the switches manually.
But with a centralized tacacs+ server all we need to do is to add those switches into the server.
This example proves the importance of an AAA server in terms of its value and its effort
reducing capability.
The AAA server developed the project is a tacacs+ server running on Ubuntu, which supports
authentication, authorization and accounting of network devices such as switches or routers. The
tacacs+ server is configured on the Ubuntu machine, and gns3 is used so as to use a virtual router
to act as a real router so that we can test the authentication, authorization and accounting
capability of the AAA server thus developed. The usage of gns3 however doesn’t concerns the
GUI sector of the project. The GUI interface is just created in order to make the job of the
administrator easy. The logs thus generated are fed to the database. The database that is used is
mysql. Then using web programming language, html, javascript, jquery, bootstrap and css to be
precise those logs are displayed in a graphical format. Whereas, in the server side programming
languages like nodejs., express, socket.io and mongoose are used. A tool known as sublime text
is used to write the programming codes. Likewise, a database known as mongodb is used to store
the files. And to make communication between the server side (backend) and the client side
(front end) REST API and socket are used. Thus, in this way a AAA server is developed with a
web based graphical integration.

Contents
Acknowledgement........................................................................................................................................1
Abstract.........................................................................................................................................................2
List of Figures ................................................................................................................................................6
Abbreviations................................................................................................................................................7
Section 1: Introduction .................................................................................................................................1
1.1 Introduction of Subject Matter...........................................................................................................1
1.2 Problem Domain .................................................................................................................................3
1.3 Client Information...................................................................................................................................4
1.4 Aims and Objectives................................................................................................................................4
1.5 Report Structure .....................................................................................................................................5
Section 2: Background/Context ....................................................................................................................6
2.1 Related Work ......................................................................................................................................8
TACACS:.................................................................................................................................................8
RADIUS:.................................................................................................................................................8
Section 3: Development................................................................................................................................9
3.1Methodology........................................................................................................................................9
3.1.1 Software Development Life Cycle (SDLC).....................................................................................9
3.1.2 Programming Approach.............................................................................................................14
3.1.3 Tools and Techniques.................................................................................................................15
3.1.3.3 GNS3: ......................................................................................................................................17
3.2 Software Requirement Specification ................................................................................................20
3.2.1 System Overview........................................................................................................................20
3.2.2 Dependencies.............................................................................................................................22
3.2.3 User Interface Requirements.....................................................................................................23
3.2.4 Functional Requirements...........................................................................................................23
3.2.5 Non-functional Requirement.....................................................................................................24
Section 3: Testing, Results and Conclusion.................................................................................................25
3.2 Critical Evaluation .............................................................................................................................39
3.3 Future Work......................................................................................................................................39
Section 4: Conclusion..............................................................................................................................40
4.1 Personal Reflection ...........................................................................................................................40
Section 5: Social and Ethical Issues.............................................................................................................41

Section 6: References..................................................................................................................................43
Appendix A..................................................................................................................................................45
TACACS+ Configuration files ...................................................................................................................45
Init.d configuration file to start tacacs+ on startup................................................................................49
Creating a virtual interface in ubuntu.....................................................................................................51
Client side HTML .....................................................................................................................................51
Server side HTML ....................................................................................................................................65

List of Figures
Fig 1: RADIUS Authentication and Authorization Flow
Fig 2: SDLC Model
Fig 3: Prototyping Model
Fig 4: Typical AAA Server
Fig 5: Tacacs+ Operation
Fig 6: System Architecture
Fig 7: Successful ping between router and ubuntu and vice-versa
Fig 8: Verification that the tacacs+ server is running on port 49
Fig 9: To make sure the authentication process works.
Fig 10: Analyzing the tac_plus.log file
Fig 11: Analyzing the tac_plus.acct file
Fig 12: Verification that the backend server is running on port 300 and listening
Fig 13: Signing up for the webpage with email test@test.com and password test
Fig 14: Logging in with new email test@test.com
Fig 15: Successful login with the email test@test.com
Fig 16: Adding new user with username ‘test’ and password ‘test’ which is encrypted with DES
Fig 17: Tacacs+ server restarting after adding new user to the config.
Fig 18: Successful login to the router with the new username
Fig 19: Authentication logs generated in web module.
Fig 20: No logs are generated in the accounting log
Fig 21: Logging out of the webpage

Abbreviations
AAA: Authentication, Authorization and Accounting
TACACS: Terminal Access Controller Access-Control System
RADIUS: Remote Authentication Dial-in User Service
TCP: Transmission Control Protocol
UDP: User Datagram Protocol
REST API: Representational State Transfer Application Programming Interface

Page | 1
Section 1: Introduction
One of the most difficult jobs a network or a system administrator faces in today's network
security environment is constraining access to network devices to limited and authorized users.
Similarly as to try and frequently monitor what and when administrations are utilized, and their
recurrence of utilization. The requirement for system security puts a considerably more
noteworthy limitation on system overseers, as systems proceed to develop and turn out to be
more decentralized.
1.1 Introduction of Subject Matter
An AAA server is a server program that handles user requests for access to computer resources
and, for an enterprise, provides authentication, authorization, and accounting (AAA) services.
There are numerous AAA servers that are used widely, some of them are: XTACACS,
TACACS, TACACS +, RADIUS etc.
Mankind now has reached the information age, where theft of certain information can be
catastrophic. There are many such information’s which when gets laid on to the hands of
malicious persons can cause severe destruction. Also, there are some theories that suggest if
world war III will ever occur it will now start with information warfare. Thus, protecting certain
information is must in this information age. Likewise, securing computer resources specifically
being the network devices like router and switches in a network (lan or wan) is also essential.
The authentication of devices of network and the ways of maintain authorization is a crucial part
of maintaining and keeping a network or a system alive. And, one way of protecting those
devices is by implementing an AAA server. With the implementation of an AAA server we can
allow or deny access, control the level of access and also keep record of each and everything that
a user did in the system.
In an AAA server the first process is authentication, authentication provides a way of
identifying a user, typically by having the user enter a valid user name and a valid password
before access is granted. Following authentication, a user must gain authorization for doing

Page | 2
certain tasks. After logging into a system, for instance, the user may try to issue commands. The
final plank in the AAA framework is accounting, which measures the resources a user consumes
during access and also keeps the record or logs of the performed activities.
To see how AAA functions, the relationship between the AAA client and AAA server needs
clarification. The clarification is retrieved from data accumulated from the source referenced
toward the end of this passage. The AAA client is software that keeps running on a system
gadget, for example, a Cisco router. At the point when a client endeavors to associate with the
router, the function of the client software is to pass authentication, authorization and accounting
obligations to the AAA server so as to finish the association or the connection to the router. It
starts when the client sends the client's authentication request to the server utilizing either the
TACACS+ or the RADIUS or any other AAA server conventions. The server can check the
username and password and afterward tells the client whether the verification endeavor has
succeeded or fizzled. On the off chance that the verification is fruitful, the client is conceded
access to the system gadget. The server will give approval data to the customer permitting the
client to perform undertakings based upon the assigned privilege level. As of right now, the
client imparts recording activities to the server so the client's activities can be obviously
followed. The AAA server gives a brought together area to arrange and control these three
essential security capacities portrayed in the passage.
(Cisco Systems, Inc., User GUIde for Cisco Secure ACS 3.1 for Windows Server, “Overview
of Cisco Secure ACS”).
Another deliberation was the protocol that would be used to deliver the AAA services in this
project. The choices were TACACS+ and RADIUS. The difference between TACACS+ and
RADIUS are listed below:
TACACS+ RADIUS
It uses Transmission Control Protocol (TCP). It uses User Datagram Protocol (UDP).
It is more secure as it encrypts entire body of
the packet.
It is less secure as it encrypts only the
password.
It utilizes the full AAA architecture. It combines authentication and authorization

Page | 3
together.
It is cisco proprietary. It is industry standard.
It allows control of router commands on a
per-user and per-group basis.
It does not allow users to control which router
commands can be executed.
Although, the tacacs+ server is a cisco proprietary it is still supported by devices other than the
cisco devices; for e.g. on juniper devices. This is also one of the main reason of choosing tacacs+
for this project. Another potent reason to choose tacacs+ is because of security reason as tacacs+
works on tcp rather than udp.
1.2 Problem Domain
Almost all of the authentication, authorization and accounting servers used today are lacking
an important factor that is the GUI interface. In the current time it’s quite tedious to use the
command line to perform simple tasks. Also, there is not trend of graphical user friendly log
management system for the log generated from the tacacs+ server. Traditionally the logs are just
stored in a text file without proper ways of viewing them. This makes someone without file
system knowledge difficult to view the logs. This project aims to implement a web based log
management system which copes with the test files of log to retrieve information or logs.
The proposed system will thus be able to display the logs that are generated by the tacacs+
server in a graphical environment with some features like performing administration tasks like
adding groups and users etc.
Targeted Audience:
Internet service providers are the main targeted audience of this project. An internet service
provider is typically a company consisting of numerous network devices like router and
switches. In an ISP there are many executive people without information technology knowledge.
Thus, with the implementation of this project in the isp those people without information

Page | 4
technology knowledge can also use the tacacs+ server to add groups and users in the tacacs+
server.
The project also targets companies in which there are numerous network devices. Typically those
companies or organizations having a huge wan or an enormous lan connection.
1.3 Client Information
The system model is being developed for Subisu Cablenet Private Limited., which is one of the
popular internet service provider in Nepal. It was established in 2001 and has been serving the
people of Nepal. Currently it has more than 40,000+ customers, subisu primarily provides cable
internet and television services through a HFC network. Thus, subisu has a large WAN network
consisting of numerous switches. Thus, subisu can implement the AAA+ server that is being
developed in the project so that they can manage the accounting issues of those switches with a
GUI support and also administer different users and group from the GUI interface as well.
1.4 Aims and Objectives
The main aim of this project is to develop and authentication, authorization and accounting
server with a better log management system and GUI interface to perform simple administration
tasks.
In order to accomplish these aims the following keen objectives are set and were followed:
 Feasibility study for this project was done by evaluating some similar projects by
November 15th
2015.
 The requirements for the system were gathered by scrutinizing and researching the
internet by 20th
November 2015.
 The main principle of system development was idealized by 25th
November 2015.
 Tutorials on AAA servers are examined by 30th
November 2015.
 A system prototype will be developed by the end of March 2016.
 The system will be assimilated and verified till 2nd
April 2016.
 Necessary modification and debugging will be carried out till 20th
April 2016.

Page | 5
 Documentation and evaluation of documentation will be carried out by 20th April 2016.
1.5 Report Structure
The following is the organization that delineates how the tasks have been sorted out in the report.
Section 2: Background/Context
This section talks about the foundation and connection identified with the project. Further it
examines about the innovation utilized for the improvement of this project. It likewise represents
the improvement identified with this project that took after by the key contrast between them. In
addition, it also shows the position of this project in the subject field.
Section 3: Development
The Development segment comprises of Methodology, Software Requirement Specification
(SRS) and Design Process for this project. Methodology demonstrates the tools, approaches,
strategies, instruments and procedures utilized for the advancement, though SRS comprise of
framework outline, programming conditions, practical and non-useful necessities. At long last,
design process covers the designs like process flow, context diagram, DFD (Data Flow Diagram)
and flow charts.
Section 4: Testing, Results and Conclusion
This segment contains the test forms that have been made against the AAA server framework
alongside the test outcomes. Further conclusion is made for the whole framework and assessment
is finished. Likewise, the future improvements for the system that could be integrated in the
current system, is also mentioned.
Section 5: Social and Ethical Issues
This section talks about the issues that may emerge because of the arrangement of the AAA
server framework. Likewise, it additionally clears up that the task doesn't emerge any sort of
social and moral issues due to any information and data it contains.
Section 6: References

Page | 6
This segment rattles off general references of journals, conferences, books, website and others
that have been referred to all through the task.
Section 2: Background/Context
This project is about the development of an AAA server with the use of existing AAA server, i.e.
the tacacs+ server in this case with an GUI administration system and a graphical log
management system. The AAA server is the main backbone of the project.
Since the project is mainly based on the AAA server; understanding the various process of an
AAA server is a crucial thing. The processes of an AAA server are authentication, authorization
and accounting. As the first process, authentication gives a method for recognizing a client,
commonly by having the client enter a substantial client name and legitimate secret word before
access is allowed. The procedure of confirmation depends on every client having a one of a kind
arrangement of criteria for getting entrance. The AAA server contrasts a client's verification
certifications and other client accreditations put away in a database. On the off chance that the
authentication coordinates, the client is allowed access to the system. In the event that the
authentication mismatches or are at change, confirmation falls flat and system access is denied.
Following authentication, a client must pick up approval for doing certain undertakings. In the
wake of signing into a framework, for occasion, the client may attempt to issue charges. The
approval process figures out if the client has the power to issue such charges. Basically, approval
or authentication is the procedure of upholding strategies: figuring out what sorts or
characteristics of exercises, assets, or administrations a client is allowed. As of rule,
authentication happens inside the setting of confirmation. When a client is validated, they will be
approved for various sorts of access.
The last board in the AAA structure is accounting, which measures the assets a client expends
amid access. This can incorporate the measure of framework time or the measure of information
a client has sent and/or got amid a session. Bookkeeping is done by logging of session insights
and use data and is utilized for approval control, charging, pattern investigation, asset use, and
scope quantification exercises.

Page | 7
Authentication, authorization, and accounting services are regularly given by a committed AAA
server, a system that performs these functions.
Following the concepts of an AAA server, its working principle comes next. TACACS+ uses a
client server model methodology. The server (running on UNIX or NT) is addressed by the client
and the server thus answer by expressing whether the client passed or fizzled the confirmation.
Note that the client is not the user or the user's machine, but instead the device that is attempting
to figure out whether the client ought to be permitted passage into the system (generally a
switch/router or a firewall). TACACS+ utilizes TCP as the transport protocol – the default port is
49. On the off chance that required, the server can be arranged to listen on different ports.
TACACS+ is like RADIUS (remote Access Dial In User Server) with a couple key contrasts.
RADIUS utilizes UDP for correspondence between the client and the server whereas TACACS+
utilizes TCP. With TCP being connection oriented protocol and more dependable it makes for a
more vigorous transport protocol of choice. Both TACACS+ and RADIUS utilize a common
secret key to give encryption to correspondence between the client and the server. Radius
encodes the client's password when the customer makes a solicitation to the server. This
encryption keeps somebody from sniffing the client's password utilizing a packet analyzer.
However other data, for example, username and services that is being performed can be
analyzed. TACACS+ not just encrypts the whole payload when conveying, as well as scrambles
the client's password between the client and the server. This makes it harder to unravel
information about the correspondence between the client and the server. TACACS+ utilizes
MD5 hash capacity as a part of its encryption and decryption process.
Utilizing TACACS+ to provide authentication and authorization and accounting gives system
builds an additional layer of assurance in securing systems. It permits access to network
administrations to be directed on a more granular premise. Remote users associating with the
system can be screened against the client database and a custom strategy that controls what
devices a client can access as well as what administrations on a specific devices that a client can
get to. In the event that a clients record is bargained that record can be incapacitated. Accounting
gives a review trail that can be utilized to track what benefits the client had admittance. As more
workers work remotely from home, TACACS+ can make the undertaking of regulating client
records and system benefits more productive and secure. While Implementing TACACS+

Page | 8
recollect that if the servers that are running the TACACS+ applications are traded off an
assailant could have entry to your association’s whole client/secret word database.
Communication with the TACACS+ servers should be limited to the devices that need to
communicate with the server to perform authentication, authorization and accounting.
2.1 Related Work
TACACS:
Terminal access controller access-control system (TACACS) is the predecessor of
XTACACS and the TACACS+. It is a family related protocols that handles remote
authentication and related services for networked access control using a centralized server. The
initial TACACS protocol was announced in 1984. Back then it was used in order to
communicate with an authentication server commonly in older UNIX networks. It works under
either TCP or UDP port 49 by default. When a client enters username and password to the tacacs
server a query is send by the tacacs server to the tacacs authentication server usually called
tacacs daemon or simply tacacsd. It would figure out if to acknowledge or deny the
authentication ask for and send a reaction back. The TIP (routing node accepting dial-up line
associations, which the client would ordinarily need to sign in into) would then permit get to or
not, based upon the reaction. Along these lines, the procedure of settling on the choice is "opened
up" and the calculations and information used to settle on the choice are under the complete
control of whoever is running the TACACS daemon.
RADIUS:
Radius was developed by Livingston enterprise in 1991 and is a networking protocol that
provides centralized authentication, authorization and accounting. Radius runs in the application
layer using the UDP as transport.

Page | 9
Fig 2: RADIUS Authentication and Authorization Flow
The radius user sends a request to a Network Access Server (NAS) to gain access to a
certain network resource using pre-defined access credentials. Those credentials are then passed
to the NAS device through the link-layer protocol. For e.g. Point-to-Point Protocol.
Section 3: Development
3.1Methodology
3.1.1 Software Development Life Cycle (SDLC)
Software Development Life Cycle or SDLC is a systematic sequence of steps that offers a model
for the development of any application, system or software.

Page | 10
Fig 2: SDLC Model
In order to develop the software for this project, the prototyping model is used. The goal of
prototyping model is to build a prototype of the system so that requirements for the system are
better understood (Sommerville, 2009). In view of the underlying necessity a prototype is created
which is further tried and assessed. After assessment stage refinement of prototype would be all
the more effectively picked up and assist more refined prototype could be produced and at last
entire framework. The connection with the Prototype is the better route for clients to comprehend
the necessity of desired framework. Underneath figure shows the tasks that are included in this
life cycle.

Page | 11
Fig 3: Prototyping Model
The model used in this project that is the prototyping model consists of six stages. The first phase
of prototyping model starts by gathering requirement for the system that is being developed.
Following the requirement analysis an instant system design is performed. Consequently, a
system prototype is also developed. After the prototype is built, it is then evaluated by the
concerning party. Then after the evaluation and review, the prototype is again refined and the
development process again shifts to the design phase. This process in continued until and unless
the product is able to give its deliverables. And finally the development of the working
framework is initiated based on the same prototype.
The various phases of this model are described below:
1. Requirement gathering and analysis
This is the stage of the prototype model where the elementary or the fundamental
requirements are identified. In this phase the functional requirement of the project is
understood. After the understanding of functional and essential requirements, tool
requirement analysis is done.
2. Quick design:
This is the stage of the prototype model where a primary or the initial prototype of the
project is developed. The prototype is developed with a very basic requirement and the
Requirement gathering Quick Design Building Prototype
Prototype EvaluationRefining PrototypeFinalizing Prototype

Page | 12
prototype is then given to the user to test the system. The system that is developed in this
stage will be nowhere close to the final project, but the system in this phase will be the
main backbone of the project which will be developed over time.
3. Building Prototypes:
This is the stage of the prototype model in which the outcome of the quick design is taken
and design of the system is started again. The prototype developed in this stage is closely
similar to the final system that will be developed.
4. Prototype Evaluation:
This is the stage of the prototype model in which the prototype developed is evaluated by
the client. The client evaluates the prototype with different aspects then suggests the
developer about the things that needs to be added and the things that are to be kept as it
is.
5. Refining Product:
In this stage of the prototype model the evaluation of the client is considered and the
system is refined as needed. If the project is meeting the requirement of the client then
the system goes to the next process, but if any problem or any limitation is acknowledged
by the client the development team refines the project.
6. Finalizing prototype:
In this stage of the prototype model a well functioning prototype meeting the requirement
of the client is sent for designing and development process.
Some of the advantages of using Prototyping model are as follows:
1. The end user or the actual client will get active involvement in the development
process.
2. The end user will understand the system better since this model is a working model.
3. The end users can give instant and spontaneous feedback so as to improve the quality
of the system that is being developed.
4. It is easier to detect and correct errors in the early stages.
5. Important features that might have missed can be identified in time so that it won’t
affect the development time of the project.

Page | 13
Some of the disadvantages of prototype model are as follows:
1. Developing and then repairing the system is a monotonous job for developers.
2. End users might not understand the incomplete prototype so they will be unable to
provide necessary feedback.
3. As end users are given chance to evaluate the product and then asked to add any
missing features, the scope of the project can turn into another direction than what
was planned before.
4. Incomplete problem analysis.
The prototyping model is suitable for expansive and confounded frameworks for which there is
no any current framework to help deciding the prerequisites. Thus, it is most proper for the
advancement of this project. As the venture joins different advanced innovations that are not
common, the prerequisites for this project are not clear at early stages. This methodology would
help this project to decide exact necessities and amid the phases of model improvement.
Additionally, it gives more adaptability than that of other programming improvement process
with respect to prerequisite assembling and plan. This would likewise help in more fulfillments
of the clients where different models could be created unless the client is completely fulfilled by
the framework. Thus, this approach is utilized for the advancement of this project.
The prototyping model also has two model of prototyping, them being evolutionary prototype
and throw away prototyping. In this project I have used evolutionary prototyping. The main
reason of not choosing throw away prototype is that it will require enormous amount of time to
complete the project as the prototype developed is thrown away (if any fault is found / in case of
key feature missing) and developed from scratch. However in case of the evolutionary prototype
the prototype that is developed at the initial phase is just improved so as to meet the required
needs. The evolutionary prototype works under four main phases. The first phase of evolutionary
prototype is to start a prototype with initial concept of the project. Then we move to design and
implementation of the initial prototype. Then we will refine the prototype until and unless it is
acceptable and finally the developed system is released. Hence, when developing a system using
evolutionary prototyping, the system is continuously refined and rebuilt making this prototyping
an ideal process where not all requirements are well understood, which is a very common
situation in developing a system.

Page | 14
The different phases of Evolutionary prototyping model are described in brief below:
1. Identification of the requirement:
Evolutionary prototyping is a continuous process, so we may not know all the
requirement at the beginning but we must be able to identify the basic requirement to
start the development process.
2. Creating or developing a prototype:
In the process of development many prototypes are developed such that the prototype
developed in each stage is better than its predecessor.
3. Verification of the prototype:
After the creating of a prototype the prototype is then evaluated and verified in the sense
that it is meeting the requirement of the client. Verification can be done by taking surveys
and other methods. But, typically verification is done by the client after evaluating the
prototype.
4. Changes in the prototype:
In this stage necessary adjustment and changes are made to the prototype analyzing the
results from the verification stage.
3.1.2 Programming Approach
“Modularization becomes more important as an application’s complexity increases” (Petri,
2010, pp 7). The AAA server incorporates a tacacs+ server, a database server, a gns3 module and
also a GUI module to perform simple administration tasks, making it a complex enough project
to use Modular Application Development approach. A module is independent programming
segment that can correspondence with different modules through very much characterized
interfaces, behind which their usage could be covered up. Designers can make every components
of an application into particular module, characterizing every module with its obligation in an
application.
The purpose for picking modular application development approach, in spite of old and trusted
programming philosophies is because of the weaknesses they have. Old programming procedures

Page | 15
scramble to keep up pace with bit by bit expanding highlights, abbreviated creation cycles, and
rising significance of programming quality. What's more, a suitable application advancement
methodology ought to have the capacity to give clear expansion focuses to correspondence with
different modules productively, and ought to have approximately coupled segments so that the
reliance is expelled. Utilizing old methodologies could be problematic to the point that one may
need to revise the application sans preparation and as basic application stays still same, this
likewise neglects to unravel application's structural defects.
Therefore, modular application development methodology is chosen for the advancement of this
project. Indeed, even modular methodology cannot so much keep away from the bad marks
specified previously. All things considered, the limited obligation of a module inside the
application makes it more engaged, bringing about the general application all the more plainly
planned.
3.1.3 Tools and Techniques
The necessary programming language, tools and applications needed to build the system
described in the report are described below:
3.1.3.1 Operating System Ubuntu:
Ubuntu is a Debian-based Linux operating system and distribution for personal computers,
smartphones and network servers. It uses Unity as its default user interface. Ubuntu is preferred
to use as an operating system for this project as it compatible with all the dependencies that are
required to run the tacacs+ server. It is also easy to install all the required repositories in ubuntu.
The ubuntu community is also very large such that required support can be obtained easily
through the helpful ubuntu community. The specification of the hardware machine to run ubuntu
is also minimal (768 mb ram and 5 gb hard disk space). This makes ubuntu the optimal operating
system of choice.
3.1.3.2 TACACS +:

Page | 16
Terminal Access Controller Access-Control System Plus (TACACS+) is a protocol created by
Cisco and discharged as an open standard starting in 1993. TACACS+ was derived from its
predecessor the very own TACACS. Even though it is derived from its predecessor it is a
separate protocol that handles authentication, authorization and accounting (AAA) services.
Fig 4: Typical AAA Server
TACACS+ is a TCP oriented protocol and is also secure as it encrypts all the
information and has less vulnerabilities. It is a cisco proprietary and full content
of each packet is encrypted in it. It also provides granular control i.e. command by
command authorization.

Page | 17
Fig 5: Tacacs+ Operation
3.1.3.3 GNS3:
GNS3 is a Graphical Network Simulator that allows simulation of complex networks. GNS3
allows the same kind of emulation utilizing Cisco Internetwork Operating Systems. It permits
you to run a Cisco IOS in a virtual domain on your PC. GNS3 permits the copying of Cisco IOSs
on your Windows or Linux based PC. For this project gns3 is installed in the ubuntu machine.
There are certain dependencies that are required in order to run the gns3 on ubuntu; it being the
python-qt4.
3.1.3.4 Web GUI integration tools:
Various programming language and tools including database are used in this project to get the
desired GUI.
i. Programming Language
a. Back end (nodejs):
In software development, Node.js is an open-source, cross-platform runtime environment for
creating server-side Web applications. In spite of the fact that Node.js is not a JavaScript framework,
many of its basic modules are composed in JavaScript, and developers can compose new modules in
JavaScript. The runtime environment interprets JavaScript utilizing Google's V8 JavaScript engine.
b. Client side (HTML, CSS, JavaScript):
HTML is a markup language used for describing web documents or the web pages. It stands for
Hyper Text Markup Language. Various set of markup tags makes a markup language. Each tag in an
HTML describes different document content.
CSS is a style sheet language and its used for describing the presentation of a webpage or a web
document written in a markup language. It stands for Cascading Style Sheets. The primary objective
of using CSS to design web pages is to enable the separation of document content from the
document presentation, including aspects such as the layout, fonts and colors. Thus providing
content accessibility, provide more flexibility and control in the specification of presentation

Page | 18
characteristics and also enable multiple HTML pages to share the same formatting by specifying the
relevant CSS in a .css file.
JavaScript is a dynamic, high-level and interpreted programming language. JavaScript is supported
by all modern web browsers and it works alongside with html and css and is one of the three core
technologies of the World Wide Web. It is prototype-based with first-class functions thus making it a
multi-paradigm language, supporting object-oriented, imperative and functional programming styles.
ii. Tools (Sublime Text):
Sublime Text is a cross-platform source code editorial manager with a Python application programming
interface (API). It locally underpins numerous programming languages and markup languages, and its
functionality can be reached out by users with modules, commonly group constructed (community built)
and maintained up under free-software licenses.
iii. Database (mongodb):
MongoDB (from humongous) is a cross-platform documented-oriented database. Named as NoSQL
database, MongoDB shuns the conventional table-based relational database structure for JSON-like
records with dynamic schemas (MongoDB calls the format BSON), making the coordination of
information in certain sorts of uses simpler and speedier.
iv. Connecting backend and frontend (Rest API)
In computing, representational state transfer (REST) is the software structural style of the World Wide
Web. More definitely, REST is a design style comprising of an organized arrangement of building
imperatives connected to segments, connectors, and information components, inside an distributed
hypermedia framework. REST disregards the subtle elements of component implementation and protocol
syntax structure keeping in mind the end goal to concentrate on the parts of components, the limitations
upon their communication with different components, and their understanding of critical information
elements. Through the utilization of REST architectural properties like Performance, Scalability,
Simplicity, Modifiability, Visibility, Portability, and Reliability can be achieved.
v. Software libraries:
a. Backend (express, socket.io, mongoose)

Page | 19
Express is a flexible and minimal Node.js web application framework that provides a robust set of
features for web and mobile applications. It provides a thin layer of fundamental web application
features, without obscuring Node.js features.
Socket.IO enables real-time bidirectional event-based communication. It works on every
platform, browser or device, focusing equally on reliability and speed.
Mongoose is an elegant mongodb object modeling for node.js. Mongoose provides a straight-
forward, schema-based solution to model your application data. It includes built-in type casting,
validation, query building, business logic hooks and more, out of the box.
b. Frontend (jquery, bootstrap)
Jquery is free and open-source software which is a most popular javascript library in use (65% of
the top 10 million highest-trafficked sites on the Web). jQuery is a cross-platform javascript library
designed to simplify the client-side scripting of HTML. The syntax is jQuery is designed to make
navigation of a document easier, select DOM elements, create animations, handle events and
develop Ajax applications.
Bootstrap is a free and open-source front-end library for creating web applications and websites.
It aims to ease the development of dynamic web applications and websites. It is a frond end web
framework which is an interface for the user, unlike the server-side code which stays on the ‘back
end’ or server.

Page | 20
3.2 Software Requirement Specification
3.2.1 System Overview
The system is being developed in a linux based platform, Ubuntu to be exact. The Ubuntu
machine updated will all the required repositories files and also all the required dependencies are
installed. The tacacs+ server is created in the linux machine itself. The configuration files are
attached below. (See Appendix). A virtualization program known as gns3 is also installed. The
main purpose of installing gns3 was to feed the tacacs+ server with virtual authentication client
and also feed the logs from the virtual router or any other end devices. The router in the gns3 is
configured to interact with the tacacs+ server. A database server, i.e. the mongodb database
server is also installed in which the log files that are generated by the tacacs+ server are stored.
The backend server is responsible for carrying out administration function for the tacacs+ server.
From the GUI the administrator can add user by generating a des password and adding that des
password to the user. Under the settings function in the UI there is an option to generate a DES
key for the required password. The configuration password of the tacacs+ server is also shown in
the side so that a new user or new group can be created. There is also a function to start and stop
the tacacs+ server. Then a simple user friendly webpage is developed so as to view the logs.
3.2.1.1 System Architecture

Page | 21
Fig 6: System Architecture
The above is the basic architecture of how the system works. A virtualization software is used so
that we have a virtual router that can perform the tasks needed. The router in gns3 is configured
such that it can communicate with the Tacacs+ server on Ubuntu. The tacacs+ server is
configured with different groups and users who have different privilege levels. Then from a
terminal window the router on gns3 is accessed through telnet. The router then forwards that
request to the tacacs+ server. Then the tacacs+ server asks for the authentication. After providing
the user credentials, the logs regarding the activities of that user are generated by tacacs+. This is
the basic principle about the how the tacacs+ server works. Then the next thing is the GUI for the
tacacs+ server. The GUI server is hosted in the same machine but can be accessed through other
computers in the same network as well. While setting up the GUI, the first thing we need to do is
to sign up for a user that can access the webpage. The backend server prompts a webpage asking
for a login or a way to sign up to the system. After signing up to the system, a user can login to
Database
User
Verification phase
User Verification
Dashboard Dashboard
Tacacs+ log & server status Tacacs+ Config

Page | 22
the web page and perform administrative tasks. The webpage that is displayed after logging in to
the server has some basic functions to go to the settings tab and a small window where the logs
are displayed. The logs that are displayed are real time based; meaning that the logs are
populated as the tacacs+ server generates the logs. There is also a function through which
administrators can turn on and turn off the tacacs+ server. The home page also displays
information about the machine running the tacacs+ server and also displays the total amount of
memory and the amount of free memory. There is also a function so that users can log out of the
server.
The next tab on the webpage is the settings tab. Under the settings tab the administrator can
generate a des key for a specific text and add that key under the password while creating a new
user. Just below the configuration file there is a small button named ‘update’ with which the new
configuration file is loaded. The tacacs+ server is then stopped and started again. The logs
regarding the starting and stopping of the tacacs+ server is also displayed under the ‘live access
log’ in the home tab. This is the basic working principle of the GUI integrated tacacs+ server that
I named as an AAA+ server.
3.2.2 Dependencies
This section depicts the dependencies that the system possesses. The following are the conditions
that are required for appropriate running and execution of the system.
3.2.2.1 Software Dependencies
For the tacacs server to perform efficiently, proper environment should be created in the machine
where the tacacs server is hosted. In the case of my project the system where the tacacs+ is
hosted is Ubuntu 15.10. The Ubuntu machine also required various dependencies to run the
tacacs+ server. Those dependencies are gcc, bison, flex, libwrap0-dev. The project is also
dependent on the gns3 as the project utilizes a virtual router of gns3. The project is also
dependent on the proper utilization of node.js, sublime text, mongodb, rest API, express,
socket.io and mongoose.
3.2.2.2 Hardware Dependencies

Page | 23
In order to run a tacacs+ server smoothly the hardware requirements are, 1 GHz CPU, 256 MB
RAM and 500 MB HDD free. The hardware used in the projects is just a normal laptop running
Ubuntu in it with gns3, tacacs+ and other UI development kits.
3.2.2.3 Network Dependencies
For this project I have just used a virtual router from GNS3 to demonstrate that the AAA+ server
actually works. But in a real world scenario, the project has certain network dependencies. If the
system is to be implemented in a WAN system then the AAA+ server also should be hosted in
the same WAN and given proper ip route to make it work correctly.
3.2.3 User Interface Requirements
3.2.3.1 Client user interface
The clients in this project will simply interact with a regular terminal windows or any other telnet
client. Clients will just telnet to access the network devices of which they possesses
authentication. Then the clients are given access to those network devices and then they can
perform certain activities based on their access privilege level.
3.2.3.2 Admin user interface
The administrator operates the system through Ubuntu machine itself. The administrator is
responsible for creating groups and assigning specific users to the group. The administrator is
also responsible for giving privilege level to the specific users. For eg: the privilege level of the
network administrator and the privilege of the system administrator can be different. The admin
is also responsible for viewing the logs that are generated by the tacacs+ server.
3.2.4 Functional Requirements
The following are the functional requirements of the AAA+ server
i. System initialization:
After setting up the tacacs+ server along with all the prerequisites, the job of the
administrator is to verify that the tacacs+ server is listening. Typically the tacacs+

Page | 24
server is listening in the port 49. Then comes that part where we turn on the backend
server for the GUI part of the system. The backend server is running in port 3000.
ii. Managing groups and users:
The administrator is also responsible for creating different groups in the
authentication part of the tacacs+ server. There are two ways of creating users and groups
in the tacacs+ server. One my directly configuring the tacacs+ configuration file. The
next one is by logging in to the webpage. The server is configured with groups such that
all the people in the group have the same privilege level. And different users are assigned
those different groups. This is done in order to make the authentication process easier.
iii. Managing admin for the webpage
When someone logs in to the web user interface of the system, the system prompts the
user to either log in or to sign up to the system. The users who don’t have login
credentials can sign up and access the admin web page. The new user is then populated to
the database as soon as he signs up to the system.
iv. Adding and removing new users from the tacacs+ server:
After the admin gets his login credentials by signing up from the webpage he can then
login to the webpage and then add users to the tacasc+ server. Under the settings tab in
the webpage the admin can add new users and also define a new group. To create the user
the admin first generates a DES algorithm of the password that the user wants and then
adds the username and password defining his group in the configuration files that is in the
same page. After this job is completed he clicks on the ‘update’ function which adds the
new user, stops the tacacs+ server and start it again.
v. Logging out of the web interface:
Another important function of the web interface is to allow the users that are logged in to
the web interface log out of the system. The main reason to include this requirement is so
that the memory of the backend server can be saved.
3.2.5 Non-functional Requirement
3.2.5.1 Performance Requirements
The AAA+ server can be implemented in companies or even any institutions where regular
monitoring and maintenance is network devices is needed. The AAA+ server can just be hosted

Page | 25
in a regular pc inside the network of that company or institution, then all the network devices like
router or switches are configured to communicate with the AAA+ server. These are the entire
thing required to make the AAA+ server in use.
3.2.5.2 Usability Requirements
For users to use the AAA+ server, they just require a regular terminal or even a windows
command prompt with telnet services available. The users can also use any other third party
telnet clients such as putty or xshell. Now, in case of the administrator his/her usability
requirement is to make sure that the AAA+ server is working properly alongside with the
database server.
3.2.5.3 Security Requirements
The users of the AAA+ server will be using their username and passwords to login to the server,
so there are no security threats for the client side. The usage of DES algorithm to encrypt the
password of the users also creates a better security mechanism. However, some security issues
are present in the administrator side. The administrator is responsible for managing password
assigned to each user along with their username, so there should be a strong authentication
mechanism for logging into the server. In addition to this, there should also be a authentication
mechanism when accessing the mongodb database; thus making the administrators the only
people that can access the information stored in the database.
Section 3: Testing, Results and Conclusion
3.1.Unit Testing
Below are the lists of tests that were conducted on the system on modular basis.
3.1.1 Test Plan
3.1.1.1 Successful operation of Tacacs+ server
Test Case Objectives
1 To test whether the tacacs+ is executed.
2 To test connection between tacacs+ and the gns3 router with the use of ping
command and vice versa.
3 To check whether the tacacs+ is listening in port 49
4 To test whether the authentication process is carried out by tacacs+ server.

Page | 26
5 To test whether the user are authorized according to the privilege level by the
tacacs+ server.
6 To test whether the tacacs+ server is doing the accounting function properly.
7 To test whether the authentication, authorization and accounting logs are generated
as needed.
8 To test whether the tacacs+ server is running at startup.
3.1.1.2 Router Test Cases
1 To test whether the router is running properly.
2 To test whether the router can be accessed from outside the ubuntu.
3 To test proper functioning of the router after the AAA commands are added.
3.1.1.2 GUI test Plan
1 To test whether the GUI interface is running successfully and smoothly.
2 To test whether the web server is running at port 3000.
3 To test whether the server can function the sign up and sign in module successfully.
4 To test whether the live access log and live accounting log are functioning.
5 To test whether the start and stop tacacs+ server module is running.
6 To test whether the des key is generated by the web interface for the required
password.
7 To test whether user and groups can be added from the configuration file.
8 To test whether the ‘update’ function for the tacacs+ configuration file works.
9 To test whether the ‘log out’ function works.

Page | 27
3.1.2 Test Log
3.1.2.1 Successful operation of tacacs+ server.
The below is the test and screenshot about the communication between the virtual router in
gns3 and the ubuntu machine itself.
Test Case 1
Objective To test whether the gns3 router and ubuntu machine can communicate
Test Data Ping command is executed.
Expected Test
Result
Ping reply when pinging from ubuntu to the router & vice-versa.
Actual Test
Result
Ping request were replied successfully.
Conclusion Successfully done
Fig 7: Successful ping between router and ubuntu and vice-versa
Test Case 2
Objective To verifiy if the tacacs+ server is listening on port 49

Page | 28
Test Data netstat –an | grep :49 command is executed
Expected Test
Result
Tacacs+ server should be running and listening on port 49
Actual Test
Result
The tacacs+ server was running and listening on port 49
Fig 8: Verification that the tacacs+ server is running on port 49
Test Case 3
Objective To test whether the authentication is performed by the tacacs+ server
Test Data A telnet command is issued using the ip address of the router.
Expected Test
Result
A username and password prompt should be asked.

Page | 29
Actual Test
Result
The router prompts for a username and password.
Fig 9: To make sure the authentication process works.
Test Case 4
Objective To test whether the logs are generated regarding the authentication.
Test Data A file in the location /var/log/tac_plus.log is analyzed.
Expected Test
Result
There should be active logs of the authentication process.
Actual Test
Result
The authentication logs were present

Page | 30
Fig 10: Analyzing the tac_plus.log file
Test Case 5
Objective To test whether the accounting logs are generated.
Test Data The file in the location /var/log/tac_plus.acct is analyzed.
Expected Test
Result
Theere should be active logs of accounting.
Actual Test
Result
The file was blank
Conclusion Accounting logs weren’t generated due to some errors.

Page | 31
Fig 11: Analyzing the tac_plus.acct file
Successful operation of GUI of the tacacs+ server
Test Case 1
Objective To test whether the gui backend server is running and listening on port 3000
Test Data “netstat –an | grep :49 command is executed
Expected Test
Result
The gui backend server should be running on port 3000
Actual Test
Result
The gui backend server was running on port 3000

Page | 32
Fig 12: Verification that the backend server is running on port 300 and listening
Test Case 2
Objective To test whether the signup function works for the GUI module
Test Data A test user is created with test@test.com and password test.
Expected Test
Result
The new user should be able to login with the credentials.
Actual Test
Result
The new user can successfully login to the web page.

Page | 33
Fig 13: Signing up for the webpage with email test@test.com and password test
Fig 14: Logging in with new email test@test.com

Page | 34
Fig 15: Successful login with the email test@test.com
Test Case 3
Objective To test whether a new user for the tacacs+ server can be added from the gui
module
Test Data A new user with username test and password test (encrypted with des) is
created and the tacacs+ server is restarted.
Expected Test
Result
Access to new router should be successful with the new username.
Actual Test
Result
Router can be accessed with the new user.

Page | 35
Fig 16: Adding new user with username ‘test’ and password ‘test’ which is
encrypted with DES
Fig 17: Tacacs+ server restarting after adding new user to the config.

Page | 36
Fig 18: Successful login to the router with the new username
Test Case 4
Objective To test whether real time access log are displayed in the web module.
Test Data The home tab of the web interface is analyzed.
Expected Test
Result
Some logs should be generated under the access logs.
Actual Test
Result
Logs were generated under the access logs field.

Page | 37
Fig 19: Authentication logs generated in web module.
Test Case 5
Objective To test whether the accounting logs are displayed in the web module.
Test Data The home tab of the web interface is analyzed.
Expected Test
Result
Some logs should be generated under the Accounting logs.
Actual Test
Result
No logs were generated under the accounting log.
Conclusion Not successful due to some errors.

Page | 38
Fig 20: No logs are generated in the accounting log
Test Case 6
Objective To test whether the ‘log out’ function works
Test Data The user is logged out from the web page.
Expected Test
Result
The current user should be logged out and the login page should be
displayed.
Actual Test
Result
The login page is displayed.

Page | 39
Fig 21: Logging out of the webpage
3.2 Critical Evaluation
The testing process that are performed on the AAA+ server above and the test results thus
obtained are full evidence that the overall initial plans that were made are entirely successful.
AAA+ server is fully capable of handling the authentication, authorization and accounting
features from the network device that is the router in the case of this project.
The web integration of the tacacs+ server is also capable of adding new admin to the webpage
itself. Likewise, the admin can also add new users and group to the tacacs+ configuration file
from the webpage itself. When doing the FYP students can learn about various new technologies,
existing methodology in developing a system and also learn about various programming tools
and language. Therefore, in my view the final year project is a mandatory thing for all the final
year students. This makes the students who are about to graduate familiar with many
technologies that are out there in the real world.
3.3 Future Work
The additional features and tasks that can be added in the AAA+ server in the future so that it
would be effective for both the administration and the clients (users) are listed below:
 Using md5 hash instead of des algorithm to encrypt password as it is impossible to
decrypt the md5 hash once encrypted.

Page | 40
 Adding mobile application support rather than just a web integration. Adding mobile
application module will make the system far more portable. The administrator can just
add user and group from his smart phone. Nowadays, many phones have fingerprint
sensors so a fingerprint authentication system can also be added in order to communicate
with the backend server, which will be the best way of authenticating an administrator to
the server.
Section 4: Conclusion
The AAA+ server that is developed in the project is typically a tacacs+ server with GUI
integration. The system developed in this project will be able to perform authentication,
authorization, accounting functions. The system is developed in a linux platform that is in a
machine running Ubuntu. In the machine running ubuntu virtualization software known as GNS3
is used. GNS3 is used to demonstrate the successful working of the AAA+ server developed. A
router IOS image is added in the GNS3 and is connected to a cloud within the GNS3 so that the
router can be accessed from the ubuntu machine. Another, crucial part of the system is a
webpage through which various activities that can be done from the command line in the tacacs+
server can be performed. The administrator who has credentials to the web page can edit the
configuration file of the tacacs+ server from the web page itself. The administrator can also
generate a des hash of the required password from the web page. The web page is also developed
in such a way that the accounting logs and the authentication or access logs that are generated by
the tacacs+ server are generated. Thus, the project was completed in the ways mentioned above.
The project made me spooked at various stages and different steps, but with the continuous
support from my supervisor I was able to complete the project successfully.
4.1 Personal Reflection
Throughout the development of the project I came across various technologies that are being
integrated in the real world scenario. The first one being the AAA server. Considering the real
world scenario at this time the most dominant AAA server in use are TACACS+ and RADIUS
server. Studying different websites, articles, books and journals I was able to understand the
working principle of the AAA server specifically the tacacs+ server that is used in the project. I
understood about the core configuration of the tacacs+ server; precisely about how the
accounting file is defined, how access control lists are defined and also how different groups are
created along with assigning different users in certain groups. During the configuration of user

Page | 41
with I learned the way of encrypting a password with a DES algorithm. I also learned how to
configure the tacacs+ server to run with the startup of the system. I also used a GNS3, as a router
was required to test the working of the system developed. The development of this project made
me familiar with GNS3 and how it is the best virtualization tools there is out there for
networking students like me. During the development of this project I came across various
software, and programming languages. For the server side development the programming
language I used is node.js. To display those contents to the client side I have used html, css and
javascript. And the program that I used to write the program is Sublime Text. I have also used a
database system that is the mongodb database to store all the logs and the configuration files. A
Representational state transfer (REST) Application program interface (API) is also used to
connect the backend and the frontend part of the project. To develop the backend (the system
that is running in the server machine) the software libraries that are used are express, shocket.io
and mongoose. And to develop the frontend (the client side or the interface that the administrator
uses to perform configuration tasks) jquery and bootstrap is used.
Likewise, doing this project has also enhanced my researching skills as well as programming
skills. I was able to gather information and ideas quickly and assimilate them for the
advancement of my project. I can use all these skills gathered in the development of this project
in the future in many fields of Information Technology. Now, I have gained a full knowledge of
the working principle of an AAA server along with its working principle. The knowledge about
how a user is authenticated to access the AAA server, and the ways of providing authorization to
the groups and users in the group along with the ways carrying accounting functions. I have also
developed knowledge about creating a backend server and a front end web interface to perform
required administration tasks.
Section 5: Social and Ethical Issues
The project described above is an academic project that is done as a final year project (FYP) of a
bachelor degree titled as “B.Sc. Hons Computer Networking and IT Security”, affiliated with
London Metropolitan University. The project is intended to provide ‘Subisu Cable Net Pvt. Ltd.’
with an AAA server having a GUI interface so that non-it personal can also perform
administration tasks. This project doesn’t plan to implement the AAA server directly to the

Page | 42
college devices but rather provide a prototype of how the AAA server with GUI interface can
actually work. Therefore, this project doesn’t violate Intellectual Property (IP) of the client.
During the development of this project different article, websites, books and journals are studied.
There are also such websites, books, journals and articles which inspired the ideas, views and
technologies used in the project. However, those ideas and concepts have been fully
acknowledged throughout the project using citations. Those journals, articles, books and
websites studied during the development of the project are also included in the Reference section
below. Therefore, the project doesn’t violate the IP of the authors whose ideas and concepts are
utilized in the project. In addition to the above things, the project idea and concept was provided
by Mr. Bikash Bhattarai. Therefore, special credit is also given to him in the acknowledgement
section of the project. So, this project doesn’t discredits the ideas of other people used in the
project rather provides citation and enlists necessary credits for them. In this way the project
hasn’t used any author’s ideas or concept without acknowledging them. Therefore, the social and
ethical issues that could come up with the violation of IP of the authors are entirely addressed.
Also, the project doesn’t account for any social and ethical issues. The project is mainly just a
prototype of how things can be better if the concepts described in the project is used, thus it
doesn’t concerns with any information of clients or any kind of privacy. Even if the project is
implemented in real life it will surely not possess any social and ethical issues. There is a slight
matter where the privacy part may come into play as the username and passwords of the users
can be monitored and set by the administrator but the user is just a part of the AAA server who
has given no personal information rather the user is just given login credentials of the network
devices that the organization solely own. The network devices that will be in used in corporation
with the AAA server will be a property of the company/institution that will be using the AAA
server. So, even if the project is implemented it will not hamper any kind of privacy or integrity
of the organization or the users using it.
Finally, the project also does not contain any unsuitable or unacceptable contents inside it that
may affect some ones social or intellectual life. Likewise, the project also does not concern any
matters regarding some ones religion, culture, tradition and even some ones personal life. Thus,
the project does not come up with any issues related to society or the existing ethics within the
society.

Page | 43
Section 6: References
 TACACS+ on Ubuntu 14.04 LTS | The Routing Loop. 2016. TACACS+ on Ubuntu
14.04 LTS | The Routing Loop. [ONLINE] Available
at:http://www.routingloops.co.uk/cisco/tacacs-on-ubuntu-14-04-lts/[Accessed 1 6 April
2016].
 Installation Setup of Free Tacacs+ server in Linux | Free Linux Tutorials.
2016. Installation Setup of Free Tacacs+ server in Linux | Free Linux Tutorials.
[ONLINE] Available at:http://freelinuxtutorials.com/tutorials/installation-setup-of-free-
tacacs-server-in-linux/
[Accessed 15 April 2016].
 Shrubbery Networks - TACACS+ daemon. 2016. Shrubbery Networks - TACACS+
daemon. [ONLINE] Available at:http://www.shrubbery.net/tac_plus/.[Accessed 15 April
2016].
 Tacacs Server Configuration in Debian - tacacs+ . 2016. Tacacs Server Configuration in
Debian - tacacs+ . [ONLINE] Available at:http://www.debianhelp.co.uk/tacas.htm.
 Get To Know Linux: The /etc/init.d Directory - gHacks Tech News. 2016. Get To Know
Linux: The /etc/init.d Directory - gHacks Tech News. [ONLINE] Available
at:http://www.ghacks.net/2009/04/04/get-to-know-linux-the-etcinitd-directory/ [Accessed
10 April 2016].
 UbuntuBootupHowto - Community Help Wiki. 2016. UbuntuBootupHowto - Community
Help Wiki. [ONLINE] Available
at:https://help.ubuntu.com/community/UbuntuBootupHowto. [Accessed 10 April 2016].
 Cisco IOS Security Configuration Guide, Release 12.2 - Configuring Accounting [Cisco
IOS Software Releases 12.2 Mainline] - Cisco. 2016. Cisco IOS Security Configuration
Guide, Release 12.2 - Configuring Accounting [Cisco IOS Software Releases 12.2
Mainline] - Cisco. [ONLINE] Available
at:http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/s
cfacct.html#wp1000976. [Accessed 8 April 2016].

Page | 44
 Cisco tacacs implementation 2016. . [ONLINE] Available
at:http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/command/reference/fsecur_r/s
rfathen.html#wp1055538. [Accessed 8 April 2016].
 Configuration of tacacs+ on cisco devices 2016. . [ONLINE] Available
at:http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/command/reference/fsecur_r/s
rfauth.html#wp1021814. [Accessed 8 April 2016].
 Node.js Tutorial. 2016. Node.js Tutorial. [ONLINE] Available
at: http://www.tutorialspoint.com/nodejs/
 The Complete Visual Guide to Sublime Text 3: Getting Started and Keyboard Shortcuts
|Scotch. 2016.The Complete Visual Guide to Sublime Text 3: Getting Started and
Keyboard Shortcuts | Scotch. [ONLINE] Available at: https://scotch.io/bar-talk/the-
complete-visual-guide-to-sublime-text-3-getting-started-and-keyboard-shortcuts.
 Getting Started with MongoDB (MongoDB Shell Edition) — Getting Started With
MongoDB 3.0.4. 2016. Getting Started with MongoDB (MongoDB Shell Edition) —
Getting Started With MongoDB 3.0.4. [ONLINE] Available
at: https://docs.mongodb.org/getting-started/shell/[Accessed 1 April 2016].
 Getting Started with MongoDB (MongoDB Shell Edition) — Getting Started With
MongoDB 3.0.4. 2016. Getting Started with MongoDB (MongoDB Shell Edition) —
Getting Started With MongoDB 3.0.4. [ONLINE] Available
at:https://docs.mongodb.org/getting-started/shell/[Accessed 22 May 2016].
 Node.js Express Framework. 2016. Node.js Express Framework. [ONLINE] Available
at:http://www.tutorialspoint.com/nodejs/nodejs_express_framework.htm[Accessed 22
May 2016].
 Tutorial - Getting Started With Node.js, Express, MongoDB | Christopher Buecheler -
Web, Writing, Cocktails and More. 2016. Tutorial - Getting Started With Node.js,
Express, MongoDB | Christopher Buecheler - Web, Writing, Cocktails and More.
[ONLINE] Available at:http://cwbuecheler.com/web/tutorials/2013/node-express-
mongo/[Accessed 18 May 2016].

Page | 45
 Node.js Tutorial With Socket.io – Daniel Nill. 2016. Node.js Tutorial With Socket.io –
Daniel Nill. [ONLINE] Available at: http://danielnill.com/nodejs-tutorial-with-
socketio/[Accessed 12 May 2016].
 Mongoose - Node.js + MongoDB with Mongoose Tutorial. 2016. Mongoose - Node.js +
MongoDB with Mongoose Tutorial. [ONLINE] Available
at: http://www.javabeat.net/mongoose-nodejs-mongodb/ [Accessed 12 May 2016].
 Mongoose - Node.js + MongoDB with Mongoose Tutorial. 2016. Mongoose - Node.js +
MongoDB with Mongoose Tutorial. [ONLINE] Available
at:http://www.javabeat.net/mongoose-nodejs-mongodb/[Accessed 6 May 2016].
 Bootstrap Tutorial - Code School. 2016. Bootstrap Tutorial - Code School. [ONLINE]
Available at:https://www.codeschool.com/courses/blasting-off-with-bootstrap[Accessed
6 May 2016].
Appendix A
Source Codes
TACACS+ Configuration files
# Encryption key
key = tac_test
# Set where to send accounting records
accounting syslog;
accounting file = /var/log/tac_plus.acct
# ACL for network_admin group
acl = network_admin {
# allow access from all sources

Page | 46
permit = .*
# implicit deny (ie: anything else)
}
# ACL for sys_admin group
acl = sys_admin {
# allow access from all sources
permit = .*
# implicit deny (ie: anything else)
}
# network_admin group, full access to network devices
group = network_admin {
default service = permit
expires = "Jan 1 2018"
acl = network_admin
service = exec {
priv-lvl = 15
}
}
# sys_admin group, only has read access to the network devices and can change the
access vlan on an interface
group = sys_admin {
default service = deny
expires = "Jan 1 2018"
acl = sys_admin
service = exec {

Page | 47
priv-lvl = 0
}
cmd = enable {
permit .*
}
cmd = show {
permit .*
}
cmd = exit {
permit .*
}
cmd = description {
permit .*
}
}
# User asmit using DES password and enable passwords
user = asmit {
member = network_admin
login = des dmeDcdKkEDpx6
enable = des AycmcttSCimXY
}
# User test using DES password and enable passwords test
user = test {
login = des K5quUNHql83zk
enable = des K5quUNHql83zk
}

Page | 48
# User pandey using DES password
user = pandey {
member = sys_admin
login = des JEllJjrtpoCds
enable = des JEllJjrtpoCds
}
# Global enable level 15 password
user = $enab15$ {
login = des EzCWYqI4cae3M
}
# user test with password test
user = danny {
login = des CQP9vvBY7wFDQ
}

Page | 49
Init.d configuration file to start tacacs+ on startup
#!/bin/sh
#
### BEGIN INIT INFO
# Provides: tac-plus
# Required-Start: $network
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: S 0 1 6
# Short-Description: Start tac-plus server.
# Description: Run the tac-plus server listening for
# AAA ( access, acounting and autorization request )
# from routers or RAS (remote access servers) via
# tacacs+ protocol
### END INIT INFO
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/bin/tac_plus
NAME=tac_plus
DESC="Tacacs+ server"
OTHER_OPTS="-d 256" # Default, if no /etc/default/tac-plus available

Page | 50
CONFIG_FILE="/etc/tacacs/tac_plus.conf" # Default, if no /etc/default/tac-plus available
test -f $DAEMON || exit 0
if [ -r /etc/default/tac_plus ] ; then
. /etc/default/tac_plus
fi
DAEMON_OPTS="-C $CONFIG_FILE $OTHER_OPTS"
case "$1" in
start)
echo -n "Starting $DESC: "
start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid --exec $DAEMON --
$DAEMON_OPTS
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid --exec $DAEMON
echo "$NAME."
;;
*)
N=/etc/init.d/$NAME
echo "Usage: $N {start|stop}" >&2
exit 1

Page | 51
;;
esac
exit 0
Creating a virtual interface in ubuntu
tunctl
ifconfig enp5s0 0.0.0.0 promisc up
ifconfig tap0 0.0.0.0 promisc up
brctl addbr br0
brctl addif br0 tap0
brctl addif br0 enp5s0
ifconfig br0 up
ifconfig br0 192.168.0.77/24
route add default gw 192.168.0.1
Client side HTML
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="description" content="A front-end template that helps you build fast, modern
mobile web apps.">

Page | 52
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-
scale=1.0">
<title>TACACS Dashboard</title>

<meta name="mobile-web-app-capable" content="yes">
<link rel="icon" sizes="192x192" href="images/android-desktop.png">

<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="black">
<meta name="apple-mobile-web-app-title" content="Material Design Lite">
<link rel="apple-touch-icon-precomposed" href="images/ios-desktop.png">

<meta name="msapplication-TileImage" content="images/touch/ms-touch-icon-144x144-
precomposed.png">
<meta name="msapplication-TileColor" content="#3372DF">
<link rel="shortcut icon" href="images/favicon.png">
<link rel="stylesheet" href="css/font.css">
<link rel="stylesheet" href="css/icon.css">
<link rel="stylesheet" href="css/material.cyan-light_blue.min.css">

Page | 53
<link rel="stylesheet" href="styles.css">
<style>
#view-source {
position: fixed;
display: block;
right: 0;
bottom: 0;
margin-right: 40px;
margin-bottom: 40px;
z-index: 900;
}
</style>
<style>
.mdl-textarea {
color: #2196F3;
background: #E0E0E0;
border-radius: 10px;
border: 1px solid #000;
padding: 20px;
}
#despwd{

Page | 54
text-align: left;
}
#tailcontainer{
height: 250px;
overflow-y:scroll;
padding: 20px;
}
#tail1container{
height: 250px;
overflow-y:scroll;
padding: 20px;
}
#tail { list-style-type: none; margin: 0; padding: 0;}
#tail li { padding: 5px 10px; color: #3F51B5 }
#tail li:nth-child(odd) { background: #eee; }
#tail1 { list-style-type: none; margin: 0; padding: 0;}
#tail1 li { padding: 5px 10px; color: #3F51B5 }
#tail1 li:nth-child(odd) { background: #eee; }

Page | 55
</style>
</head>
<body>
<div class="demo-layout mdl-layout mdl-js-layout mdl-layout--fixed-drawer mdl-layout--
fixed-header mdl-layout--fixed-tabs">
<header class="demo-header mdl-layout__header mdl-color--grey-100 mdl-color-text--grey-
600">
<div class="mdl-layout__header-row">
<span class="mdl-layout-title">TACACS Monitor/Control</span>
<div class="mdl-layout-spacer"></div>
<button class="mdl-button mdl-js-button mdl-js-ripple-effect mdl-button--icon"
id="hdrbtn">
<i class="material-icons">more_vert</i>
</button>
<ul class="mdl-menu mdl-js-menu mdl-js-ripple-effect mdl-menu--bottom-right"
for="hdrbtn">
<li class="mdl-menu__item"><span id="logout">Log Out</span></li>
</ul>
</div>
</header>
<div class="demo-drawer mdl-layout__drawer mdl-color--blue-grey-900 mdl-color-text--
blue-grey-50">
<header class="demo-drawer-header">

Page | 56
<img src="images/admin.png" class="demo-avatar">
<div class="demo-avatar-dropdown">
<span class="mdl-card__title-text">Admin Panel</span>
<div class="mdl-layout-spacer"></div>
</div>
</header>
<nav class="demo-navigation mdl-navigation mdl-color--blue-grey-800">
<a href="#fixed-tab-1" class="mdl-navigation__link" id="lnk1"><i class="mdl-color-text-
-blue-grey-400 material-icons" role="presentation">home</i>Home</a>
<a href="#fixed-tab-2" class="mdl-navigation__link" id="lnk2"><i class="mdl-color-text-
-blue-grey-400 material-icons" role="presentation">settings</i>settings</a>
</nav>
</div>
<main class="mdl-layout__content mdl-color--grey-100">
<section class="mdl-layout__tab-panel is-active" id="fixed-tab-1">
<div class="page-content">
<div class="mdl-grid demo-content">
<div class="demo-charts mdl-color--white mdl-shadow--2dp mdl-cell mdl-cell--12-col
mdl-grid">
<h2 class="mdl-card__title-text">Dashboard</h2>
</div>

Page | 57
<div class="demo-graphs mdl-shadow--2dp mdl-color--white mdl-cell mdl-cell--8-col" >
<h2 class="mdl-card__title-text" style="align-self: left">Live Access Log</h2>
<br />
<div id="tailcontainer">
<ul id="tail" class="mdl-color-text--grey-600"></ul>
</div>
<br />
<h2 class="mdl-card__title-text" style="align-self: left">Live Accounting Log</h2>
<br />
<div id="tail1container">
<ul id="tail1" class="mdl-color-text--grey-600"></ul>
</div>
</div>
<div class="demo-cards mdl-cell mdl-cell--4-col mdl-cell--8-col-tablet mdl-grid mdl-grid-
-no-spacing">
<div class="demo-updates mdl-card mdl-shadow--2dp mdl-cell mdl-cell--4-col mdl-cell--
4-col-tablet mdl-cell--12-col-desktop">
<div class="mdl-card__title mdl-card--expand mdl-color--teal-300">
<h2 class="mdl-card__title-text">Server Info</h2>
</div>
<div class="mdl-card__supporting-text mdl-color-text--grey-600" id="serverInfo">
</div>

Page | 58
</div>
<div class="demo-separator mdl-cell--1-col"></div>
<div class="demo-options mdl-card mdl-color--deep-purple-500 mdl-shadow--2dp mdl-
cell mdl-cell--4-col mdl-cell--3-col-tablet mdl-cell--12-col-desktop">
<div class="mdl-card__supporting-text mdl-color-text--blue-grey-50">
<h3>TACACS Start/Stop</h3>
<label class="mdl-switch mdl-js-switch mdl-js-ripple-effect" for="switch-1">
<input type="checkbox" id="switch-1" class="mdl-switch__input" checked>
<span class="mdl-switch__label"></span>
</label>
</div>
</div>
</div>
</div>
</div>
</section>
<section class="mdl-layout__tab-panel" id="fixed-tab-2">
<div class="page-content">
<div class="mdl-grid demo-content">
<div class="demo-charts mdl-color--white mdl-shadow--2dp mdl-cell mdl-cell--12-col
mdl-grid">
<h2 class="mdl-card__title-text">TACACS Config</h2>
</div>

Page | 59
<div class="demo-graphs mdl-shadow--2dp mdl-color--white mdl-cell mdl-cell--4-
col">
<div class="mdl-card__title">
<h2 class="mdl-card__title-text">Generate DES</h2>
</div>
<form action="#">
<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
<input class="mdl-textfield__input" type="text" id="passwd">
<label class="mdl-textfield__label" for="passwd">Text...</label>
</div>

<button class="mdl-button mdl-js-button mdl-button--raised mdl-js-ripple-effect"
id="desGenerate">
Generate
</button>
</form>
<h2 id="despwd"></h2>
</div>
<div class="demo-graphs mdl-shadow--2dp mdl-color--white mdl-cell mdl-cell--8-
col">
<div class="mdl-card__title">

Page | 60
<h2 class="mdl-card__title-text">Configuration File</h2>
</div>
<div class="mdl-card__supporting-text">
<div class="mdl-textfield mdl-js-textfield mdl-textarea" style="width:100%;">
<textarea class="mdl-textfield__input" id="tacace-config" type="text" rows=
"17" style="width:100%"></textarea>
</div>
</div>
<button class="mdl-button mdl-js-button mdl-button--raised mdl-js-ripple-effect"
id="btnUpdate">
Update
</button>
</div>
</div>
</div>
</section>
</main>
</div>
<script src="js/material.min.js"></script>
<script src="js/socket.io-1.2.0.js"></script>
<script src="login1/js/jquery.min.js"></script>
<script type="text/javascript">

Page | 61
$(document).ready(function(){
$('#fixed-tab-2').hide();
$('#lnk1').click(function(){
$('#fixed-tab-1').slideDown(100);
});
$('#lnk2').click(function(){
$('#fixed-tab-2').slideDown(100);
});
$("#desGenerate").click(function(){
socket.emit("generateDES",$('#passwd').val());
//alert($('#passwd').val());
});
$("#btnUpdate").click(function(){
console.log($('#tacace-config').val());
socket.emit("update_conf",$('#tacace-config').val());
});

Page | 62
$("#logout").click(function(){
console.log("logout");
$.ajax({
type: "GET",
url: "http://192.168.0.77:3000/logout",
success: function(response) {
console.log("success"+response);
location.href = "/";
},
complete: function(response) {
console.log("complete" + response);
// alert("complete"+response);
}
});
event.preventDefault();
});
console.log("cookie"+document.cookie);
});
</script>
<script>

Page | 63
var socket = io();
socket.emit("get_config","get");
socket.on('response', function(msg){
$('#messages').append($('<li>').text(msg));
});
socket.on('tail', function(msg){
console.log("tail : "+msg);
$('#tail').append($('<li>').text(msg));
$('#tail').scrollTop($('#tail')[0].scrollHeight);
});
socket.on('tail1', function(msg){
console.log("tail1 : "+msg);
$('#tail1').append($('<li>').text(msg));
$('#tail1').scrollTop($('#tail')[0].scrollHeight);
});
socket.on('config', function(msg){
$('#tacace-config').val(msg);
});
$('form').submit(function(){

Page | 64
$('#messages').empty();
socket.emit('request', $('#m').val());
$('#m').val('');
return false;
});
socket.on('response', function(msg){
$('#messages').append($('<li>').text(msg));
});
socket.on('memory', function(msg){
console.log(msg);
});
socket.on('serverInfo', function(msg){
console.log(msg);
$('#serverInfo').append("<p>"+msg+"</p>");
});
socket.on('despwd',function(msg){
$('#despwd').html("<h2 class="mdl-card__title-text">DES
Password</h2><p>"+msg+"</p>");
});

Page | 65
socket.on('tacacs-status',function(msg){
$('#switch-1').prop('checked', msg);
});
$("#switch-1").click(function(){
if($("#switch-1").prop("checked")){
socket.emit('tacacs-control',true);
}else{
socket.emit('tacacs-control',false);
}
})
</script>
</body>
</html>
Server side HTML
<!DOCTYPE html>
<html >
<head>
<meta charset="UTF-8">
<title>Sign-Up/Login Form</title>
<link href='css/fonts.css' rel='stylesheet' type='text/css'>

Page | 66
<link rel="stylesheet" href="css/normalize.css">
<link rel="stylesheet" href="css/style.css">
</head>
<body>
<div class="form">
<ul class="tab-group">
<li class="tab"><a href="#signup">Sign Up</a></li>
<li class="tab active"><a href="#login">Log In</a></li>
</ul>
<div class="tab-content">
<div id="signup">
<h1>Sign UP NOW</h1>
<form role="form" id="register-form" >

Page | 67
<div class="top-row">
<div class="field-wrap">
<label>
First Name<span class="req">*</span>
</label>
<input type="text" required autocomplete="off" id="firstname"/>
</div>
<label>
Last Name<span class="req">*</span>
</label>
<input type="text"required autocomplete="off" id="lastname"/>
</div>
</div>
<label>
Email Address<span class="req">*</span>
</label>
<input type="email"required autocomplete="off" id="username"/>
</div>

Page | 68
<label>
Set A Password<span class="req">*</span>
</label>
<input type="password"required autocomplete="off" id="password"/>
</div>
<button type="submit" class="button button-block"/>Get Started</button>
</form>
</div>
<div id="login">
<h1>Welcome Back!</h1>
<form id="login-form">
<label>
Email Address<span class="req">*</span>
</label>
<input type="email"required autocomplete="off" id="username1"/>

Page | 69
</div>
<label>
Password<span class="req">*</span>
</label>
<input type="password"required autocomplete="off" id="password1"/>
</div>
<button class="button button-block"/>Log In</button>
</form>
</div>
</div>
</div> 
<script src='js/jquery.min.js'></script>
<script src="js/index.js"></script>
<script type="text/javascript">

Page | 70
var register_form = document.getElementById("register-form");
register_form.onsubmit = function() {
//function submimt(){
var firstname = document.getElementById("firstname").value;
var lastname = document.getElementById("lastname").value;
var username = document.getElementById("username").value;
var password = document.getElementById("password").value;
var post_json = {
"firstname":firstname,
"lastname":lastname,
"username":username,
"password":password
};
console.log(post_json);
// alert(post_json);
$.ajax({
type: "POST",
url: "http://192.168.0.77:3000/register",
data: JSON.stringify(post_json),
contentType: "application/json; charset=utf-8",
location.href = "/";

Page | 71
},
}
});
}
var login_form = document.getElementById("login-form");
login_form.onsubmit = function() {
var username = document.getElementById("username1").value;
var password = document.getElementById("password1").value;
var post_json = {
"username":username,
"password":password
};
console.log(post_json);
// alert(post_json);
$.ajax({
type: "POST",
url: "http://192.168.0.77:3000/login",
data: JSON.stringify(post_json),

Page | 72
contentType: "application/json; charset=utf-8",
location.href = "/dashboard";
},
}
});
}
$(document).ready(function(){
console.log("ready");
$('#signup').hide();
$('#login').fadeIn();
});
</script>
</body>

Page | 73
</html>
Tacacs+ web integration .Js
const exec = require('child_process').exec;
var http = require('http');
var os = require('os');
var express = require('express');
var mongoose = require('mongoose');
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var session = require('express-session');
var app = express();
var httpServer = http.Server(app);
var io = require('socket.io')(httpServer);
var Tail = require('tail').Tail;
var router = express.Router();
var User = require('./lib/User');
var tail = new Tail("/var/log/tac_plus.log");
var tail1 = new Tail("/var/log/tac_plus.acct");
mongoose.connect('mongodb://localhost/tacacs-gui',function(err){
if(err){
return console.log(err);

Page | 74
}
return console.log("mongoose connected!!");
});
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: false}));
app.use(cookieParser());
app.use(session({secret:"asdadwe1sdf", resave:false,saveUninitialized:true}));
var allClients = [];
io.on('connection',function(socket){
console.log("A user connected! : ");
if(allClients.length ==0){
tail1.watch();
tail.watch();
}

Page | 75
tail.on("line",function(data){
console.log("tail"+data);
socket.emit('tail',data);
});
tail.on("error",function(error){
console.log(error);
});
tail1.on("line",function(data){
console.log("tail1"+data);
socket.emit('tail1',data);
});
tail1.on("error",function(error){
console.log(error);
});
allClients.push(socket);
socket.emit('serverInfo',"Host Name :
"+os.hostname()+"<br>Type : "+os.type()+'<br>Platform : '+os.platform()+"<br>Architecture :
"+ os.arch()+"<br>Total Memory : "+os.totalmem()+"<br>Free Memory : "+os.freemem());
socket.emit('memory',os.totalmem()+","+os.freemem());

Page | 76
socket.on('get_config',function(msg){
console.log("Message :"+msg);
const child = exec('cat /etc/tacacs/tac_plus.conf',
//const child = exec('cat temp/tac_plus.conf',
(error, stdout, stderr) => {
socket.emit("config",stdout);
console.log(`stdout: ${stdout}`);
//console.log(`stderr: ${stderr}`);
if (error !== null) {
console.log(`exec error: ${error}`);
}
});
});
socket.on('update_conf',function(msg){
console.log("Message :"+msg);
const child = exec('echo ''+msg+"' >
/etc/tacacs/tac_plus.conf",
//const child = exec('echo "'+msg+"" >
temp/tac_plus.conf",
(error, stdout, stderr) => {

Tacacs+ with gui support

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (20)

Similar to Tacacs+ with gui support

Similar to Tacacs+ with gui support (20)

Tacacs+ with gui support