Junos OS

Expand all | Collapse all

Deleted user appear in logs

Jump to Best Answer
  • 1.  Deleted user appear in logs

    Posted 10-03-2019 02:18

    Hello,

    There is a username that was deleted from Junos > system > login.

    The deleted username can be still seen in logs. User was deleted with netfonf.

    Does netconf have a username database apart from junos, if the user is not configured how can his username be seen issuing show rpc rpc commands.

     

    Please advise.



  • 2.  RE: Deleted user appear in logs

     
    Posted 10-03-2019 02:24
    Can you run following command on CLI “>show configuration system login | display set| match xxxx “

    xxxx- deleted account name coming in logs


  • 3.  RE: Deleted user appear in logs

    Posted 10-03-2019 02:38

    Hello,

     

    I checked the RSI and there is no trace of that user.

     



  • 4.  RE: Deleted user appear in logs

     
    Posted 10-03-2019 02:52

    Is the log for a login attempt?

     



  • 5.  RE: Deleted user appear in logs

    Posted 10-03-2019 03:02

    User '', command 'command rpc rpc command show configuration interfaces irb '
    2019-09-26 16:56:32.309 
    User '', command 'command rpc rpc command show configuration interfaces ae14 '
    2019-09-26 15:10:09.434 
    User '', command 'command rpc rpc command show configuration interfaces irb '
    2019-09-26 15:10:05.559 
    User '', command 'command rpc rpc command show configuration interfaces ae14 '
    2019-09-26 14:43:00.460 
    User '', command 'command rpc rpc command show configuration interfaces irb '
    2019-09-26 14:42:56.513 
    User '', command 'command rpc rpc command show configuration interfaces ae14

     

    It is for show commands.



  • 6.  RE: Deleted user appear in logs

     
    Posted 10-03-2019 03:06

    See if a session is still active for the user.

     

    show system users

     

    If so log them out

    request system logout NAME

     



  • 7.  RE: Deleted user appear in logs

    Posted 10-03-2019 04:07

    i am checking and reply to you.



  • 8.  RE: Deleted user appear in logs

     
    Posted 10-03-2019 04:20

    Please check if an active session is still present in the router for that deleted user, if the active sesison is still present , that user can still execute the command

     

    Thank you

    Prabin



  • 9.  RE: Deleted user appear in logs

    Posted 10-03-2019 05:15

    no active session present for that user.



  • 10.  RE: Deleted user appear in logs
    Best Answer

     
    Posted 10-03-2019 05:46

    Could you please check and confirm if the show comamnd are before or after the user was deleted ?

    Also any login attempts logs for that deleted  user after deleting ? 

    Can you also check if /var/home/User* folder present and check the if any activity happening by checking the date/time (show command will not referesh time)

    start shell

    % cd /var/home/
    % ls -l | grep User*

     

    example - 

    % ls -l | grep test

    % cd /var/home/
    drwxr-xr-x 2 test 20 512 Oct 3 18:05 test

     

    You can try removing the User directory from Home folder and check

     

    root@re0:/var/home # rm -rf test

     

    Thank you

    Prabin



  • 11.  RE: Deleted user appear in logs

    Posted 10-07-2019 06:37

    i am checking if that is working and reply.