Sunday, February 19, 2017

GOTCHAS when using remote-admin logins and with "wildcards" admin users

When executing  FortiOS    backups and  revisions on the fortigate.


The  user that's listed in the backup or revision is listed as "wildcard", this alone give you no history on who the actual user was &  for that backup or revision entry.

see example #1 ( WebGUI revisions )




see example #2 ( webGUI revisions )




see example#3  ( download backup configuration file )



The same thing for  FortiOS5.4





You can always locate systems  event  files  if you need to audit or track who did the change and match it with the timestamp if the logger buffer has not been rolled or deleted.


exe log  filter  category 1

exe log display 



Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o 
        /  \



No comments:

Post a Comment