Sometimes it is necessary to have logs who tried to logon to TufinOS or TOS. Also, not successful tries need to be recognized and logged. This often is a requirement, esp. if compliance regulations need to be fulfilled. Logging can be done by extracting information from Tufin in a tool like e.g. Splunk. The information is stored in some files described below.

 

TufinOS

Logon to the CLI of TufinOS is recorded automatically since it's based on CentOS. The file in which this information can be found is
     /var/log/secure

Please find an example for an unsuccessful (user123) and successful login (root).

Mar 16 19:38:57 localhost sshd[24880]: Invalid user user123 from 10.0.0.23
Mar 16 19:38:57 localhost sshd[24881]: input_userauth_request: invalid user user123
Mar 16 19:39:01 localhost sshd[24880]: pam_unix(sshd:auth): check pass; user unknown
Mar 16 19:39:01 localhost sshd[24880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.0.23
Mar 16 19:39:01 localhost sshd[24880]: pam_succeed_if(sshd:auth): error retrieving information about user user123
Mar 16 19:39:03 localhost sshd[24880]: Failed password for invalid user user123 from 10.0.0.23 port 50025 ssh2
Mar 16 19:39:11 localhost sshd[24881]: Connection closed by 10.0.0.23

Mar 16 19:39:38 localhost sshd[24888]: Accepted password for root from 10.0.0.23 port 50026 ssh2
Mar 16 19:39:38 localhost sshd[24888]: pam_unix(sshd:session): session opened for user root by (uid=0)

 

Tufin SecureTrack

A successful login to the WebUI of SecureTrack is recorded in the database. This information can be checked in the WebUI also. To do so, go to Menu > Settings > Administration > Audit Trail. As shown below, a successful login and logout can be monitored here.

 

 Sometimes this information isn't sufficient since also not successful login attempts need to be documented. This can be done by checking the file
      /var/log/keycloak/server.log

When using local authentication, a non-successful login of a user (user2) looks like this in the file

WARN 2021-03-16 20:41:28,511 [default task-2::o.k.events.onEvent] [user:] type=LOGIN_ERROR, realmId=f93f5360-fa5c-4777-aa14-c91c4730e49a, clientId=st_httpd_10.0.0.20, userId=null, ipAddress=10.0.0.23, error=identity_provider_error, auth_method=openid-connect, auth_type=code, redirect_uri=https://10.0.0.20/protected/redirect_uri, code_id=dcca1e78-7a0f-43f3-a017-772ac8c291fe, username=user2#ovzwk43sge======, authSessionParentId=dcca1e78-7a0f-43f3-a017-772ac8c291fe, authSessionTabId=BXN4R0pwtHU

When LDAP is used for authentication at SecureTrack, some more basic information is delivered (user1).

ERROR 2021-03-16 21:14:53,338 [default task-1::c.t.c.k.a.c.h.d.LoginHandlersDispatcher.handleLogin] [user:] LDAP authentication failed for user:{user1}: java.lang.RuntimeException: LDAP authentication failed for user:{user1}
...
WARN 2021-03-16 21:14:53,340 [default task-1::o.k.events.onEvent] [user:] type=LOGIN_ERROR, realmId=f93f5360-fa5c-4777-aa14-c91c4730e49a, clientId=st_httpd_10.0.0.20, userId=d733890d-f5be-449d-8e8e-efab9972fef1, ipAddress=10.0.0.24, error=invalid_user_credentials, auth_method=openid-connect, auth_type=code, redirect_uri=https://10.0.0.20/protected/redirect_uri, code_id=1d8576e7-69d5-4549-85a6-e014f2a7c14d, username=user1#ovzwk4rr, authSessionParentId=1d8576e7-69d5-4549-85a6-e014f2a7c14d, authSessionTabId=bFfur4XdKlI

As shown above, a successful authentication can be monitored in "Audit Trail". If necessary, information can also be gathered directly by asking the database.

 

Tufin SecureChange

When trying to log authentication at SecureChange, only a log file at the CLI can be evaluated:
     /var/log/tomcat/securechange.log

A successful login is recorded here, e.g. for a local user (hcarr)

INFO 2021-03-16 21:21:22,066 [catalina-exec-19::c.t.s.s.AdminAuthenticatorHelper.performAuthentication] [user:system] authenticating hcarr
INFO 2021-03-16 21:21:22,072 [catalina-exec-19::c.t.s.s.UsernamePasswordAuthenticator.authenticate] [user:system] User ID: 4, User name: Henry Carr logged in.
...

A successful login is recorded here, e.g. for a user authenticated using an LDAP server (user1)

INFO 2021-03-16 21:24:36,345 [catalina-exec-15::c.t.s.s.AdminAuthenticatorHelper.performAuthentication] [user:system] authenticating user1
INFO 2021-03-16 21:24:36,351 [catalina-exec-15::c.t.s.s.LdapUserResolver.authenticateUserByLdap] [user:system] Start authentication of user [user1].
INFO 2021-03-16 21:24:36,362 [catalina-exec-15::c.t.s.s.LdapUserResolver.authenticateUserByLdap] [user:system] Successful authentication of user [user1]. The authenticated userName is [user1].
INFO 2021-03-16 21:24:36,369 [catalina-exec-15::c.t.s.s.LdapUserResolver.getLoggedInUserFromDb] [user:system] User user1 found in DB by LDAP ID kBxZxiVaE0uwfM5vdPy5pw==. DB id is 43
INFO 2021-03-16 21:24:36,372 [catalina-exec-15::c.t.s.s.UsernamePasswordAuthenticator.authenticate] [user:system] User ID: 43, User name: user1 logged in.
...

Trying wrong credentials (mleu) delivers

INFO 2021-03-16 21:23:52,088 [catalina-exec-18::c.t.s.s.AdminAuthenticatorHelper.performAuthentication] [user:system] authenticating mleu
INFO 2021-03-16 21:23:52,093 [catalina-exec-18::c.t.s.s.LdapUserResolver.authenticateUserByLdap] [user:system] Start authentication of user [mleu].
WARN 2021-03-16 21:23:52,099 [catalina-exec-18::c.t.s.s.LdapUserResolver.authenticateUserByLdap] [user:system] The authentication of the user [mleu] is failed. User [mleu] does not exist when using filter [(&(sAMAccountType=805306368)(|(sAMAccountName=mleu)(userPrincipalName=mleu)))] and baseDN [cn=users,dc=aerasec,dc=labor].
INFO 2021-03-16 21:23:52,105 [catalina-exec-18::c.t.s.c.l.SCLdapServiceImpl.getLdapUser] [user:system] Searching for LDAP user mleu
INFO 2021-03-16 21:23:52,106 [catalina-exec-18::c.t.s.c.l.SCLdapServiceImpl.getLdapUser] [user:system] Searching for LDAP user mleu in LdapConfiguration Lab_AD
INFO 2021-03-16 21:23:52,114 [catalina-exec-18::c.t.s.c.l.SCLdapServiceImpl.findUserInLdap] [user:system] User not found in LDAP by name [mleu].

In any case, these data need to be forwarded to a central reporting tool.
Forwarding the content of these files can be done e.g., by syslog, using a Splunk Forwarder, or any other method.

 

 

 

The protection of your personal information is very important to us. Therefore, you will find here a privacy policy.

  • This website can be used without the explicit provision of personal data, except your IP address. This is recorded, please see below.

  • Regarding the transfer of data from the Internet to us, we point out that the transfer takes place in a possibly untrustworthy way. On the one hand, this may be because it is carried out in plain language or, on the other hand, it is used for transmission itself by systems that are insecure and that we have no control over (for example, provider routers on the Internet).

  • There is a cookie used (Hex 32) but no tools for data analysis are used on this web server, i.e. no Google Analytics and similar tools used for identification or tracking.

  • All access to this web server will be logged according to the default web server installation.
    These data are the time and date of access, the requested URL, the IP sender address and, if applicable, the referer and the browser used, if applicable including the operating system used.
    These data are used to troubleshoot the operation of the server if necessary. Furthermore, they are only evaluated for statistical purposes and not made available to third parties.

  • Please note that we can not be held responsible for the privacy practices of sites to which links from this server point.

  • You have the right to receive information about your personal data stored by us at any time.
    Likewise, you have the right to correct and delete your data, as far as they are not required for the mandatory filing obligation for business transactions.
    The same applies to the blocking of data, which is kept in a separate lock file.
    You can make changes or revoke your consent to the storage of your data by This email address is being protected from spambots. You need JavaScript enabled to view it. us with future effect. These changes are made as promptly as possible.

  • Responsible party within the meaning of the Federal Data Protection Act (BDSG) and at the same time a service provider within the meaning of the Telemedia Act (TMG) is AERAsec Network Services and Security GmbH.
    Please find further information in the imprint.

This server is operated by

AERAsec Network Services and Security GmbH
Wagenberger Str. 1
85662 Hohenbrunn, Germany

Telephone: +49 8102 895190, Telefax: +49 8102 895199
E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Register Court: Munich, Register Number: HRB 133265
Sales Tax identification number according to §27a UStG: DE209125001

Authorized Managing Director
: Dr. Matthias Leu, also responsible for all content of this server according to §55.2 RStV.

  • The whole content of this web server, for which we are responsible in accordance with § 7 Abs. 1 TMG, was created with the greatest possible care. However, no guarantee is given for their accuracy, completeness and up-to-dateness.

  • In no event shall we be liable for any damages of any kind whatsoever arising out of or in connection with the use of the information published here, whether direct or indirect, consequential or special, including loss of profit, or damage arising out of the Loss of data. This applies even if the possibility of such damages has been pointed out.

  • We reserve the right to change the content published by us at any time without prior notice.

  • Note about all links on this web server:
    At the time of linking all links were checked by the operator of this web server and showed no illegal content in Germany. If we are informed of an infringement, we will remove the link immediately. An ongoing monitoring of all links is unreasonable.

  • The copyright for this web server is held by AERAsec Network Services and Security GmbH.

  • We have always respected the copyright of third parties when creating these pages. Should a copyright infringement be found, we would be grateful for a communication.
    Such contents are removed immediately by us, so that no copyright infringement exists.

  • All product names mentioned are trademarks and/or registered trademarks of their respective manufacturers.

  • The name AERAsec is registered as a trademark in the register of the German Patent and Trade Mark Office under file number 39854409.3.

  • We refuse the use of our contact information to provide us with unsolicited advertising or spam. In the event of a breach, we reserve the right to take legal action.

AERAsec is proud to announce that we are the first Tufin Service Delivery Partner + (SDP+) in Germany

Service Delivery Partner Plus

Tufin has announced that its Service Delivery Partner Plus (SDP+) training program has introduced a new developer course to its 2020 portfolio. Designed to fill industry gaps, the course delivers training and development opportunities in key areas such as Tufin APIs, integrations, customizations, and development techniques.

AERAsec is proud to be the first SDP+ partner in Germany (press release in German language) after being one of the first SDP partners worldwide. So we can deliver now even more value to our customers due to the ability to officially deliver customizations of the Tufin Orchestration Suite. So customers will have additional value not only from AERAsec's experience but also from very intense cooperation between AERAsec and Tufin.

Customers purchasing Tufin products from AERAsec will have an additional advantage because of special conditions regarding these services. Please This email address is being protected from spambots. You need JavaScript enabled to view it. if you want to know more about AERAsec delivering Tufin Products and Services.

 

 

 

 

AERAsec is proud to announce that we are one of the worldwide first three Tufin Service Delivery Partners (SDP) and currently the only one in Central Europe

https://tcw-8egzwiavysvuu1nzct.netdna-ssl.com/sites/default/files/service-delivery-partner_0.png

Tufin has announced that a new partner program is launched in June 2018. The Service Delivery Partner Program enables partner to be more service-ready.

AERAsec has a wide experience from many projects helping customers to get their values by the Tufin Orchetration Suite. The way of working closely together with Tufin Technologies will be continued in an even more intense way. So customers will have additional value not only from experience, but also from a more intense cooperation between AERAsec and Tufin. Customers purchasing Tufin products from AERAsec will have an additional advantage because of special conditions regarding these services.

Please This email address is being protected from spambots. You need JavaScript enabled to view it. if you want to know more about AERAsec delivering Tufin Products and Services.

 

 

 

The Tufin Orchestration Suite (TOS) sometimes needs to be customized. Tufin delivers some options to use an own logo, but not everywhere. Let's have a look the default options and more.

 

SecureChange

in SecureChange a user with administrative rights has access to the Settings tab in the menu. Selecting Menu > Settings > Customzation offers the use of an own logo.

At the bottom of the page is a button labeled Publish. Pressing it will change the logo used in SecureChange.

So changing the logo in SecureChange is quite easy.

 

SecureTrack

By default, an own logo can be integrated for SecureTrack Reports. This is done via Menu > Settings > Configuration > Reports. The fiels Custom Logo allows to place the own logo here.

As an option, the logo can also be shown on every PDF page. The result looks quite good.

 

Sometimes the WebUI of SecureTrack shall also be customized. Tufin doesn't have an option for this in the Menus of SecureTrack. But changing the logo is also possible.
Requirement: PNG file with a size of 120x50 called tufin-suite-logo.png.
The following procedure is for SecureTrack R17-3 (paths may vary in other versions).

If you have your logo, make a backup of the original files before you continue. Then rename your logo to tufin-suite-logo.png and place it on the server:

Logo in the WebUI top left:
/var/www/html/images/header/tufin-suite-logo.png

Logo for Login window:
/usr/keycloak-2.5.4.Final/themes/tufin-theme/login/resources/img/tufin-suite-logo.png

Logo for Logout window
/var/www/html/logout/tufin-suite-logo.png

After having changed these settings (and cleared the browser cache), the own logo is shown in SecureTrack also.