TILT is a set of terminal logging and playback tools for auditing telnet and SSH connections made from a bastion host.. #Terminal logging #Terminal playback #Auditing telnet #Terminal #Logging #Playback
TILT is a set of terminal logging and playback tools for auditing telnet and SSH connections made from a bastion host. It provides timestamped logs and real time playback of logs for incident reports, incident analysis or as a training aid.
I use it for the basis of incident reports after a network event that I have worked on. I can sit down the morning after (managers always ask for reports the next day) with a time stamped log, syslogs and call history from my phones and produce a report of when I did things, exactly what I saw and when things where fixed. I also use it to find out how I last did something on a server
There are many ways that this tool can be installed. Here is a list of ways I have installed different versions of this code.
1) Pathed telnet and ssh replacements.
Drop them in a directory and amend your path to have that directory before /usr/bin
Pros: easy to do telnet and ssh are not affected Cons: easy to bypass
2) Full telnet and ssh replacements.
create a logging user. change the ownership and file access permissions of telnet and ssh. Put the tilt telnet and ssh wrappers in the /usr/bin directory set them as SUID the logging user create iptables rules that allow only the logging user to connect to another box using port 23. (module owner) change the ssh binary so it opens the tcp connection before setuiding back to the running user. after these changes iptables filtering will work for ssh
Pros: harder to get around Cons: Harder to maintain, upgrading and patching ssh and telnet are an issue Users could still get around it if they think a little
3) Force via a menued bastion host.
Create a bastion host. Only provide a menu that will let the users ssh or telnet via TILT
Pros: Logging is mandatory. A bastion host in a network is good for security Cons: Some users resent not having shell access on a bastion host.
4) Change the program run by TILT to a shell and replace the users shell with TILT
Pros: All interaction is logged. Can be used with any of the other methods. Cons: All local and remote interactions are in the same file. I have not personaly tryed TILT in this configuration
What's new in TILT 0.1.1:
- fixed some warnings about nanosleep could not sleep reported by nano bug
- fixed incorrect calculation of sleep time when -m was used and not
TILT 0.1.1
add to watchlist add to download basket send us an update REPORT- runs on:
- Linux
- main category:
- System
- developer:
- visit homepage
Windows Sandbox Launcher 1.0.0
ShareX 16.0.1
Zoom Client 6.0.3.37634
calibre 7.9.0
7-Zip 23.01 / 24.04 Beta
Context Menu Manager 3.3.3.1
4k Video Downloader 1.5.3.0080 Plus / 4.30.0.5655
IrfanView 4.67
Bitdefender Antivirus Free 27.0.35.146
Microsoft Teams 24060.3102.2733.5911 Home / 1.7.00.7956 Work
- IrfanView
- Bitdefender Antivirus Free
- Microsoft Teams
- Windows Sandbox Launcher
- ShareX
- Zoom Client
- calibre
- 7-Zip
- Context Menu Manager
- 4k Video Downloader