TILT 0.1.1

TILT is a set of terminal logging and playback tools for auditing telnet and SSH connections made from a bastion host.
TILT is a set of terminal logging and playback tools for auditing telnet and SSH connections made from a bastion host. It provides timestamped logs and real time playback of logs for incident reports, incident analysis or as a training aid.

Developer comments

I use it for the basis of incident reports after a network event that I have worked on. I can sit down the morning after (managers always ask for reports the next day) with a time stamped log, syslogs and call history from my phones and produce a report of when I did things, exactly what I saw and when things where fixed. I also use it to find out how I last did something on a server

There are many ways that this tool can be installed. Here is a list of ways I have installed different versions of this code.

1) Pathed telnet and ssh replacements.

Drop them in a directory and amend your path to have that directory before /usr/bin

Pros:
easy to do
telnet and ssh are not affected
Cons:
easy to bypass

2) Full telnet and ssh replacements.

create a logging user.
change the ownership and file access permissions of telnet and ssh.
Put the tilt telnet and ssh wrappers in the /usr/bin directory set them as SUID the logging user
create iptables rules that allow only the logging user to connect to another box using port 23. (module owner)
change the ssh binary so it opens the tcp connection before setuiding back to the running user.
after these changes iptables filtering will work for ssh

Pros:
harder to get around
Cons:
Harder to maintain, upgrading and patching ssh and telnet are an issue
Users could still get around it if they think a little

3) Force via a menued bastion host.

Create a bastion host. Only provide a menu that will let the users ssh or telnet via TILT

Pros:
Logging is mandatory.
A bastion host in a network is good for security
Cons:
Some users resent not having shell access on a bastion host.

4) Change the program run by TILT to a shell and replace the users shell with TILT

Pros:
All interaction is logged.
Can be used with any of the other methods.
Cons:
All local and remote interactions are in the same file.
I have not personaly tryed TILT in this configuration

last updated on:
October 20th, 2008, 10:20 GMT
price:
FREE!
developed by:
Kevin Stewart
homepage:
sourceforge.net
license type:
GPL (GNU General Public License) 
category:
ROOT \ System \ Logging

FREE!

In a hurry? Add it to your Download Basket!

user rating 20

3.2/5
 

0/5

What's New in This Release:
  • fixed some warnings about nanosleep could not sleep reported by nano bug
  • fixed incorrect calculation of sleep time when -m was used and not
read full changelog

Add your review!

SUBMIT