ttyrpld 2.60

ttyrpld is a Kernel-based keylogger and screenlogger for Linux.
ttyrpld is a Kernel-based keylogger and screenlogger for Linux, FreeBSD and OpenBSD, and includes a real-time, tail-following log analyzer.

ttyrpld supports most tty types, including vc, bsd and unix98-style ptys (xterm/ssh), serial, isdn, etc.

Being implemented within the Kernel makes it unavoidable for the default user. Another benefit is that it runs with no overhead if the user-space logging daemon is not active.

ttyrpld consists of four components:

kpatch: The Kernel patch adds a few lines to provide the rpldev extension hooks, which (any) module can then get onto. The system was not directly written for black-hats who want to leave as little traces as possible, keep in mind.

rpldev: The Kernel module is responsible for grabbing the data off the tty line and providing a character device for the user-space logging daemon. Data grabbed of the tty is directly passed to the overlying daemons, so with the correct terminal settings you can get a 1:1 replay.

For systems where module loading is not possible (OpenBSD for example), these two components are integrated into the kpatch.

rpld: Having received the captured data, the logging daemon can store them in any format and/or facility, with or without compression, just as it likes, for this happens in user-space and thus you have all the fluffy libraries available. (That would not be the case from Kernel space.)

last updated on:
October 10th, 2009, 23:06 GMT
license type:
LGPL (GNU Lesser General Public License) 
developed by:
Jan Engelhardt
ROOT \ System \ Logging
Download Button

In a hurry? Add it to your Download Basket!

user rating 24



Rate it!
What's New in version 2.52
  • This release updates the code to work with libHX 1.25 and Linux 2.6.27.
read full changelog

Add your review!