ttyrpld 2.60

ttyrpld is a Kernel-based keylogger and screenlogger for Linux.

  Add it to your Download Basket!

 Add it to your Watch List!


Rate it!

What's new in ttyrpld 2.52:

  • This release updates the code to work with libHX 1.25 and Linux 2.6.27.
Read full changelog
send us
an update
LGPL (GNU Lesser General Public License) 
2.5/5 24
Jan Engelhardt
ROOT \ System \ Logging
ttyrpld is a Kernel-based keylogger and screenlogger for Linux, FreeBSD and OpenBSD, and includes a real-time, tail-following log analyzer.

ttyrpld supports most tty types, including vc, bsd and unix98-style ptys (xterm/ssh), serial, isdn, etc.

Being implemented within the Kernel makes it unavoidable for the default user. Another benefit is that it runs with no overhead if the user-space logging daemon is not active.

ttyrpld consists of four components:

kpatch: The Kernel patch adds a few lines to provide the rpldev extension hooks, which (any) module can then get onto. The system was not directly written for black-hats who want to leave as little traces as possible, keep in mind.

rpldev: The Kernel module is responsible for grabbing the data off the tty line and providing a character device for the user-space logging daemon. Data grabbed of the tty is directly passed to the overlying daemons, so with the correct terminal settings you can get a 1:1 replay.

For systems where module loading is not possible (OpenBSD for example), these two components are integrated into the kpatch.

rpld: Having received the captured data, the logging daemon can store them in any format and/or facility, with or without compression, just as it likes, for this happens in user-space and thus you have all the fluffy libraries available. (That would not be the case from Kernel space.)

Last updated on October 10th, 2009

#linux keylogger #linux screenlogger #Kernel-based logger #ttyrpld #keylogger #screenlogger #Kernel-based

Add your review!