TILT

TILT is a set of terminal logging and playback tools for auditing telnet and SSH connections made from a bastion host.
Download

TILT Ranking & Summary

Advertisement

  • Rating:
  • License:
  • GPL
  • Price:
  • FREE
  • Publisher Name:
  • Kevin Stewart
  • Publisher web site:

TILT Tags


TILT Description

TILT is a set of terminal logging and playback tools for auditing telnet and SSH connections made from a bastion host. TILT is a set of terminal logging and playback tools for auditing telnet and SSH connections made from a bastion host. It provides timestamped logs and real time playback of logs for incident reports, incident analysis or as a training aid.Developer commentsI use it for the basis of incident reports after a network event that I have worked on. I can sit down the morning after (managers always ask for reports the next day) with a time stamped log, syslogs and call history from my phones and produce a report of when I did things, exactly what I saw and when things where fixed. I also use it to find out how I last did something on a serverThere are many ways that this tool can be installed. Here is a list of ways I have installed different versions of this code.1) Pathed telnet and ssh replacements.Drop them in a directory and amend your path to have that directory before /usr/bin Pros: easy to do telnet and ssh are not affected Cons: easy to bypass2) Full telnet and ssh replacements. create a logging user. change the ownership and file access permissions of telnet and ssh. Put the tilt telnet and ssh wrappers in the /usr/bin directory set them as SUID the logging user create iptables rules that allow only the logging user to connect to another box using port 23. (module owner) change the ssh binary so it opens the tcp connection before setuiding back to the running user. after these changes iptables filtering will work for ssh Pros: harder to get around Cons: Harder to maintain, upgrading and patching ssh and telnet are an issue Users could still get around it if they think a little3) Force via a menued bastion host.Create a bastion host. Only provide a menu that will let the users ssh or telnet via TILT Pros: Logging is mandatory. A bastion host in a network is good for security Cons: Some users resent not having shell access on a bastion host.4) Change the program run by TILT to a shell and replace the users shell with TILT Pros: All interaction is logged. Can be used with any of the other methods. Cons: All local and remote interactions are in the same file. I have not personaly tryed TILT in this configuration What's New in This Release: · fixed some warnings about nanosleep could not sleep reported by nano bug · fixed incorrect calculation of sleep time when -m was used and not


TILT Related Software

About SoftwareSea