-
Notifications
You must be signed in to change notification settings - Fork 1
/
index.html
205 lines (163 loc) · 9.19 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
<!DOCTYPE html>
<html>
<head>
<meta charset='utf-8'>
<meta http-equiv="X-UA-Compatible" content="chrome=1">
<link rel="stylesheet" type="text/css" href="stylesheets/stylesheet.css" media="screen">
<link rel="stylesheet" type="text/css" href="stylesheets/github-dark.css" media="screen">
<link rel="stylesheet" type="text/css" href="stylesheets/print.css" media="print">
<title>Scribery - User Session Recording</title>
</head>
<body>
<header>
<div class="container">
<img id="logo" src="images/logo.png">
<h1>Scribery</h1>
<h2>Open-Source User Session Recording</h2>
<section id="downloads">
<a href="https://github.com/Scribery" class="btn btn-github"><span class="icon"></span>View on GitHub</a>
</section>
</div>
</header>
<div class="container">
<section id="main_content">
<p>The Scribery project is an effort to design and implement an Open-Source
solution for recording user sessions on Linux systems.</p>
<p>Many companies need to have their systems used, or even managed by people they
don’t entirely trust: contractors, outsourced support, peripheral IT staff,
etc. It helps to know what these users or operators were doing on your
systems, or even what they’re doing right now, so you can not only prevent
repeated issues, but also stop an incident about to happen.</p>
<p>Government, medical and certain other organizations can be required by law to
collect recordings of user sessions. Financial organizations require tight
tracking of what's happening on their systems. Support desks also appreciate a
way to look back at what exactly led to an issue, so they don’t need to talk
through a user’s recollection of events.</p>
<p>We're working on supporting recording of text terminal sessions (e.g. login at
the console, via SSH, or telnet). The recorded data includes what user enters
into the terminal and sees on the screen, what commands the user executes,
what files he/she accesses and how, and other data relevant to the session.</p>
<p>To support centralized architecture and to take the recording away from the
user system where it cannot be kept safely, we stream it via the conventional
logging system to a central storage. Then, the auditors, or support, can
search, correlate, and playback the recordings from that central location.</p>
<p>The solution is being integrated with a central identity and policy management
system, so that administrators could specify which users to record where
centrally.</p>
<h2>
<a id="components" class="anchor" href="#components" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Components</h2>
<h3>
<a id="client-side" class="anchor" href="#client-side" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Client side</h3>
<p><strong>Tlog-rec</strong></p>
<blockquote>
<p>A terminal I/O recording shim, which is put between the terminal and the
user shell. Sends the recording to the logging server as JSON. A part of
<a href="http://scribery.github.io/tlog/">tlog</a>.</p>
</blockquote>
<p><strong><a href="https://fedorahosted.org/sssd/">SSSD</a></strong></p>
<blockquote>
<p>A system daemon responsible for telling the system when and how to start
session recording, possibly on behalf of a central identity and policy
management system. Optional.</p>
</blockquote>
<p><strong><a href="https://people.redhat.com/sgrubb/audit/">Auditd</a></strong></p>
<blockquote>
<p>A general auditing system, which records additional session activity such as
commands executed and files accessed. Optional.</p>
</blockquote>
<p><strong><a href="http://scribery.github.io/aushape/">Aushape</a></strong></p>
<blockquote>
<p>An audit log converter running under Auditd to convert audit events to JSON
on the fly, to be passed to the logging server. Optional.</p>
</blockquote>
<p><strong>Logging server</strong></p>
<blockquote>
<p>
<a href="http://www.rsyslog.com/">Rsyslog</a>,
<a href="http://www.fluentd.org/">Fluentd</a>, or
<a href="https://www.elastic.co/products/logstash">Logstash</a>
- a logging server, which collects both the recorded terminal I/O, and audit
messages, then massages and sends them to the central storage.</p>
</blockquote>
<h3>
<a id="server-side" class="anchor" href="#server-side" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Server side</h3>
<p><strong><a href="http://www.freeipa.org/">FreeIPA</a></strong></p>
<blockquote>
<p>A central identity and policy management solution responsible for
controlling what is going to be recorded, for which users/groups, and on
which hosts. Optional.</p>
</blockquote>
<p><strong><a href="https://www.elastic.co/products/elasticsearch">Elasticsearch</a></strong></p>
<blockquote>
<p>The central storage for the recordings. Can also serve as the storage of
logs in general. Can be used for searching and correlation with the help of
visualization solutions such as <a href="https://www.elastic.co/products/kibana">Kibana</a>.</p>
</blockquote>
<p><strong>Tlog-play</strong></p>
<blockquote>
<p>A basic command-line session playback tool. Can be used to test the setup
and quickly playback sessions from the command line. A part of <a href="http://scribery.github.io/tlog/">tlog</a>.
Optional.</p>
</blockquote>
<p><strong>Web UI</strong></p>
<blockquote>
<p>A session playback web UI component, which can join the terminal I/O and
audit data for searching and correlation within specific sessions. To be
implemented.</p>
</blockquote>
<h2>
<a id="control-and-data-flow" class="anchor" href="#control-and-data-flow" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Control and data flow</h2>
<pre><code> Servers Network Clients
_____________________ _______________________________
| _________________ | | ___________________ |
| | | | | | | |
| | FreeIPA |====(control)===>| SSSD | |
| |_________________| | | |___________________| |
| /\ | | || /\ |
| || | | || || |
| (control) | | (control) (control) |
| ......||....... | | || ........||......... |
| : Administrator : | | || : Administrator : |
| ''''''''''''''' | | || '''||'''''''''||''' |
| | | || (control) (control) |
| ............... | | || || || |
| : Auditor : | | ___\/_____\/__ ____\/____ |
| ''/\'''''''/\'' | | | | | | |
| || || | | | Tlog-rec | | Auditd | |
| (data) (data) | | |______________| |__________| |
| ___||__ __||___ | | || || |
| | | | | | | || ___\/____ |
| | Tlog- | | WebUI | | | || | | |
| | play | | (TBD) | | | || | Aushape | |
| |_______| |_______| | | || |_________| |
| /\ /\ | | || || |
| || || | | (data) (data) |
| (data) (data) | | || || |
| ___||_______||___ | | ___\/_____________\/___ |
| | | | | | | |
| | | | | | Rsyslog | |
| | | | | | - - - - - - - - - - - | |
| | Elasticsearch |<====(data)=========| Fluentd | |
| | | | | | - - - - - - - - - - - | |
| | | | | | Logstash | |
| |_________________| | | |_______________________| |
|_____________________| |_______________________________|
</code></pre>
<p>See also the project's <a href="http://www.freeipa.org/page/Session_Recording">WIP design page</a>
at <a href="http://www.freeipa.org/page/Main_Page">FreeIPA website</a>.</p>
<h2>
<a id="status-and-plans" class="anchor" href="#status-and-plans" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Status and plans</h2>
<p>At the moment the base terminal I/O recording and playback is implemented in
tlog, its <a href="https://github.com/Scribery/tlog/releases">packages</a> are
available on GitHub and in Fedora. We have basic functionality of converting
audit logs to JSON implemented in Aushape, which is available on GitHub.</p>
<p>Right now we're working on integrating tlog with SSSD and FreeIPA, and are
starting implementing the web UI playback component.</p>
<h2>
<a id="contacts" class="anchor" href="#contacts" aria-hidden="true"><span aria-hidden="true" class="octicon octicon-link"></span></a>Contacts</h2>
<p>Please contact <a href="mailto:spbnick@gmail.com">Nikolai Kondrashov</a> if you have any
questions or suggestions.</p>
</section>
</div>
</body>
</html>