-
Notifications
You must be signed in to change notification settings - Fork 1
/
params.json
6 lines (6 loc) · 6.86 KB
/
params.json
1
2
3
4
5
6
{
"name": "Scribery",
"tagline": "Open-Source User Session Recording",
"body": "The Scribery project is an effort to design and implement an Open-Source\r\nsolution for recording user sessions on Linux systems.\r\n\r\nMany companies need to have their systems used, or even managed by people they\r\ndon’t entirely trust: contractors, outsourced support, peripheral IT staff,\r\netc. It helps to know what these users or operators were doing on your\r\nsystems, or even what they’re doing right now, so you can not only prevent\r\nrepeated issues, but also stop an incident about to happen.\r\n\r\nGovernment, medical and certain other organizations can be required by law to\r\ncollect recordings of user sessions. Financial organizations require tight\r\ntracking of what's happening on their systems. Support desks also appreciate a\r\nway to look back at what exactly led to an issue, so they don’t need to talk\r\nthrough a user’s recollection of events.\r\n\r\nWe're working on supporting recording of text terminal sessions (e.g. login at\r\nthe console, via SSH, or telnet). The recorded data includes what user enters\r\ninto the terminal and sees on the screen, what commands the user executes,\r\nwhat files he/she accesses and how, and other data relevant to the session.\r\n\r\nTo support centralized architecture and to take the recording away from the\r\nuser system where it cannot be kept safely, we stream it via the conventional\r\nlogging system to a central storage. Then, the auditors, or support, can\r\nsearch, correlate, and playback the recordings from that central location.\r\n\r\nThe solution is being integrated with a central identity and policy management\r\nsystem, so that administrators could specify which users to record where\r\ncentrally.\r\n\r\nComponents\r\n----------\r\n\r\n### Client side \r\n\r\n__Tlog-rec__\r\n> A terminal I/O recording shim, which is put between the terminal and the\r\n> user shell. A part of [tlog][tlog].\r\n\r\n__[SSSD][sssd]__\r\n> A system daemon responsible for telling the system when and how to start\r\n> session recording, possibly on behalf of a central identity and policy\r\n> management system. Optional.\r\n\r\n__[Auditd][auditd]__\r\n> A general auditing system, which records additional session activity such as\r\n> commands executed and files accessed. Optional.\r\n\r\n__[Rsyslogd][rsyslogd]__\r\n> A logging server, which collects both the recorded terminal I/O, and audit\r\n> messages, then massages and sends them to the central storage.\r\n\r\n### Server side \r\n\r\n__[FreeIPA][freeipa]__\r\n> A central identity and policy management solution responsible for\r\n> controlling what is going to be recorded, for which users/groups, and on\r\n> which hosts. Optional.\r\n\r\n__[ElasticSearch][elasticsearch]__\r\n> The central storage for the recordings. Can also serve as the storage of\r\n> logs in general. Can be used for searching and correlation with the help of\r\n> visualization solutions such as [Kibana][kibana].\r\n\r\n__Tlog-play__\r\n> A basic command-line session playback tool. Can be used to test the setup\r\n> and quickly playback sessions from the command line. A part of [tlog][tlog].\r\n> Optional.\r\n\r\n__Web UI__\r\n> A session playback web UI component, which can join the terminal I/O and\r\n> audit data for searching and correlation within specific sessions. To be\r\n> implemented.\r\n\r\nControl and data flow\r\n---------------------\r\n\r\n Servers Network Clients\r\n _____________________ ______________________________\r\n | _________________ | | ___________________ |\r\n | | | | | | | |\r\n | | FreeIPA |====(control)===>| SSSD | |\r\n | |_________________| | | |___________________| |\r\n | /\\ | | || /\\ |\r\n | || | | || || |\r\n | (control) | | (control) (control) |\r\n | ......||....... | | || ........||......... |\r\n | : : | | || : : |\r\n | : Administrator : | | || : Administrator : |\r\n | : : | | || : : |\r\n | ::::::::::::::: | | || '''||'''''''''||''' |\r\n | : : | | || || || |\r\n | : Auditor : | | || || || |\r\n | : : | | || || || |\r\n | ''/\\'''''''/\\'' | | || (control) (control) |\r\n | || || | | || || || |\r\n | (data) (data) | | || || || |\r\n | ___||__ __||___ | | || || || |\r\n | | | | | | | ___\\/_____\\/___ ___\\/___ |\r\n | | Tlog- | | WebUI | | | | | | | |\r\n | | play | | (TBD) | | | | Tlog-rec | | Auditd | |\r\n | |_______| |_______| | | |_______________| |________| |\r\n | /\\ /\\ | | || || |\r\n | || || | | (data) (data) |\r\n | (data) (data) | | || || |\r\n | ___||_______||___ | | ___\\/_____________\\/___ |\r\n | | | | | | | |\r\n | | ElasticSearch |<====(data)=========| Rsyslogd | |\r\n | |_________________| | | |_______________________| |\r\n\t|_____________________| |______________________________|\r\n\r\nStatus and plans\r\n----------------\r\n\r\nAt the moment the base terminal I/O recording and playback is implemented in\r\ntlog, its [packages][tlog_packages] are available on GitHub and in the\r\nupcoming Fedora 24.\r\n\r\nRight now we're working on integrating tlog with SSSD and FreeIPA, making\r\nAuditd stream messages to ElasticSearch and are starting implementing the web\r\nUI playback component.\r\n\r\nContacts\r\n--------\r\n\r\nPlease contact [Nikolai Kondrashov](mailto:spbnick@gmail.com) if you have any\r\nquestions or suggestions.\r\n\r\n[tlog]: http://scribery.github.io/tlog/\r\n[sssd]: https://fedorahosted.org/sssd/\r\n[auditd]: https://people.redhat.com/sgrubb/audit/\r\n[rsyslogd]: http://www.rsyslog.com/\r\n[freeipa]: http://www.freeipa.org/\r\n[elasticsearch]: https://www.elastic.co/products/elasticsearch\r\n[kibana]: https://www.elastic.co/products/kibana\r\n[tlog_packages]: https://github.com/Scribery/tlog/releases\r\n",
"note": "Don't delete this file! It's used internally to help with page regeneration."
}