Opened 8 years ago
Last modified 8 years ago
#883 new enhancement
Devise automatic tty I/O auditing setup & policy
| Reported by: | Sander Maijers | Owned by: | Sander Maijers |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | System administration | Version: | |
| Keywords: | all_hosts | Cc: | Willem Elbers, Dieter Van Uytvanck |
Description
We need to be able to audit everything admins type in and get out of the tty whenever they deem their activity critical (e.g., during OS package upgrades). This will allow us to better debug issues and save time by not having to copy-paste lots of text and maintain a maintenance log manually on the Trac. In general, automation here would be at least as and likely more complete and accurate than manual copy-pasting of tty snippets (e.g. related to yum commands).
Systemd-enabled hosts can use systemd-cat with tmux's pipe-pane to create a key binding that enables/disables logging to the system log of all input and output in the current tty. I have found that this works very well in practice, and even allows one to restore terminal character colors.
This ticket is related to our effort to create a centralized logging infra. Centralized logging would allow us to audit tty I/O remotely, e.g. when the host under audit cannot be reached anymore via SSH (e.g., after a major security compromise).
