user session recording in cockpit
play

USER SESSION RECORDING IN COCKPIT Nikolai Kondrashov Software - PowerPoint PPT Presentation

Jun 23, 2023 •161 likes •475 views

USER SESSION RECORDING IN COCKPIT Nikolai Kondrashov Software Engineer 03.02.2018 INTRODUCTION Nikolai spbnick Kondrashov, a software engineer Working at Red Hat Common Logging team Focusing on the User Session Recording project

  1. USER SESSION RECORDING IN COCKPIT Nikolai Kondrashov Software Engineer 03.02.2018

  2. INTRODUCTION Nikolai “spbnick” Kondrashov, a software engineer Working at Red Hat Common Logging team ● Focusing on the User Session Recording project ● Maintaining FreeRADIUS packages ● Founder and maintainer of the DIGImend project ● Flirting with embedded as a hobby ● 2 User Session Recording in Cockpit - Nikolai Kondrashov, Red Hat

  3. WHAT ARE WE TRYING TO DO? User Session Recording Project: Record what users see on and type into a terminal ● Record the commands they execute and files they access ● Control centrally what, where and who is recorded ● Store recordings centrally and securely ● Allow searching, correlation, and playback of recordings ● 3 User Session Recording in Cockpit - Nikolai Kondrashov, Red Hat

  4. WHY ORGANIZATIONS NEED IT? Government, medical, financial, and others: Required by law ● Want to find out who broke the servers and how ● Need to know who stole their data ● Want to trace user problems ● 4 User Session Recording in Cockpit - Nikolai Kondrashov, Red Hat

  5. THERE IS A SUPPLY A great number of commercial offerings: From application-level proxies on dedicated hardware ● To user-space processes on the target system ● Recording keystrokes, display, commands, apps, URLs, etc. ● Integrated with identity management and access control ● With central storage, searching, and playback ● 5 User Session Recording in Cockpit - Nikolai Kondrashov, Red Hat

  6. BUT NO OPEN SOURCE All we have is: script(1) plus duct tape ● popular, but not security-oriented, needs lots of DIY ○ sudo(8) I/O logging ● security-oriented, has searching, but not centralized ○ TTY audit with auditd(8) ● security-oriented, can be centralized, but only for input ○ 6 User Session Recording in Cockpit - Nikolai Kondrashov, Red Hat

  7. OUR APPROACH Use logging infrastructure for delivery ● Centralization solved ○ Easily correlate with other logs ○ Save on resources and maintenance ○ Record terminal I/O from userspace with tlog ● Fast to iterate ○ Easy for users to try ○ Use audit logs for the rest ● Commands executed, files accessed, everything already there ○ 7 User Session Recording in Cockpit - Nikolai Kondrashov, Red Hat

  8. OUR TARGETS Long- and short-term Enterprise-ready long-term ● Storage in Elasticsearch ○ Central control with FreeIPA and SSSD ○ Playback via a Web UI component ○ Embedded in OpenShift, CloudForms, etc. ○ Cockpit short-term ● Storage in Journal ○ Control via SSSD or manual ○ Configuration and playback in Cockpit Web UI ○ 8 User Session Recording in Cockpit - Nikolai Kondrashov, Red Hat

  9. WHAT IS COCKPIT? A server management WebUI with a new twist: “A Linux session in a browser” ● Each login creates an actual user session ○ Not taking over the system ● Jump between the WebUI and the command line any time ○ Can manage multiple hosts in one session ● Releases every other week ● Extensively tested ● 9 User Session Recording in Cockpit - Nikolai Kondrashov, Red Hat

  10. DEMO

  11. DEMO In this demo: A recorded user logs in and works on a terminal ● User’s terminal I/O is recorded to Journal ● Live recording appears and plays back in Cockpit ● 11 User Session Recording in Cockpit - Nikolai Kondrashov, Red Hat

  12. HOW IT WORKS

  13. RECORDING SETUP Recording process starts as the user’s login shell ● Executes the actual shell under a PTY ● Captures everything passing between TTY and PTY ● Cuts it into pieces on time and size limits ● Encodes to JSON and logs ● 13 User Session Recording in Cockpit - Nikolai Kondrashov, Red Hat

  14. JSON SCHEMA For every message { Optimized for streaming and searching: " ver " : "2.2", " host " : "tlog-client.example.com", Stream cut into time- and size-limited ● " rec " : "c8aa248c81264f5d98d1..." pieces, but can be merged back " user " : "user1", " term " : "xterm", Input and output stored separately ● " session " : 23, Timing separate, ms precision ● " id " : 1, Window resizes preserved " pos " : 0, ● " timing " : "=56x22+98>23", All I/O preserved ● " in_txt " : "", Invalid UTF-8 stored separately " in_bin " : [ ], ● " out_txt " : "[user1@tlog-client ~]$ ", " out_bin " : [ ] } 14 User Session Recording in Cockpit - Nikolai Kondrashov, Red Hat

  15. JOURNAL FORMAT Exposes key fields { " ver " : "2.2",_ _AUDIT_SESSION=23 " host " : "tlog-client.example.com", _AUDIT_LOGINUID=1000 " rec " : "c8aa248c81264f5d98d1..." TLOG_REC=c8aa248c81264f5d98d1... " user " : "user1", TLOG_USER=user1 " term " : "xterm", _UID=987 " session " : 23, TLOG_SESSION=23 " id " : 1, TLOG_ID=1 " pos " : 0, _COMM=tlog-rec-sess " timing " : "=56x22+98>23", _EXE=/usr/bin/tlog-rec-session " in_txt " : "", _TRANSPORT=journal " in_bin " : [ ], MESSAGE={"ver":"2.2","host":...} " out_txt " : "[user1@tlog-client ~]$ ", SYSLOG_IDENTIFIER=tlog-rec-session " out_bin " : [ ] ... } 15 User Session Recording in Cockpit - Nikolai Kondrashov, Red Hat

  16. COCKPIT JOURNAL INTERFACE Simple but effective Host side runs journalctl --output=json ● Browser side supplies options and arguments and gets JSON ● Not very efficient, but simple and reliable ● 16 User Session Recording in Cockpit - Nikolai Kondrashov, Red Hat

  17. LISTING RECORDINGS Add a match on the UID of SUID recording process ● E.g. _UID=987 ○ Add a match on recorded username, if filtering ● E.g. TLOG_USER=user1 ○ Add --since and --until , if limiting by time ● Run journalctl --lines=all --follow ● Read all returned entries ● Aggregate IDs of unique recordings and their info ● 17 User Session Recording in Cockpit - Nikolai Kondrashov, Red Hat

  18. PLAYING RECORDINGS Add a match on the UID of the SUID recording process ● E.g. _UID=987 ○ Add a match on recording ID ● E.g. TLOG_REC=c8aa248c81264f5d98d1... ○ Run journalctl --lines=all --follow ● Read and decode all returned entries in background ● Playback as necessary ● 18 User Session Recording in Cockpit - Nikolai Kondrashov, Red Hat

  19. CHALLENGES

  20. GETTING AUDIT LOGS Herding cats We need audit log to get more data about the session ● Session boundaries ○ Commands executed ○ Files accessed ○ Journald logs audit events, but it is ● Unreliable under load (says auditd team) ○ Raw, messy data ○ We made a tool to cook audit logs, called aushape ● Parses, augments, normalizes ○ Logs in JSON or XML ○ 20 User Session Recording in Cockpit - Nikolai Kondrashov, Red Hat

  21. ADDING AUDIT LOGS Befriending cats Make aushape log data as Journal fields ● or... ● Just get on with Journald audit logs ● still... ● Journal doesn’t support partial field matches ● Searching commands/files is inconvenient ○ Searching I/O is impossible ○ 21 User Session Recording in Cockpit - Nikolai Kondrashov, Red Hat

  22. INTEGRATION WITH LOGS PAGE New design Show sessions active at each point in ● time, recorded and otherwise Show a list of all sessions ● Sync log scrolling with playback ● Support full-screen playback ● 22 User Session Recording in Cockpit - Nikolai Kondrashov, Red Hat

  23. INTEGRATION WITH ACCOUNTS PAGE New design Enable/disable recording users by ● changing their shells Enable/disable recording particular ● users/groups via SSSD Only available for accounts ○ managed by SSSD See the list of sessions, recorded and ● otherwise, for each user/group 23 User Session Recording in Cockpit - Nikolai Kondrashov, Red Hat

  24. TERMINAL TYPES Not many types today, but quirks still possible ● Same terminal needed to playback on command line ● Hard to cleanup after playback on command line ● Only a subset is supported by Web UI playback ● Embed a terminal emulator library into recording, long-term ● Ensures single terminal type to deal with ○ Libvterm seems a good fit ○ 24 User Session Recording in Cockpit - Nikolai Kondrashov, Red Hat

  25. CHARACTER ENCODINGS We need UTF-8 to store and search consistently ● Not everyone uses UTF-8 ● Converting charset of I/O might lose data ● We’ll need to keep both original and converted I/O ● Original I/O compressed? ○ Converted I/O sanitized? ○ 25 User Session Recording in Cockpit - Nikolai Kondrashov, Red Hat

  26. PLAYBACK SEEKING Terminal state accumulates, depends on everything before ● Seeking requires a known state to build upon ● At the moment it’s the start state only ● Slow for big recordings ○ Web UI player has access to terminal emulator internals ● Build and use terminal state snapshots — “key frames” ○ If we embed terminal emulator library into recording ● Take and log “key frames” on the fly ○ 26 User Session Recording in Cockpit - Nikolai Kondrashov, Red Hat

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

USER SESSION RECORDING An Open Source solution Fraser Tweedale @hackuador 2017-10-22 ABOUT ME

USER SESSION RECORDING An Open Source solution Fraser Tweedale @hackuador 2017-10-22 ABOUT ME

USER SESSION RECORDING An Open Source solution Fraser Tweedale @hackuador 2017-10-22 ABOUT ME Working at Red Hat Platform Engineering (Security) FreeIPA and Dogtag Certificate System 2 User Session Recording: An Open Source

618 views • 45 slides
Squawk: Something loose in cockpit. Reply: Something tightened in cockpit.

Squawk: Something loose in cockpit. Reply: Something tightened in cockpit.

Squawk: Something loose in cockpit. Reply: Something tightened in cockpit. Number three engine Squawk: missing. Reply: Number three engine found on right wing after brief search. Squawk: IFF inoperative.

640 views • 34 slides
Pediatric Therapy User Group May 22, 2020 Kathryn Rigda, PT Todays Webinar Presenters:

Pediatric Therapy User Group May 22, 2020 Kathryn Rigda, PT Todays Webinar Presenters:

Pediatric Therapy User Group May 22, 2020 Kathryn Rigda, PT Todays Webinar Presenters: Kathryn Rigda, PT, Lorraine Welty A recording of this session will be available on the User Group website The recording, slide deck & all referenced

534 views • 34 slides
On The Security of Mobile Cockpit Information Systems Lundberg, Farinholt, Sullivan, Mast,

On The Security of Mobile Cockpit Information Systems Lundberg, Farinholt, Sullivan, Mast,

On The Security of Mobile Cockpit Information Systems Lundberg, Farinholt, Sullivan, Mast, Checkoway, Savage, Snoeren, and Levchenko Presented by Kyo Kim Small Aircraft Pilots use tablets (or similar devices) in the cockpit to view weather

364 views • 21 slides
Session Goals Session Goals 1. Learn value of designing for the user 2. Become familiar with

Session Goals Session Goals 1. Learn value of designing for the user 2. Become familiar with

Desig Designin ing with with the User in the User in Mind / Mind / Session Session 1 1 Dani Dani Rick Ricker ert, Senior Business Analyst, Utah Dept of Human Services Mik Mike K Kenne nney, Executive Director, Kinnect Ohio Sean Pear

337 views • 6 slides
Totaltime Time Recording www.ClockingSystems.co.uk Totaltime Time Recording Components

Totaltime Time Recording www.ClockingSystems.co.uk Totaltime Time Recording Components

Totaltime Time Recording www.ClockingSystems.co.uk Totaltime Time Recording Components Time recording terminal Totaltime mobile Wall mount for Totaltime mobile User cards M16 Transport card M256 PC smart card

997 views • 65 slides
P A C E Awareness Session- Childrens Origin NIPEC Recording Care Project SINCE 2009..

P A C E Awareness Session- Childrens Origin NIPEC Recording Care Project SINCE 2009..

Care Planning P A C E Awareness Session- Childrens Origin NIPEC Recording Care Project SINCE 2009.. Improve the standards of nurse record keeping practice in the region Recording Care ...... Whats the point? Why Keep Records I

669 views • 36 slides
P A C E Awareness Session Origin NIPEC Recording Care Project SINCE 2009.. Improve the

P A C E Awareness Session Origin NIPEC Recording Care Project SINCE 2009.. Improve the

Care Planning P A C E Awareness Session Origin NIPEC Recording Care Project SINCE 2009.. Improve the standards of nurse record keeping practice in the region Recording Care ...... Whats the point? Why Keep Records I I Int

527 views • 36 slides
Session 20 Session 20 Tool Time Tuesday Tool Time Tuesday Textbooks; Recording Classes; Zoom

Session 20 Session 20 Tool Time Tuesday Tool Time Tuesday Textbooks; Recording Classes; Zoom

Session 20 Session 20 Tool Time Tuesday Tool Time Tuesday Textbooks; Recording Classes; Zoom Registration Textbooks; Recording Classes; Zoom Registration Hello! Hello! Laurissa Gann, MSLS, AHIP Lesli Moore, MLS Research Medical Library

321 views • 21 slides
A recording of this webinar and all slides used in this session will be sent out to all registered

A recording of this webinar and all slides used in this session will be sent out to all registered

A recording of this webinar and all slides used in this session will be sent out to all registered participants If you do not receive an email within 5 business days, please contact our Events team at rsvp@pitcher.com.au 1 Pitcher Partners is

518 views • 27 slides
This presentation, the Reopening Guide and a recording of this session will be available at:

This presentation, the Reopening Guide and a recording of this session will be available at:

This presentation, the Reopening Guide and a recording of this session will be available at: www.jcrcny.org/reopening Michael el S Snow Director of Jewish Affairs Governor Andrew Cuomo Nad adine e Ko Kochavi Director of Synagogue

773 views • 28 slides
Meet the Progressive Web App Module See Also Session recording Understanding Progressive Web

Meet the Progressive Web App Module See Also Session recording Understanding Progressive Web

Christoph Weber - Director of Technical Services Alex Borsody - Developer Meet the Progressive Web App Module See Also Session recording Understanding Progressive Web Apps and Why You Should Care By Mark Shropshire Friday, 4:00pm - 4:50pm

895 views • 24 slides
Solution Recording and Playback: Vortex Shedding This tutorial demonstrates how to use the

Solution Recording and Playback: Vortex Shedding This tutorial demonstrates how to use the

STAR-CCM+ User Guide 6663 Solution Recording and Playback: Vortex Shedding This tutorial demonstrates how to use the solution recording and playback module for capturing the results of transient phenomena. The particular scenario being modeled

377 views • 27 slides
A Prospective Analysis of In a nutshell Analog Audio Recording with To access an analog

A Prospective Analysis of In a nutshell Analog Audio Recording with To access an analog

A Prospective Analysis of In a nutshell Analog Audio Recording with To access an analog synthesizer online, for high-quality recording Web Servers With batched access, it optimizes user and system time Lucas Zawacki A prototype

263 views • 4 slides
SOUTHERNAIRAVIATION FLY-BY-VOICE TM INTO NEXTGEN CENTURY Voice Activated Cockpit

SOUTHERNAIRAVIATION FLY-BY-VOICE TM INTO NEXTGEN CENTURY Voice Activated Cockpit

SOUTHERNAIRAVIATION FLY-BY-VOICE TM INTO NEXTGEN CENTURY Voice Activated Cockpit Management Systems Diane Serban, Ph.D., SAA Inc. Vincent Houston, NASA Langley Research Center SAA Provides Off-Line VOICE RECOGNITION Solutions to

501 views • 11 slides
SA SAVE CO VE COCKPIT CKPIT CO COUNTR UNTRY Y [2 [2.0] .0] Jamaica ca Civil l Soci

SA SAVE CO VE COCKPIT CKPIT CO COUNTR UNTRY Y [2 [2.0] .0] Jamaica ca Civil l Soci

SA SAVE CO VE COCKPIT CKPIT CO COUNTR UNTRY Y [2 [2.0] .0] Jamaica ca Civil l Soci ciety ty Foru rum m (JCSF SF) ) & Caribbea bbean n Vul ulne nerabl rable e Comm mmuni niti ties es Coalition lition Lun unch.L

349 views • 24 slides
Scrutiny Meeting 26 th July 2018 Discussion around Trusts and Mutuals Culture team Slide 1

Scrutiny Meeting 26 th July 2018 Discussion around Trusts and Mutuals Culture team Slide 1

Scrutiny Meeting 26 th July 2018 Discussion around Trusts and Mutuals Culture team Slide 1 Background Over the past 10 years many different service and teams which were once part of a local authority have been spun out into some form of

344 views • 8 slides
Allocation via Deferred-Acceptance under Responsive Priorities (with Lars Ehlers) Bettina Klaus

Allocation via Deferred-Acceptance under Responsive Priorities (with Lars Ehlers) Bettina Klaus

Allocation via Deferred-Acceptance under Responsive Priorities (with Lars Ehlers) Bettina Klaus Universit de Lausanne Dsseldorf, COMSOC: 15.09.2010 B. Klaus (HEC Lausanne) Allocation via Deferred-Acceptance COMSOC, September 2010 1 / 18

1.36k views • 88 slides
Understanding Team Dynamics Session starts at 10am HELLO! I am Karen Maher I am an experienced

Understanding Team Dynamics Session starts at 10am HELLO! I am Karen Maher I am an experienced

Understanding Team Dynamics Session starts at 10am HELLO! I am Karen Maher I am an experienced HR consultant and workforce development specialist originally from the North East of England. I specialise in coaching, mentoring, mediation and

397 views • 35 slides
Regulatory implementation roadmap update Stakeholder Forum 10 August 2020 1 Agenda 1.

Regulatory implementation roadmap update Stakeholder Forum 10 August 2020 1 Agenda 1.

Regulatory implementation roadmap update Stakeholder Forum 10 August 2020 1 Agenda 1. Welcome and background 2. Objectives of this forum 3. Updates / changes since regulatory roadmap published AEMC final determinations Other updates

548 views • 17 slides
Reflections on a semester of remote delivery at the Jinan University - University of Birmingham

Reflections on a semester of remote delivery at the Jinan University - University of Birmingham

Reflections on a semester of remote delivery at the Jinan University - University of Birmingham Joint Institute (J-BJI) John Christopher Meyer University of Birmingham (UoB) & J-BJI June 3, 2020 John Christopher Meyer Reflections on a

253 views • 7 slides
A Hybrid Monte Carlo Local Branching Algorithm for the Single Vehicle Routing Problem with

A Hybrid Monte Carlo Local Branching Algorithm for the Single Vehicle Routing Problem with

A Hybrid Monte Carlo Local Branching Algorithm for the Single Vehicle Routing Problem with Stochastic Demands Michel GENDREAU Interuniversity Research Centre on Enterprise Networks, Logistics and Transportation (CIRRELT) Dpartement

653 views • 26 slides
Strong Convexity for Risk-Averse Two-Stage Models with Linear Recourse Matthias Claus 1 , Kai

Strong Convexity for Risk-Averse Two-Stage Models with Linear Recourse Matthias Claus 1 , Kai

Scope Main results Applications Strong Convexity for Risk-Averse Two-Stage Models with Linear Recourse Matthias Claus 1 , Kai Spurkel 1 1 University of Duisburg-Essen, Germany CMS / MMEI March 27-29, 2019, Chemnitz, Germany Scope Main

371 views • 26 slides
Trapping and Tracking Hackers: Trapping and Tracking Hackers: Trapping and Tracking Hackers:

Trapping and Tracking Hackers: Trapping and Tracking Hackers: Trapping and Tracking Hackers:

Trapping and Tracking Hackers: Trapping and Tracking Hackers: Trapping and Tracking Hackers: Collective Security for Collective Security for Collective Security for Survival in the Internet Age Survival in the Internet Age Survival in the

410 views • 15 slides

More recommend