周五
25
十一 '11
上次测试了一家商用的堡垒机器后,印象特别深刻,发现堡垒机器做行为审计真的是做的极致了,但是价格好贵啊,刚好碰上公司开源节流的时候,项目就给XX掉了!后来很是心痛,这样的事情是否有开源的呢?后来我组的一位同事花了不少时间在研究这个东西,他偶尔发现了一个特别好用的可以替代堡垒机方案的开源软件:TILT (Terminal Interaction Logging Tool),其官方网站是http://sourceforge.net/projects/tilt/reviews/下边就来讲讲安装和部署:
1.下载源码:
wget http://down.hiphp.com/ports/tilt/tilt-0.1.1.gz
2.修改源码:
#ifdef TELNET #define EXE "/usr/bin/telnet_bak" #define CHILDNAME "TELNET" #endif #ifdef SSH #define EXE "/usr/bin/ssh_bak" #define CHILDNAME "SSH" #endif #ifdef BASH #define EXE "/bin/bash_bak" #define CHILDNAME "BASH" #endif #ifndef DEBUG #define LOGPATH "/var/log/tilt" #else #define LOGPATH "." #endif
3.安装:
tar -zxvf tilt-0.1.1.gz cd tilt-0.1.1 ./configure --prefix=/usr/local/tilt-0.1.1 make make install
4.命令使用:
# ./dumplog -h
Usage: ./dumplog [OPTION]... [FILE]...
Dump logs generated by TILT in a human readable form
-s Print in real time equivalent to -m1
-m NUM Print NUM times faster than real time
-h Print with human readable time stamps at the beginning of
each new line this overrides -t
-t Print time stamps as seconds since 1970-01-01 00:00:00 UTC
at the beginning of each new line
-r attempt to resize the terminal to the recorded size
-S, --start start dump at time offset
-E, --end end dump at time offset
-e, --grep only print lines that match the regexp
-i, ignore case in regexp
-p, attempt to remove backspaces from each line in regexp match
-c, attempt to remove backspaces from each line and cisco line wraps in regexp match
-H, print each match with filename
-?, --help display this help and exit
Start discussion »
Leave a Reply