Record SSH and Telnet Sessions: Auditing Unix and Linux Users

Versionen und Preisgestaltung
ObserveIT Xpress
Kostenlos, ohne zeitliche Begrenzung.
Limitierte Konfiguration und Features
Kostenlos herunterladen
ObserveIT Enterprise
15-tägige Testphase für POC.
Beinhaltet alle Enterprise Features.
Testversion herunterladen
Preisinformationen abrufen
Was ist richtig für Sie?
Vergleichstabelle
Verwandte Links
Unix/Linux Detailed Factsheet

Audit SSH and Telnet sessions - Feature Review

Complete Protocol Coverage

ObserveIT starts recording whenever a user starts a shell login to the system via SSH, Telnet or directly via console.

Capturing Every User Action

ObserveIT captures the data stream to and from the terminal on which the shell login took place.

  • Command line: Each user command line entry is captured.
  • Visual Screen Activity: Everything on the screen is visually recorded, including user input and screen output.
  • System Calls: ObserveIT also captures system calls triggered by each user command. Every file create/delete/open/permission change, process creation and link creation is fully exposed. (ex: If the user runs an alias script named innocentScript that includes system calls to delete files and change user permissions, this info will also be captured.)
  • Resources affected: In addition, captures each file or resource affected by the user command. (ex: If the user types rm *.txt, ObserveIT will show the exact name of each file that was deleted)

Session Audit Lists

You can see the details of all Unix/Linux sessions, sorted and grouped according to user, server or based on any full-text search of the metadata ObserveIT has captured.

In many cases, this report list is already enough information for your auditing and troubleshooting needs.

Video Replay

You can see the full visual replay of the user session by simply clicking the Replay icon.

  • Replay Window: The replay window shows exactly what took place
  • Command Summary List: Quick navigation list showing each command the user typed
  • DVD-like navigation: Navigate quickly through any session, using fast-forward/rewind or by jumping between each user command (similar to DVD chapter)
  • Start replay mid-session: You can launch the replay at the exact location that you need. (ex. If user spent 2 hours in a session, and you see a suspicious command at the 90 minute mark in the Audit List, launch the replay at that exact time.)
Monitoring SSH and Telnet sessions with ObserveIT Click for Larger version

Security and Reliability

Unlike with Unix/Linux utilities that log user actions, users (even root users) are not able to close the Agent in any way. The Agent embeds itself into any shell that is derived from a login process. This mechanism is connected both to the shell and to the auditing process, thus disabling any opportunity of tampering or closing the agent without closing the shell.

The Agent transfers all captured data to the app server securely using advanced encryption algorithms.

Unix/Linux Platform Coverage

  • Solaris 10 U4-U10
  • Linux RHEL / CentOS 5.4, 5.5, 5.6, 5.7, 6; Ubuntu 10.04 LTS
  • IBM AIX, SUSE and openSUSE will be available Q2 2012
  • HP-UX will be available Q3 2012

Next Steps

close