{"id":22700166,"url":"https://github.com/simp/pupmod-simp-tlog","last_synced_at":"2025-04-13T05:53:06.658Z","repository":{"id":33276757,"uuid":"141340752","full_name":"simp/pupmod-simp-tlog","owner":"simp","description":"A Puppet module for managing tlog","archived":false,"fork":false,"pushed_at":"2024-08-20T19:54:10.000Z","size":154,"stargazers_count":0,"open_issues_count":3,"forks_count":9,"subscribers_count":16,"default_branch":"master","last_synced_at":"2025-03-26T22:36:15.550Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/simp.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-07-17T20:34:31.000Z","updated_at":"2024-07-11T21:08:56.000Z","dependencies_parsed_at":"2024-05-20T21:26:56.950Z","dependency_job_id":"0ae18bbb-e39c-448d-83d0-4ab4710ee8c1","html_url":"https://github.com/simp/pupmod-simp-tlog","commit_stats":{"total_commits":42,"total_committers":8,"mean_commits":5.25,"dds":"0.47619047619047616","last_synced_commit":"5dd4faa40e9e3bda0156bb111c2508258639d5e0"},"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simp%2Fpupmod-simp-tlog","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simp%2Fpupmod-simp-tlog/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simp%2Fpupmod-simp-tlog/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simp%2Fpupmod-simp-tlog/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/simp","download_url":"https://codeload.github.com/simp/pupmod-simp-tlog/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248348030,"owners_count":21088792,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-10T06:10:13.774Z","updated_at":"2025-04-13T05:53:06.636Z","avatar_url":"https://github.com/simp.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![License](https://img.shields.io/:license-apache-blue.svg)](http://www.apache.org/licenses/LICENSE-2.0.html)\n[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/73/badge)](https://bestpractices.coreinfrastructure.org/projects/73)\n[![Puppet Forge](https://img.shields.io/puppetforge/v/simp/tlog.svg)](https://forge.puppetlabs.com/simp/tlog)\n[![Puppet Forge Downloads](https://img.shields.io/puppetforge/dt/simp/tlog.svg)](https://forge.puppetlabs.com/simp/tlog)\n[![Build Status](https://travis-ci.org/simp/pupmod-simp-tlog.svg)](https://travis-ci.org/simp/pupmod-simp-tlog)\n\n#### Table of Contents\n\n## Description\n\nThis module manages the installation and configuration of\n[tlog](http://scribery.github.io/tlog/) for active terminal session recording.\n\nBy default, the logs will be recorded to `journald` with systems running\n`systemd` and `syslog` otherwise.\n\nSee [REFERENCE.md](./REFERENCE.md) for full API details.\n\n### This is a SIMP module\n\nThis module is a component of the [System Integrity Management Platform](https://simp-project.com),\na compliance-management framework built on Puppet.\n\nIf you find any issues, they may be submitted to our\n[bug tracker](https://simp-project.atlassian.net/).\n\n## Usage\n\nYou can simply include the `tlog` class to have the software installed.\n\nTo enable automatic session recording, include the `tlog::rec_session` class.\nYou **MUST** then add all users and/or groups that you want to monitor to the\n`tlog::rec_session::shell_hook_users` Array.\n\nNote: Groups should be prefixed with a percent sign (`%`).\n\nWhen this is enabled, it will automatically hook into login and interactive\nshells based on scripts placed into `/etc/profile.d`.\n\n### Example: Auditing the 'root' user and 'administrators' group\n\n```yaml\n---\ntlog::rec_session::shell_hook_users:\n  - 'root'\n  - '%administrators'\n```\n\nNOTE: If you want to be 100% certain that all sessions are logged, you should\nnot rely on this hook but should, instead, set `/usr/bin/tlog-rec-session` as\nthe user's primary shell. This is not feasible in many situations so these\nhooks have been provided for the 90% case.\n\n## Limitations\n\nThe `tlog` project is still evolving so there may be breaking changes that\noccur in the future. We highly encourage all users to file feature requests and\nbug reports with the [upstream project](https://github.com/Scribery/tlog).\n\n### TLOG does not record all sessions\n\niWhen root is set to use the tlog hook, if a user is logged into a system using\na graphical display such as gnome and attempts to `su` to `root` from more than\none terminal window in the same session, the second `su` will not be recorded.\n\nThis occurs because, in order to prevent looping, if  the session id is the same\nfor both shells, tlog does not start a second recording session. A ticket has been\nentered for this issue.\n\nThe above error does **not** affect `ssh` logins.\n\n\n### tlog-play from file\n\nTo playback tlog from a file, the file must only contain json entries from a\nsingle session. The default SIMP implementation of tlog records all sessions\nwith some additional non-json formatted information in a file, causing playback\nof the raw log file to fail. To generate a usable tlog file for playback, grep\nand awk can be utilized to filter and format entries for a tlog session.\nIdentify the file containing the raw tlog data. Performing a grep for\ntlog-rec-session in the logs directory can help locate log files. After\nidentifying the raw log file, examine the contents of the file to identify the\nrec, a host-unique recording id, for the session to be replayed. The rec can\nthen be used with grep to generate a new file containing only logs from that\nsession in json format:\n\n`grep \u003crec\u003e \u003craw log file\u003e | awk -F\"tlog-rec-session: \" '{print $2}' \u003e /tmp/tlog_for_playback`\n\n## Development\n\nPlease read our [Contribution Guide](https://simp.readthedocs.io/en/stable/contributors_guide/index.html).\n\n### Acceptance tests\n\nThis module includes [Beaker](https://github.com/puppetlabs/beaker) acceptance\ntests using the SIMP [Beaker Helpers](https://github.com/simp/rubygem-simp-beaker-helpers).\nBy default the tests use [Vagrant](https://www.vagrantup.com/) with\n[VirtualBox](https://www.virtualbox.org) as a back-end; Vagrant and VirtualBox\nmust both be installed to run these tests without modification. To execute the\ntests run the following:\n\nNOTE: You will need to make sure that the `nodesets` can install the `tlog`\npackages from a repository (or install them via `beaker`) for the tests to run\nsuccessfully.\n\n```shell\nbundle install\nbundle exec rake beaker:suites\n```\n\nPlease refer to the [SIMP Beaker Helpers documentation](https://github.com/simp/rubygem-simp-beaker-helpers/blob/master/README.md)\nfor more information.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsimp%2Fpupmod-simp-tlog","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsimp%2Fpupmod-simp-tlog","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsimp%2Fpupmod-simp-tlog/lists"}