A script to demonstrate Teleport Enhanced Session Recording.
#!/bin/bash | |
set -euo pipefail | |
RELEASE="teleport-v4.2.3-linux-amd64-bin.tar.gz" | |
if [[ $EUID -ne 0 ]]; then | |
echo "--> Please run this script as root or sudo." | |
exit 1 | |
fi | |
# Download and install kernel headers and bcc-tools. | |
echo "--> Updating system and installing kernel headers, bcc-tools, and jq." | |
if [ -f /etc/redhat-release ]; | |
then | |
yum -y update | |
yum -y install kernel-headers bcc-tools jq | |
else | |
apt update | |
apt install -y linux-headers-$(uname -r) bpfcc-tools jq | |
fi | |
# Write simple Teleport configuration file to disk. | |
echo "--> Copying Teleport configuration to /etc/teleport.yaml." | |
cat <<EOF > /etc/teleport.yaml | |
teleport: | |
auth_service: | |
enabled: yes | |
cluster_name: "example.com" | |
authentication: | |
type: local | |
second_factor: off | |
listen_addr: 0.0.0.0:3025 | |
proxy_service: | |
enabled: yes | |
listen_addr: 0.0.0.0:3023 | |
tunnel_listen_addr: 0.0.0.0:3024 | |
web_listen_addr: 0.0.0.0:3080 | |
ssh_service: | |
enabled: yes | |
listen_addr: 0.0.0.0:3022 | |
enhanced_recording: | |
enabled: yes | |
EOF | |
# Download and extract Teleport to disk, | |
echo "--> Downloading Teleport release: ${RELEASE}." | |
curl -LO "https://get.gravitational.com/${RELEASE}" | |
tar -zxvf ${RELEASE} | |
# Install Teleport. | |
echo "--> Installing Teleport, creating systemd unit, and starting service" | |
./teleport/install | |
cat <<EOF > /etc/systemd/system/teleport.service | |
[Unit] | |
Description=Teleport SSH Server | |
After=network.target | |
[Service] | |
Type=simple | |
User=root | |
WorkingDirectory=/usr/local/bin | |
ExecStart=/usr/local/bin/teleport start -d | |
Restart=on-failure | |
[Install] | |
WantedBy=multi-user.target | |
EOF | |
systemctl daemon-reload && systemctl start teleport | |
sleep 10 | |
# Create a local user called "test-user". | |
echo "--> Creating user \"test-user\" on cluster." | |
./teleport/tctl users add test-user root | |
# Tell the user to copy the signup link and wait to continue. | |
echo "" | |
echo "--> Copy the signup link above, replace the hostname with the IP " | |
echo "--> address of your host, and connect to the host and type" | |
echo "--> something like curl http://www.gravitational.com into " | |
echo "--> into the terminal." | |
read -p "--> Once that's done, press [ENTER] to start viewing cluster logs." | |
# Tail cluster logs. Use jq to make the output human friendly. | |
echo "--> Viewing cluster audit log." | |
tail -f /var/lib/teleport/log/events.log | jq |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment