Skip to content

Instantly share code, notes, and snippets.

@russjones

russjones/run.sh

Last active Feb 11, 2021
Embed
What would you like to do?
A script to demonstrate Teleport Enhanced Session Recording.
#!/bin/bash
set -euo pipefail
RELEASE="teleport-v4.2.3-linux-amd64-bin.tar.gz"
if [[ $EUID -ne 0 ]]; then
echo "--> Please run this script as root or sudo."
exit 1
fi
# Download and install kernel headers and bcc-tools.
echo "--> Updating system and installing kernel headers, bcc-tools, and jq."
if [ -f /etc/redhat-release ];
then
yum -y update
yum -y install kernel-headers bcc-tools jq
else
apt update
apt install -y linux-headers-$(uname -r) bpfcc-tools jq
fi
# Write simple Teleport configuration file to disk.
echo "--> Copying Teleport configuration to /etc/teleport.yaml."
cat <<EOF > /etc/teleport.yaml
teleport:
auth_service:
enabled: yes
cluster_name: "example.com"
authentication:
type: local
second_factor: off
listen_addr: 0.0.0.0:3025
proxy_service:
enabled: yes
listen_addr: 0.0.0.0:3023
tunnel_listen_addr: 0.0.0.0:3024
web_listen_addr: 0.0.0.0:3080
ssh_service:
enabled: yes
listen_addr: 0.0.0.0:3022
enhanced_recording:
enabled: yes
EOF
# Download and extract Teleport to disk,
echo "--> Downloading Teleport release: ${RELEASE}."
curl -LO "https://get.gravitational.com/${RELEASE}"
tar -zxvf ${RELEASE}
# Install Teleport.
echo "--> Installing Teleport, creating systemd unit, and starting service"
./teleport/install
cat <<EOF > /etc/systemd/system/teleport.service
[Unit]
Description=Teleport SSH Server
After=network.target
[Service]
Type=simple
User=root
WorkingDirectory=/usr/local/bin
ExecStart=/usr/local/bin/teleport start -d
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload && systemctl start teleport
sleep 10
# Create a local user called "test-user".
echo "--> Creating user \"test-user\" on cluster."
./teleport/tctl users add test-user root
# Tell the user to copy the signup link and wait to continue.
echo ""
echo "--> Copy the signup link above, replace the hostname with the IP "
echo "--> address of your host, and connect to the host and type"
echo "--> something like curl http://www.gravitational.com into "
echo "--> into the terminal."
read -p "--> Once that's done, press [ENTER] to start viewing cluster logs."
# Tail cluster logs. Use jq to make the output human friendly.
echo "--> Viewing cluster audit log."
tail -f /var/lib/teleport/log/events.log | jq
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment