- IMPORTANT
- I've made some changes.
- I need to rewrite the manual (the install section), just use the installation script and read what it tells you to do
What is BlackHole? is difficult to express in a few words It's a solution to trace users who connect to a linux/unix machine with ssh. It was designed for an environment with many servers, its not for domestic use. For example: When you have to grant access to many environments, like Testing, Production, QA, etc.
Basically its a curses ssh client, that can keep trace of the entire ssh session. Is divided into two functionalities:
- User management
- Logging and statistics
- Access Control
- Django
- Paramiko
- MySQLdb
- Urwid
- python-simplejson
- django-qsstats-magic
- python-dateutil
- django_extensions
- libapache2-mod-wsgi (Only if you want to use apache)
Liensed under a BSD-style license.
The main advantage that Blackhole gives you is that you can still use generic users. But without losing track of who is who.
You define a user for the connection and a private key. Then you assign that session configuration to a profile, and then all the users with that profile can login to that host. But you now who is who, and more. You know what he is doing because BlackHole stores all the session activity to a log file.
And have satistics about your users
Also download those session logs
You can have full control of you users, by enable them or disable them. Or enabled them only in a time range, or to a limited group of hosts.
Also they can talk to each other, with it's integrated Chat.
BlackHole must run as the user shell, so the only thing that he can use is BlackHole. I recommend to disable scp and sftp in the BlackHole server.
Install:
apt-get install git build-essential python-dev mysql-server python-pip
If you want to use Mysql and Apache like me, install:apt-get install python-mysqldb libapache2-mod-wsgi
git clone https://github.com/aenima-x/BlackHole.git
cd BlackHole
./install.sh
And follow the steps...
BlackHole also have some extra functionalities, that are disabled by default. You can send a token, to ensure that the user is who he is saying he is.
- You can send it by mail
You can authenticate web users with radius, for this you need to install python-pyrad, if you use this feature I recommend you to also authenticate ssh users with radius.