Open djschny opened 5 months ago
For first stage of exploring what can be done, would suggest that build on existing implementation of frontend/backend for terminals that actually allows multiple browser windows on the same terminal session.
One issue with this existing functionality is that if the viewport sizes for the terminal are different then the second browser window will force a terminal size change on server side for process attached to pty, thus affecting the first browser. It is because of this and to flag first user that something strange is going on, that "HIJACKED" message is shown on first browser terminal window to indicate was taken over.
For purpose of exploring capturing terminal data in better way idea is that could work out how to have a read only viewer using this mechanism where second browser doesn't actually force a resize of process attached to pty, but instead resizes browser window to accomodate the existing terminal size. No terminal resizing would be triggered from second browser and instead scrollbar would show around the frame instead if was made smaller, that or could see if could somehow use proportional scaling of view so maintain original col/rows of terminal.
The idea is that one could add access to this view of terminals to special admin pages in training portal, thus allowing a trainer to view anyones terminals if needed without interfering with the terminal size (as would occur now if admin visits users session dashboard when URL is known), with by default no input accepted from second browser, although could have a toggle to permit entry so trainer could run stuff through users terminal.
This system would make use of existing web socket capability exposed by session dashboard. In adding this proper read only like view, can then see if we can make use of this to pull input/output into a separate monitoring service rather than a browser for capture, later replay, or searches for malicious commands.
Can we bump up the priority of this as it would help workshop abuse scenarios.
cc @billkable
Since is not easy to capture individual commands entered at the terminal, since is stream of messages for individual characters, option have been thinking of is to capture the stream of messages that get sent to front end to render the terminal. These are already being held internal to backend process within a sliding window memory buffer to allow replay to front end when a window is refreshed, so that visual state of terminal can be redrawn. So is just necessary to write them out to a file at the same time and work out a way then to get them out of the container, or stream them live to a remote service. This would allow later offline replay of a session, although right now it doesn't have time stamps so one couldn't replay them in orderly manner and not have a mess when it fires up a visual text editor and wipes out the displayed terminal buffer. Anyway, will give it some more thought.
Is your feature request related to a problem? Please describe.
I will describe the use cases here, some are a problem, some are not.
Describe the solution you'd like
The thought was a few things:
Describe alternatives you've considered
Providing a cronjob or other streaming agent installed in the workshop tries to get at the
.bash_history
or other files and ship them off to somewhere else for processingAdditional information
No response