Show HN: Tailsnitch – A security auditor for Tailscale
A security auditor for Tailscale configurations. Scans your tailnet for misconfigurations, overly permissive access controls, and security best practice violations. - Adversis/tailsnitch
So this is a configuration linter; what I was hoping it might be is something that provides live auditd notices for when a tailscale user connects by SSH to a common "admin" account.
The tailscale daemon definitely knows which user it is making the connection, as it publishes that info into the journal and I've seen people scrape it out of there, but I'd much rather it go through a structured reporting pipeline. AFAICT, tailscale itself provides several things that look like they're this, but aren't quite the right thing, for example https://tailscale.com/kb/1203/audit-logging is about logging changes to the tailnet itself (eg adding nodes), and https://tailscale.com/kb/1246/tailscale-ssh-session-recordin... is recording the ssh sessions rather than simple events for XYZ logged in / XYZ session idle / XYZ disconnected.
(And yes, I know people have opinions about common admin accounts, but tailscale is another route into what FB described as far as everyone accessing the same root account but doing so with their own credentials [good!] rather than a shared key [very bad!]: https://engineering.fb.com/2016/09/12/security/scalable-and-...)
I guess so, yeah, though that sounds like that's a whole separate ecosystem, and positions itself as a direct competitor:
https://goteleport.com/compare/tailscale-alternative/
OTOH, a lot of people who think they need a VPN really just need tunneling and authenticated access, so I can see the pitch for why Teleport's offering is a fit for many users who would otherwise consider tailscale.
thesubtlety