On Tue, Oct 22, 2019 at 12:51:27PM +0000, MAUPERTUIS, PHILIPPE wrote:
With Redhat 8 come tlogs for session recording.
It seems a promising tool to comply with PCI DSS requirement 10.2 which requires
Monitoring of all actions taken by any individual with root or administrative privileges.
Redhat preferred way to configure tlog-rec-session is through sssd.
I have doubt about the interaction between the nss and the session-recording sections.
The man states :
A comma-separated list of users which should have session recording enabled.
Matches user names as returned by NSS. I.e. after the possible space
replacement, case changes, etc.
Am I right to understand that if the nss filters some users (root for example) with the
filter_users directive, their sessions won't be recorded even if defined in the
session-recording session ?
Yes, that's my understanding, too.
If yes is there a way to find the discrepancies between the two
getent passwd -s sss $username, check if their shell is tlog-rec?
btw I guess you could just use chsh to change the user's shell to