Red Hat SummitQuesto contenuto non è disponibile nella lingua selezionata.
Chapter 2. Deploying Session Recording on RHEL web console
This section describes how to deploy the Session Recording solution on the Red Hat Enterprise Linux web console.
To be able to deploy the Session Recording solution you need to have the following packages installed:
-
tlog - SSSD
-
cockpit-session-recording
2.1. Installing tlog
Install the tlog packages.
Procedure
Use the following command:
yum install tlog
# yum install tlogCopy to Clipboard Copied! Toggle word wrap Toggle overflow
2.2. Installing cockpit-session-recording
The basic web console packages are a part of Red Hat Enterprise Linux 8 by default. To be able to use the Session Recording solution, you have to install the cockpit-session-recording packages and start or enable the web console on your system:
Procedure
Install
cockpit-session-recording.yum install cockpit-session-recording
# yum install cockpit-session-recordingCopy to Clipboard Copied! Toggle word wrap Toggle overflow Start or enable the web console on your system:
systemctl start cockpit.socket systemctl enable cockpit.socket
# systemctl start cockpit.socket # systemctl enable cockpit.socketCopy to Clipboard Copied! Toggle word wrap Toggle overflow or
systemctl enable cockpit.socket --now
# systemctl enable cockpit.socket --nowCopy to Clipboard Copied! Toggle word wrap Toggle overflow
2.3. Enabling session recording for users and groups with SSSD from the CLI
If you use SSSD for authentication, you can configure session recording for users and groups from the command line.
Procedure
Open the
sssd-session-recording.confconfiguration file:vi /etc/sssd/conf.d/sssd-session-recording.conf
# vi /etc/sssd/conf.d/sssd-session-recording.confCopy to Clipboard Copied! Toggle word wrap Toggle overflow NoteThe
sssd-session-recording.conffile is created automatically once you have opened the configuration page in the web console interface.To specify the scope of session recording, enter one of the following values for the scope option:
-
noneto record no sessions. -
someto record only specified sessions. -
allto record all sessions.
-
-
Optional: If you set the scope as
someadd the names of users and groups in comma-separated lists. To enable the SSSD profile, run the following command:
authselect select sssd with-files-domain
# authselect select sssd with-files-domainCopy to Clipboard Copied! Toggle word wrap Toggle overflow
Example 2.1. SSSD configuration
In the following example users example1 and example2, and group examples have session recording enabled.
[session_recording] scope = some users = example1, example2 groups = examples
[session_recording]
scope = some
users = example1, example2
groups = examples2.4. Enabling session recording for users and groups with SSSD from the web UI
If you use SSSD for authentication, you can configure session recording for users and groups in the RHEL 8 web console.
Procedure
-
Connect to the RHEL 8 web console locally by entering
localhost:9090or by entering your IP address<IP_ADDRESS>:9090into your browser. Log in to the RHEL 8 web console.
ImportantYour user has to have administrator privileges to be able to view recorded sessions.
- Go to the Session Recording page in the menu on the left.
Click on the gear button in the right top corner.
Set your parameters in the SSSD Configuration table. Separate the lists of users and groups with commas.
Example 2.2. Configuration of recorded users with SSSD
2.5. Enabling session recording for users without SSSD
Red Hat recommends configuring your recorded users using SSSD, either from the command line or directly from the RHEL 8 web console.
Without SSSD, there is no centralized management for policies. Administrators must set the shell for each user on every system individually, which makes it difficult to scale across multiple systems. Group-based configurations or exclusions such as exclude_users and exclude_groups are also not available. Additionally, tools like Cockpit Session Recording are designed to work with SSSD and might not function as expected without it.
To enable session recording without SSSD, change the shell of the user you want to record to
/usr/bin/tlog-rec-session.sudo usermod -s /usr/bin/tlog-rec-session <user_name>
# sudo usermod -s /usr/bin/tlog-rec-session <user_name>Copy to Clipboard Copied! Toggle word wrap Toggle overflow The system uses the configuration in the
tlog-rec-session.conffile to determine the user’s working shell.
2.6. Exporting recorded sessions to a file
You can export your recorded sessions and their logs and copy them.
The following procedure shows how to export recorded sessions on a local system.
Prerequisites
Install the
systemd-journal-remotepackage.yum install systemd-journal-remote
# yum install systemd-journal-remoteCopy to Clipboard Copied! Toggle word wrap Toggle overflow
Procedure
Create a directory to store exported recording sessions, such as `/tmp/dir:
mkdir /tmp/dir
# mkdir /tmp/dirCopy to Clipboard Copied! Toggle word wrap Toggle overflow Run the
journalctl -o exportcommand to export system journal entries related to tlog recordings:journalctl _COMM=tlog-rec _COMM=tlog-rec-sessio -o export | /usr/lib/systemd/systemd-journal-remote -o /tmp/dir/example.journal -
# journalctl _COMM=tlog-rec _COMM=tlog-rec-sessio -o export | /usr/lib/systemd/systemd-journal-remote -o /tmp/dir/example.journal -Copy to Clipboard Copied! Toggle word wrap Toggle overflow NoteThe
COMM=tlog-rec-sessioCOMM name is shortened due to a 15 character limit.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}