第 29 章 Configuring a system for session recording by using RHEL system roles

Procedure

1. Create a playbook file, for example, ~/playbook.yml, with the following content:

   ---
   - name: Deploy session recording
     hosts: managed-node-01.example.com
     tasks:
       - name: Enable session recording for specific users
         ansible.builtin.include_role:
           name: redhat.rhel_system_roles.tlog
     vars:
       tlog_scope_sssd: some
       tlog_users_sssd:
         - <recorded_user>

   tlog_scope_sssd: <value>

   The some value specifies you want to record only certain users and groups, not all or none.

   tlog_users_sssd: <list_of_users>

   A YAML list of users you want to record a session from. Note that the role does not add users if they do not exist.

2. Validate the playbook syntax:

   $ ansible-playbook --syntax-check ~/playbook.yml

   Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

3. Run the playbook:

   $ ansible-playbook ~/playbook.yml

Verification

1. Check the SSSD drop-in file’s content:

   # cat /etc/sssd/conf.d/sssd-session-recording.conf

   You can see that the file contains the parameters you set in the playbook.

2. Log in as a user whose session will be recorded, perform some actions, and log out.

3. As the root user:

   1. Display the list of recorded sessions:

      # journalctl _COMM=tlog-rec-sessio
      Nov 12 09:17:30 managed-node-01.example.com -tlog-rec-session[1546]: {"ver":"2.3","host":"managed-node-01.example.com","rec":"07418f2b0f334c1696c10cbe6f6f31a6-60a-e4a2","user":"demo-user",...
      ...

      You require the value of the rec (recording ID) field in the next step.

      Note that the value of the _COMM field is shortened due to a 15 character limit.

   2. Play back a session:

      # tlog-play -r journal -M TLOG_REC=<recording_id>