How to screen record the session
-
@IRJ said in How to screen record the session:
I think what is trying to do is record remote access specifically every time SSH is initiated. Is this what you are looking to do? If so I am really interested in learning a solution as well.
That's not a good solution for that. It would produce giant files that would take forever for a human to watch. Totally impractical for security. Video recording of SSH sessions is really only good for training purposes.
For security, you want to record the shell session itself in text. Files are miniscule and can be parsed. And you can't blank them out like you can with SSH. With SSH and video, there are lots of ways to hide what is actually being done.
-
@scottalanmiller said in How to screen record the session:
@IRJ said in How to screen record the session:
I think what is trying to do is record remote access specifically every time SSH is initiated. Is this what you are looking to do? If so I am really interested in learning a solution as well.
That's not a good solution for that. It would produce giant files that would take forever for a human to watch. Totally impractical for security. Video recording of SSH sessions is really only good for training purposes.
For security, you want to record the shell session itself in text. Files are miniscule and can be parsed. And you can't blank them out like you can with SSH. With SSH and video, there are lots of ways to hide what is actually being done.
So you are thinking pulling the history file of each session is the best solution. Maybe you can share that solution on a new post?
-
I might make a cleaner guide for this
https://unix.stackexchange.com/questions/25639/how-to-automatically-record-all-your-terminal-sessions-with-script-utility -
@IRJ said in How to screen record the session:
@scottalanmiller said in How to screen record the session:
@IRJ said in How to screen record the session:
I think what is trying to do is record remote access specifically every time SSH is initiated. Is this what you are looking to do? If so I am really interested in learning a solution as well.
That's not a good solution for that. It would produce giant files that would take forever for a human to watch. Totally impractical for security. Video recording of SSH sessions is really only good for training purposes.
For security, you want to record the shell session itself in text. Files are miniscule and can be parsed. And you can't blank them out like you can with SSH. With SSH and video, there are lots of ways to hide what is actually being done.
So you are thinking pulling the history file of each session is the best solution. Maybe you can share that solution on a new post?
Not a history, but that idea. When I worked at [redacted] they were crazy anal about this stuff. They did some recording earlier in the process before the history was touched, extremely hard to work around.
-
@IRJ said in How to screen record the session:
I might make a cleaner guide for this
https://unix.stackexchange.com/questions/25639/how-to-automatically-record-all-your-terminal-sessions-with-script-utilitySo I tested this and got it working, but I can just delete the file at the end of my session since it is in my home directory. No privilege elevation even needed.
-
@IRJ said in How to screen record the session:
@IRJ said in How to screen record the session:
I might make a cleaner guide for this
https://unix.stackexchange.com/questions/25639/how-to-automatically-record-all-your-terminal-sessions-with-script-utilitySo I tested this and got it working, but I can just delete the file at the end of my session since it is in my home directory. No privilege elevation even needed.
Yeah, what we had working was something that automatically recorded it somewhere via a dedicated Jump server that was the only access point to the other machines.
-
@black3dynamite said in How to screen record the session:
Using the script command can make typescript of terminal session.
https://www.tecmint.com/record-and-replay-linux-terminal-session-commands-using-script/
https://noise.getoto.net/2016/06/14/how-to-record-ssh-sessions-established-through-a-bastion-host/
User can easily delete though
-
@IRJ said in How to screen record the session:
@black3dynamite said in How to screen record the session:
Using the script command can make typescript of terminal session.
https://www.tecmint.com/record-and-replay-linux-terminal-session-commands-using-script/
https://noise.getoto.net/2016/06/14/how-to-record-ssh-sessions-established-through-a-bastion-host/
User can easily delete though
What about using something like
chattror SELinux to prevent deletion?
https://serverfault.com/questions/448891/how-to-prevent-file-owner-from-changing-deleting-their-own-file-linux-centos -
@black3dynamite said in How to screen record the session:
@IRJ said in How to screen record the session:
@black3dynamite said in How to screen record the session:
Using the script command can make typescript of terminal session.
https://www.tecmint.com/record-and-replay-linux-terminal-session-commands-using-script/
https://noise.getoto.net/2016/06/14/how-to-record-ssh-sessions-established-through-a-bastion-host/
User can easily delete though
What about using something like
chattror SELinux to prevent deletion?
https://serverfault.com/questions/448891/how-to-prevent-file-owner-from-changing-deleting-their-own-file-linux-centosDo you think using
auditdwould be better? -
@IRJ said in How to screen record the session:
@black3dynamite said in How to screen record the session:
@IRJ said in How to screen record the session:
@black3dynamite said in How to screen record the session:
Using the script command can make typescript of terminal session.
https://www.tecmint.com/record-and-replay-linux-terminal-session-commands-using-script/
https://noise.getoto.net/2016/06/14/how-to-record-ssh-sessions-established-through-a-bastion-host/
User can easily delete though
What about using something like
chattror SELinux to prevent deletion?
https://serverfault.com/questions/448891/how-to-prevent-file-owner-from-changing-deleting-their-own-file-linux-centosDo you think using
auditdwould be better?Looks a lot less complicating to use.
