ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    How to screen record the session

    Scheduled Pinned Locked Moved IT Discussion
    ffmpegssh
    16 Posts 6 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @IRJ
      last edited by

      @IRJ said in How to screen record the session:

      I think what is trying to do is record remote access specifically every time SSH is initiated. Is this what you are looking to do? If so I am really interested in learning a solution as well.

      That's not a good solution for that. It would produce giant files that would take forever for a human to watch. Totally impractical for security. Video recording of SSH sessions is really only good for training purposes.

      For security, you want to record the shell session itself in text. Files are miniscule and can be parsed. And you can't blank them out like you can with SSH. With SSH and video, there are lots of ways to hide what is actually being done.

      IRJI 1 Reply Last reply Reply Quote 2
      • IRJI
        IRJ @scottalanmiller
        last edited by

        @scottalanmiller said in How to screen record the session:

        @IRJ said in How to screen record the session:

        I think what is trying to do is record remote access specifically every time SSH is initiated. Is this what you are looking to do? If so I am really interested in learning a solution as well.

        That's not a good solution for that. It would produce giant files that would take forever for a human to watch. Totally impractical for security. Video recording of SSH sessions is really only good for training purposes.

        For security, you want to record the shell session itself in text. Files are miniscule and can be parsed. And you can't blank them out like you can with SSH. With SSH and video, there are lots of ways to hide what is actually being done.

        So you are thinking pulling the history file of each session is the best solution. Maybe you can share that solution on a new post?

        scottalanmillerS 1 Reply Last reply Reply Quote 0
        • IRJI
          IRJ
          last edited by

          I might make a cleaner guide for this 🐷
          https://unix.stackexchange.com/questions/25639/how-to-automatically-record-all-your-terminal-sessions-with-script-utility

          IRJI 1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @IRJ
            last edited by

            @IRJ said in How to screen record the session:

            @scottalanmiller said in How to screen record the session:

            @IRJ said in How to screen record the session:

            I think what is trying to do is record remote access specifically every time SSH is initiated. Is this what you are looking to do? If so I am really interested in learning a solution as well.

            That's not a good solution for that. It would produce giant files that would take forever for a human to watch. Totally impractical for security. Video recording of SSH sessions is really only good for training purposes.

            For security, you want to record the shell session itself in text. Files are miniscule and can be parsed. And you can't blank them out like you can with SSH. With SSH and video, there are lots of ways to hide what is actually being done.

            So you are thinking pulling the history file of each session is the best solution. Maybe you can share that solution on a new post?

            Not a history, but that idea. When I worked at [redacted] they were crazy anal about this stuff. They did some recording earlier in the process before the history was touched, extremely hard to work around.

            1 Reply Last reply Reply Quote 0
            • IRJI
              IRJ @IRJ
              last edited by

              @IRJ said in How to screen record the session:

              I might make a cleaner guide for this 🐷
              https://unix.stackexchange.com/questions/25639/how-to-automatically-record-all-your-terminal-sessions-with-script-utility

              So I tested this and got it working, but I can just delete the file at the end of my session since it is in my home directory. No privilege elevation even needed.

              scottalanmillerS 1 Reply Last reply Reply Quote 1
              • scottalanmillerS
                scottalanmiller @IRJ
                last edited by

                @IRJ said in How to screen record the session:

                @IRJ said in How to screen record the session:

                I might make a cleaner guide for this 🐷
                https://unix.stackexchange.com/questions/25639/how-to-automatically-record-all-your-terminal-sessions-with-script-utility

                So I tested this and got it working, but I can just delete the file at the end of my session since it is in my home directory. No privilege elevation even needed.

                Yeah, what we had working was something that automatically recorded it somewhere via a dedicated Jump server that was the only access point to the other machines.

                1 Reply Last reply Reply Quote 0
                • IRJI
                  IRJ @black3dynamite
                  last edited by

                  @black3dynamite said in How to screen record the session:

                  Using the script command can make typescript of terminal session.

                  https://www.tecmint.com/record-and-replay-linux-terminal-session-commands-using-script/

                  https://noise.getoto.net/2016/06/14/how-to-record-ssh-sessions-established-through-a-bastion-host/

                  https://unix.stackexchange.com/questions/25639/how-to-automatically-record-all-your-terminal-sessions-with-script-utility#25725

                  User can easily delete though

                  black3dynamiteB 1 Reply Last reply Reply Quote 0
                  • black3dynamiteB
                    black3dynamite @IRJ
                    last edited by

                    @IRJ said in How to screen record the session:

                    @black3dynamite said in How to screen record the session:

                    Using the script command can make typescript of terminal session.

                    https://www.tecmint.com/record-and-replay-linux-terminal-session-commands-using-script/

                    https://noise.getoto.net/2016/06/14/how-to-record-ssh-sessions-established-through-a-bastion-host/

                    https://unix.stackexchange.com/questions/25639/how-to-automatically-record-all-your-terminal-sessions-with-script-utility#25725

                    User can easily delete though

                    What about using something like chattr or SELinux to prevent deletion?
                    https://serverfault.com/questions/448891/how-to-prevent-file-owner-from-changing-deleting-their-own-file-linux-centos

                    IRJI 1 Reply Last reply Reply Quote 0
                    • IRJI
                      IRJ @black3dynamite
                      last edited by

                      @black3dynamite said in How to screen record the session:

                      @IRJ said in How to screen record the session:

                      @black3dynamite said in How to screen record the session:

                      Using the script command can make typescript of terminal session.

                      https://www.tecmint.com/record-and-replay-linux-terminal-session-commands-using-script/

                      https://noise.getoto.net/2016/06/14/how-to-record-ssh-sessions-established-through-a-bastion-host/

                      https://unix.stackexchange.com/questions/25639/how-to-automatically-record-all-your-terminal-sessions-with-script-utility#25725

                      User can easily delete though

                      What about using something like chattr or SELinux to prevent deletion?
                      https://serverfault.com/questions/448891/how-to-prevent-file-owner-from-changing-deleting-their-own-file-linux-centos

                      Do you think using auditd would be better?

                      https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/sec-configuring_pam_for_auditing

                      black3dynamiteB 1 Reply Last reply Reply Quote 1
                      • black3dynamiteB
                        black3dynamite @IRJ
                        last edited by

                        @IRJ said in How to screen record the session:

                        @black3dynamite said in How to screen record the session:

                        @IRJ said in How to screen record the session:

                        @black3dynamite said in How to screen record the session:

                        Using the script command can make typescript of terminal session.

                        https://www.tecmint.com/record-and-replay-linux-terminal-session-commands-using-script/

                        https://noise.getoto.net/2016/06/14/how-to-record-ssh-sessions-established-through-a-bastion-host/

                        https://unix.stackexchange.com/questions/25639/how-to-automatically-record-all-your-terminal-sessions-with-script-utility#25725

                        User can easily delete though

                        What about using something like chattr or SELinux to prevent deletion?
                        https://serverfault.com/questions/448891/how-to-prevent-file-owner-from-changing-deleting-their-own-file-linux-centos

                        Do you think using auditd would be better?

                        https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/sec-configuring_pam_for_auditing

                        Looks a lot less complicating to use.

                        1 Reply Last reply Reply Quote 0
                        • 1 / 1
                        • First post
                          Last post