SSSD−SESSION−RECOR - Online Linux Manual PageSection : 5
Updated : 01/26/2023
Source : SSSD
Note : File Formats and Conventions

NAMEsssd-session-recording − Configuring session recording with SSSD

DESCRIPTIONThis manual page describes how to configure sssd(8) to work with tlog-rec-session(8), a part of tlog package, to implement user session recording on text terminals​. For a detailed configuration syntax reference, refer to the FILE FORMAT section of the sssd.conf(5) manual page​. SSSD can be set up to enable recording of everything specific users see or type during their sessions on text terminals​. E​.g​. when users log in on the console, or via SSH​. SSSD itself doesn't record anything, but makes sure tlog−rec−session is started upon user login, so it can record according to its configuration​. For users with session recording enabled, SSSD replaces the user shell with tlog−rec−session in NSS responses, and adds a variable specifying the original shell to the user environment, upon PAM session setup​. This way tlog−rec−session can be started in place of the user shell, and know which actual shell to start, once it set up the recording​.

CONFIGURATION OPTIONSThese options can be used to configure the session recording​. scope (string) One of the following strings specifying the scope of session recording: "none" No users are recorded​. "some" Users/groups specified by users and groups options are recorded​. "all" All users are recorded​. Default: "none" users (string) A comma−separated list of users which should have session recording enabled​. Matches user names as returned by NSS​. I​.e​. after the possible space replacement, case changes, etc​. Default: Empty​. Matches no users​. groups (string) A comma−separated list of groups, members of which should have session recording enabled​. Matches group names as returned by NSS​. I​.e​. after the possible space replacement, case changes, etc​. NOTE: using this option (having it set to anything) has a considerable performance cost, because each uncached request for a user requires retrieving and matching the groups the user is member of​. Default: Empty​. Matches no groups​. exclude_users (string) A comma−separated list of users to be excluded from recording, only applicable with 'scope=all'​. Default: Empty​. No users excluded​. exclude_groups (string) A comma−separated list of groups, members of which should be excluded from recording​. Only applicable with 'scope=all'​. NOTE: using this option (having it set to anything) has a considerable performance cost, because each uncached request for a user requires retrieving and matching the groups the user is member of​. Default: Empty​. No groups excluded​.

EXAMPLEThe following snippet of sssd​.conf enables session recording for users "contractor1" and "contractor2", and group "students"​. [session_recording] scope = some users = contractor1, contractor2 groups = students

SEE ALSOsssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd-sudo(5), sssd-session-recording(5), sss_cache(8), sss_debuglevel(8), sss_obfuscate(8), sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8), sssd-ifp(5), pam_sss(8)​. sss_rpcidmapd(5) sssd-systemtap(5)

AUTHORSThe SSSD upstream − https://github​.com/SSSD/sssd/
0
Johanes Gumabo
Data Size   :   13,342 byte
man-sssd-session-recording.5Build   :   2024-12-05, 20:55   :  
Visitor Screen   :   x
Visitor Counter ( page / site )   :   2 / 228,305
Visitor ID   :     :  
Visitor IP   :   3.145.65.133   :  
Visitor Provider   :   AMAZON-02   :  
Provider Position ( lat x lon )   :   39.962500 x -83.006100   :   x
Provider Accuracy Radius ( km )   :   1000   :  
Provider City   :   Columbus   :  
Provider Province   :   Ohio ,   :   ,
Provider Country   :   United States   :  
Provider Continent   :   North America   :  
Visitor Recorder   :   Version   :  
Visitor Recorder   :   Library   :  
Online Linux Manual Page   :   Version   :   Online Linux Manual Page - Fedora.40 - march=x86-64 - mtune=generic - 24.12.05
Online Linux Manual Page   :   Library   :   lib_c - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Online Linux Manual Page   :   Library   :   lib_m - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Data Base   :   Version   :   Online Linux Manual Page Database - 24.04.13 - march=x86-64 - mtune=generic - fedora-38
Data Base   :   Library   :   lib_c - 23.02.07 - march=x86-64 - mtune=generic - fedora.36

Very long time ago, I have the best tutor, Wenzel Svojanovsky . If someone knows the email address of Wenzel Svojanovsky , please send an email to johanes_gumabo@yahoo.co.id .
If error, please print screen and send to johanes_gumabo@yahoo.co.id
Under development. Support me via PayPal.