On Tue, Oct 22, 2019 at 12:51:27PM +0000, MAUPERTUIS, PHILIPPE wrote:
Hi list, With Redhat 8 come tlogs for session recording. It seems a promising tool to comply with PCI DSS requirement 10.2 which requires Monitoring of all actions taken by any individual with root or administrative privileges. Redhat preferred way to configure tlog-rec-session is through sssd. I have doubt about the interaction between the nss and the session-recording sections. The man states : users (string) A comma-separated list of users which should have session recording enabled. Matches user names as returned by NSS. I.e. after the possible space replacement, case changes, etc.
Am I right to understand that if the nss filters some users (root for example) with the filter_users directive, their sessions won't be recorded even if defined in the session-recording session ?
Yes, that's my understanding, too.
If yes is there a way to find the discrepancies between the two sections?
getent passwd -s sss $username, check if their shell is tlog-rec?
btw I guess you could just use chsh to change the user's shell to tlog-rec..