Learn how to enable SSH session recording in CentOS 8.
CentOS 8 has been released and it includes some really amazing features. One feature that many security admins will greatly appreciate is session recording. With this feature, CentOS will record any/all SSH sessions, which includes all of the user activity that occurs during the session. Once recorded, videos of these sessions can be played back by any admin with a Cockpit login.
What you'll need
To make this work, you'll need the following:
- A running instance of CentOS 8
- A running instance of Cockpit (See: How to enable Cockpit on CentOS 8)
- A user with sudo privileges
How to install necessary packages
Before that first session can be recorded, there are a few packages that must be installed. Open a terminal window and issue the following commands:
sudo dnf install tlog sudo dnf install sssd sudo dnf install cockpit-session-recording sudo dnf install systemd-journal-remote
And that's all there is to the installation. At this point, whenever someone logs into the CentOS 8 server, they will be warned that the session is being recorded (Figure A).
How to view sessions from Cockpit
Fire up a web browser and point it to https://SERVER_IP:9090 (where SERVER_IP is the IP address of your CentOS 8 server). Log in as an admin user and then click on Session Recording in the left navigation.
In the resulting window (Figure B), you'll see all SSH logins since recording was enabled.
If you click on any one of those sessions, you can then click the associated play button to play back their sessions (Figure C).
And that's all there is to it. You can now view recordings of everything SSH users have done once they've logged onto your CentOS 8 server. But don't worry if the video is hard to follow. Below the player the entire log of the session will print out as the video plays. You can even search the log for specific entries and the results will appear in the log window as well as timestamps for the video.
Without a doubt, this is a feature every security admin will want to have on their servers.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Mastermind con man behind Catch Me If You Can talks cybersecurity (TechRepublic download)
- Windows 10 security: A guide for business leaders (TechRepublic Premium)
- CentOS 8 is finally here (TechRepublic)
- How to install CouchDB on CentOS 7 (TechRepublic)
- How to enable and configure Auditd on CentOS 7 (TechRepublic)
- How to install AIDE intrusion detection system on CentOS 7 (TechRepublic)
- Red Hat's CentOS 8 arrives: Here's what you get with it (ZDNet)
- The best password managers of 2019 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)