tlog-rec-session - Man Page

tlog-rec-session [OPTION...] [CMD_FILE [CMD_ARG...]]
tlog-rec-session -c [OPTION...] CMD_STRING [CMD_NAME [CMD_ARG...]]

Tlog-rec-session is a terminal session I/O logging program, intended for use as the login shell for a user. The actual user shell to start is retrieved from configuration or environment. Tlog-rec-session starts the actual shell under a pseudo-TTY, connects it to the actual terminal and logs whatever passes between them including user input, program output, and terminal window size changes.

Tlog-rec-session will not start recording if another process with the same audit session ID (as seen in /proc/PID/sessionid) is already being recorded. Instead, it will simply start the shell.

If no "-c" option is specified, then the first non-option argument CMD_FILE specifies the location of a shell script the shell should read and the following arguments (CMD_ARG) specify its arguments.

If the "-c" option is specified, then a non-option argument CMD_STRING is required and should contain shell commands to execute, the following arguments can specify first the script name (CMD_NAME, i.e. argv[0]) and then its arguments (CMD_ARG).

If no non-option arguments are encountered, or the "-i" option is specified then the shell is started interactively.

If tlog-rec-session is invoked under a name beginning with a dash (i.e. argv[0] beginning with '-'), then the executed shell name is also prepended with a dash. This passes the "login shell" status to the recorded shell and is equivalent to using the "-l" option.

If tlog-rec-session is invoked under a name containing "-shell-", then the rest of the name after that string is considered an encoded absolute path to the shell to execute for the recorded session. The path is expected to be encoded by replacing all forward slashes '/' with dashes '-' and any characters to be preserved as is prepended with a backslash '\'. E.g. to have tlog-rec-session execute /bin/dash as the shell, invoke it with the name "tlog-rec-session-shell-bin-dash".

This is normally done by making a symlink with that name pointing to tlog-rec-session, and then executing the link. Such links can be assigned to users as their shells to have specific shells started under recording for specific users.

Tlog-rec-session loads its parameters first from the system-wide configuration file /etc/tlog/tlog-rec-session.conf, then from the file pointed at by TLOG_REC_SESSION_CONF_FILE environment variable (if set), then from the contents of the TLOG_REC_SESSION_CONF_TEXT environment variable (if set), and then from command-line options. Parameters from each of these sources override the previous one in turn.

TLOG_REC_SESSION_CONF_FILE

Specifies the location of a configuration file to be read. The configuration parameters in this file override the ones in the system-wide configuration file /etc/tlog/tlog-rec-session.conf.

TLOG_REC_SESSION_CONF_TEXT

Specifies the configuration text to be read. The configuration parameters in this variable override the ones in the file specified with TLOG_REC_SESSION_CONF_FILE.

TLOG_REC_SESSION_SHELL

Specifies the shell to spawn. Overrides configuration specified with TLOG_REC_SESSION_CONF_TEXT. Can be overridden by invoking tlog-rec-session under a special name (see above).

/etc/tlog/tlog-rec-session.conf

The system-wide configuration file

Start recording a login shell:

tlog-rec-session -l

Ask the recorded shell to execute a command:

tlog-rec-session -c whoami

tlog-rec-session.conf(5), tlog-rec(8), tlog-play(8)

Nikolai Kondrashov <spbnick@gmail.com>

sssd.conf(5), sssd-session-recording(5), tlog-rec(8), tlog-rec-session.conf(5).