CentOS 8 has been released and it includes some really amazing features. One feature that many security admins will greatly appreciate is session recording. With this feature, CentOS will record any/all SSH sessions, which includes all of the user activity that occurs during the session. Once recorded, videos of these sessions can be played back by any admin with a Cockpit login.
What you’ll need
To make this work, you’ll need the following:
- A running instance of CentOS 8
- A running instance of Cockpit
- A user with sudo privileges
How to enable Cockpit
In order to enable Cockpit, log onto your CentOS 8 server. From the terminal prompt, issue the command:
sudo systemctl enable --now cockpit.socket
You will be prompted for your sudo password. Once you’ve typed that password, hit Enter and Cockpit is enabled and ready to work.
How to access Cockpit
With Cockpit enabled, open a web browser on a machine that has access to the CentOS 8 server and point it to https://SERVER_IP:9090. You will then be prompted for admin credentials.
How to install necessary packages
Before that first session can be recorded, there are a few packages that must be installed. Open a terminal window and issue the following commands:
sudo dnf install tlog sudo dnf install sssd sudo dnf install cockpit-session-recording sudo dnf install systemd-journal-remote
And that’s all there is to the installation. At this point, whenever someone logs into the CentOS 8 server, they will be warned that the session is being recorded.
How to view sessions from Cockpit
Fire up a web browser and point it to https://SERVER_IP:9090 (where SERVER_IP is the IP address of your CentOS 8 server). Log in as an admin user and then click on Session Recording in the left navigation.
In the resulting window, you’ll see all SSH logins since recording was enabled.
If you click on any one of those sessions, you can then click the associated play button to play back their sessions.
And that’s all there is to it. You can now view recordings of everything SSH users have done once they’ve logged onto your CentOS 8 server. But don’t worry if the video is hard to follow. Below the player the entire log of the session will print out as the video plays. You can even search the log for specific entries and the results will appear in the log window as well as timestamps for the video.
Without a doubt, this is a feature every security admin will want to have on their servers.
We want to hear your thoughts about this. Is there anything in particular that you love about it? What can we do to improve our services and experience? Leave a comment below or open a ticket on our helpdesk and we’ll personally review all suggestions and feedback.
Since it was founded in 2015, Servercheap has always strived to provide its clients with enterprise-level performance at an unbeatable cost. Servercheap offers a wide range of customizable hybrid and virtual private server hosting services. All Servercheap clients enjoy a 99.9% uptime SLA and 24/7 rapid response support team.
At Servercheap, our core directive has always been to provide our clients with the best services and infrastructure possible, whether you’re hosting a game server, a high-intensity database, a development environment, or anything in-between.
For more information, visit https://www.servercheap.net