Hi list,
With Redhat 8 come tlogs for session recording.
It seems a promising tool to comply with PCI DSS requirement 10.2 which
requires Monitoring of all actions taken by any individual with root or
administrative privileges.
Redhat preferred way to configure tlog-rec-session is through sssd.
I have doubt about the interaction between the nss and the session-recording
sections.
The man states :
users (string)
A comma-separated list of users which should have session recording
enabled.
Matches user names as returned by NSS. I.e. after the possible space
replacement, case changes, etc.
Am I right to understand that if the nss filters some users (root for example)
with the filter_users directive, their sessions won't be recorded even if
defined in the session-recording session ?
If yes is there a way to find the discrepancies between the two sections?
Thanks
Philippe
equensWorldline is a registered trade mark and trading name owned by the
Worldline Group through its holding company.
This e-mail and the documents attached are confidential and intended solely for
the addressee. If you receive this e-mail in error, you are not authorized to
copy, disclose, use or retain it. Please notify the sender immediately and
delete this email from your systems. As emails may be intercepted, amended or
lost, they are not secure. EquensWorldline and the Worldline Group therefore
can accept no liability for any errors or their content. Although
equensWorldline and the Worldline Group endeavours to maintain a virus-free
network, we do not warrant that this transmission is virus-free and can accept
no liability for any damages resulting from any virus transmitted. The risks
are deemed to be accepted by everyone who communicates with equensWorldline and
the Worldline Group by email
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
