tlog-rec-session - start a shell and log terminal I/O
tlog-rec-session [OPTION...] [CMD_FILE [CMD_ARG...]]
tlog-rec-session -c [OPTION...] CMD_STRING [CMD_NAME [CMD_ARG...]]
Tlog-rec-session is a terminal session I/O logging program, intended for
use as the login shell for a user. The actual user shell to start is retrieved
from configuration or environment. Tlog-rec-session starts the actual shell
under a pseudo-TTY, connects it to the actual terminal and logs whatever
passes between them including user input, program output, and terminal window
size changes.
Tlog-rec-session will not start recording if another process with the same audit
session ID (as seen in /proc/PID/sessionid) is already being recorded.
Instead, it will simply start the shell.
If no "-c" option is specified, then the first non-option argument
CMD_FILE specifies the location of a shell script the shell should read and
the following arguments (CMD_ARG) specify its arguments.
If the "-c" option is specified, then a non-option argument CMD_STRING
is required and should contain shell commands to execute, the following
arguments can specify first the script name (CMD_NAME, i.e. argv[0]) and then
its arguments (CMD_ARG).
If no non-option arguments are encountered, or the "-i" option is
specified then the shell is started interactively.
If tlog-rec-session is invoked under a name beginning with a dash (i.e. argv[0]
beginning with '-'), then the executed shell name is also prepended with a
dash. This passes the "login shell" status to the recorded shell and
is equivalent to using the "-l" option.
If tlog-rec-session is invoked under a name containing "-shell-", then
the rest of the name after that string is considered an encoded absolute path
to the shell to execute for the recorded session. The path is expected to be
encoded by replacing all forward slashes '/' with dashes '-' and any
characters to be preserved as is prepended with a backslash '\'. E.g. to have
tlog-rec-session execute /bin/dash as the shell, invoke it with the name
"tlog-rec-session-shell-bin-dash".
This is normally done by making a symlink with that name pointing to
tlog-rec-session, and then executing the link. Such links can be assigned to
users as their shells to have specific shells started under recording for
specific users.
Tlog-rec-session loads its parameters first from the system-wide
configuration file /etc/tlog/tlog-rec-session.conf, then from the file pointed
at by TLOG_REC_SESSION_CONF_FILE environment variable (if set), then from the
contents of the TLOG_REC_SESSION_CONF_TEXT environment variable (if set), and
then from command-line options. Parameters from each of these sources override
the previous one in turn.
- -h, --help
- Output a command-line usage message and exit.
- -v, --version
- Output version information and exit.
- --configuration
- Output program configuration in JSON and exit.
- -l, --login
- Make the shell a login shell.
If specified, the shell is signalled to act as a login shell. This is done
by prepending argv[0] of the shell with a dash character.
- -i, --interactive
- Make the shell an interactive shell.
If specified, tlog-rec-session passes the -i option to the shell.
- -c, --command
- Execute shell commands.
If specified, tlog-rec-session passes the -c option to the shell, followed
by all the positional arguments, which specify the shell commands to
execute along with command name and its arguments.
- TLOG_REC_SESSION_CONF_FILE
- Specifies the location of a configuration file to be read.
The configuration parameters in this file override the ones in the
system-wide configuration file /etc/tlog/tlog-rec-session.conf.
- TLOG_REC_SESSION_CONF_TEXT
- Specifies the configuration text to be read. The
configuration parameters in this variable override the ones in the file
specified with TLOG_REC_SESSION_CONF_FILE.
- TLOG_REC_SESSION_SHELL
- Specifies the shell to spawn. Overrides configuration
specified with TLOG_REC_SESSION_CONF_TEXT. Can be overridden by invoking
tlog-rec-session under a special name (see above).
- /etc/tlog/tlog-rec-session.conf
- The system-wide configuration file
- Start recording a login shell:
-
tlog-rec-session -l
- Ask the recorded shell to execute a command:
-
tlog-rec-session -c whoami
tlog-rec-session.conf(5),
tlog-rec(8),
tlog-play(8)
Nikolai Kondrashov <
[email protected]>