Difficulty: Beginner
Estimated Time: 10 minutes

Goal:

After completing this scenario, users will be able to enable review recorded sessions in Red Hat Enterprise Linux, and track activity inside SQL Server using SQL Server's auditing feature.

Concepts included in this scenario:

  • Installing software for Terminal Session Recording
  • Enabling and recording terminal sessions
  • List recorded sessions
  • Replay recorded sessions using Web Console
  • Enabling SQL Server auditing
  • Viewing the audit events in the SQL Server audit log file

Example Usecase:

Your compliance officer needs to have session recording across all OS and database activity for high privileged users. The session recording can be used to review all the actions carried out at the OS level, while SQL Server's auditing feature can be used to record database actions.

Author: Don Pinto, Technical Content Manager (Red Hat)

Terminal Session Recording and SQL Server Auditing

Step 1 of 7

Step 1

Installing software

When you start this demo, SQL Server installation will start on the machine.

First, verify that SQL Server is running on the machine.

systemctl status mssql-server.service --no-pager

On the terminal, you should see something like below indicating that the mssql-server.service is running

<< OUTPUT ABRIDGED >>

Active: active (running) since Monday 2019-07-15 19:24:18 EDT; 3h 59min left

<< OUTPUT ABRIDGED >>

Next, install two rpm packages, cockpit-session-recording and tlog for the web console

yum -y install cockpit-session-recording tlog

<< OUTPUT ABRIDGED >>

Installed:
  cockpit-session-recording-1-29.el8.noarch                      tlog-5-1.el8.x86_64

Complete!

The first package, cockpit-session-recording will add an additional feature Web Console which you will be using to enable and configure session recording. The tlog package will provide the tools which will be used to both record and view the recorded terminal sessions.