How to record a session on EPM Linux

  • 2 minute(s) read
Prev Next

Requirements

  • To have a user with an identical username on the Segura platform.
  • To have an approved user in EPM Linux.

Record a session

EPM Linux allows users to be video-monitored throughout their sessions, regardless of the binary run.

  1. On Segura, in the navigation bar, hover over the Products menu and select EPM.
  2. In the side menu, select Policies > Linux > Policies.
  3. Click Add to be directed to the Segregation screen, where you can choose the policy.
  4. In the General tab:
    1. Policy name: define an easy-to-identify name.
    2. Enabled: if enabled, the policy will be applied across devices.
    3. Guideline: select Binary run.
  5. In the Application tab:
    1. Enable audit?: the field is required and is enabled by default. Leave it Yes to audit the actions performed.
    2. Enable session recording?: mark Yes to record the sessions of logged binaries. The start of the session is linked to the execution of the binary only after the execution is over.
    3. To add a new application, click Add and fill in the fields:
      1. Application path: enter the full path of the application on the workstation. For example /etc/vim.
      2. Symbolic link: select whether the path indicated is a symbolic link.
    4. To add a new permission, click Add and fill in the fields:
      1. Permission: select the type of permission action, Block or Allow.
      2. Type: select the type of permission, Group or User.
      3. Name: enter a name for the permission.
  6. Click Continue.
  7. Select the Review tab.
  8. Click Save.

View a recorded session

For example, we’ll use the ping command on the server. Here is an example of a session recording with the execution of the ping command:

user@Workstation:~$ ping -c 4 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=53 time=2.12 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=53 time=1.94 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=53 time=2.05 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=53 time=2.20 ms

--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 1.975/2.034/2.102/0.051 ms

Uploading recorded output data...
OK.

Uploading recorded input data...
OK.

The session command is now recorded on Segura.

Access the recorded session

  1. On Segura, in the navigation bar, hover over the Products menu and select EPM.
  2. In the side menu, select PAM Core > Audit > Sessions > Remote Sessions.
  3. Use the available fields to filter the recording.
  4. On the Actions dropdown menu, select the Video of session option.
  5. On the Session video report, click the Generate video for download button.
  6. The message will indicate that the video will be generated. Wait a bit until the button to download is available. When the video is ready to download, you’ll be able to download the session video to your computer.
  7. Alternatively, you can stream the video session by clicking on the Video button.