Monitoring Remote SSH Sessions

The Linux Client monitors the following actions:

1. User actions (commands input, and responses from the terminal).

2. System calls.

3. Commands being executed in a script that is running.

Linux Clients start recording a new monitoring session each time a remote SSH session is opened.

Furthermore, the maximum duration of one SSH session is 24 hours, as at 00:00 (midnight) all live sessions are terminated. After termination (their status changes from Live to Finished), and new live sessions then start automatically.

A session status changes to Finished whenever the remote SSH terminal is closed or the Linux Client is disconnected from the Application Server. Whenever the Linux Client reconnects to the Application Server, the session status changes from Finished back to Live. Even if the license is unassigned from the Linux Client or the Linux Client process is killed, monitoring of sessions started continues until the remote SSH terminal is closed.

In case any Client ever stops working for any reason, it is restarted automatically by a watchdog mechanism process (EkranAgent).