Handle running under an X session in tlog-rec

[spbnick]

Tlog-rec shouldn't record when running under an X session - other software should be used to record the whole graphical session instead, not just terminals. Add a way to detect such invocations and simply exec the shell after dropping back to the original user.

[kees-closed]

This is indeed an easy way to create an out of band session, start an SSH connection with X-Forwarding enabled and start xterm. Of course you can disallow X-Forwarding. But in our environment it's needed for visualizations. But I could investigate to create a separate group for that and configure a certain match condition in sshd to disallow anyone with sudo rights to start a session with X-Forwarding. And then those who really do need it, use a different account.

Someone could also rsync a script from their laptop onto the tlog monitored environment. Run the script, which will hide all input and output commands and then simply secure erase the script and you'll again be doing things undetected by tlog.