[scponly] Logging User Actions
Kaleb Pederson
kibab at icehouse.net
Fri Nov 10 00:55:46 EST 2006
Thanks for the report. I don't know for sure what the problem might be, but
here are a couple thoughts and comments:
1) Can you provide us with logging information from scponly with debug mode
turned on?
2) Since it's running within the chroot, and the sftp-server that runs as a
subsystem is running as a particular user, you might need to verify that your
logger is setup so that programs within the chroot have access to a logger.
I would guess that this is likely the problem.
Using syslog-ng, you might need to add something like the following
(untested):
source chrootsrc { unix-stream("/home/chroot/dev/log"); internal(); };
destination chrootlog { file("/var/log/chroot.log"); };
log { source(chrootsrc); destination(chrootlog); };
I hope that helps. Please investigate and let us know.
Thanks.
--Kaleb
On Thursday 09 November 2006 5:16 am, Nilocsia at web.de wrote:
> The sftp loggin patch works fine but only with non-scponly-users:
>
> Nov 9 12:37:00 localhost sftp-server[14073]: Starting sftp-server logging
> for user tobias. ...
> Nov 9 12:37:53 localhost sftp-server[14073]: opendir /usr/local/etc
> Nov 9 12:37:56 localhost sftp-server[14073]: open /usr/local/etc/ssh_config
> Nov 9 12:37:56 localhost sftp-server[14073]: reading 1354 bytes from file
> Nov 9 12:37:56 localhost sftp-server[14073]: reading 0 bytes from file
>
> Loggin in with an chroot-account that uses "scponlyc" creates just a
> message like this:
>
> Nov 9 12:48:09 localhost scponly[16683]: running:
> /usr/local/libexec/sftp-server (username: scponly(501), IP/port:
> 192.168.75.1 1704 22)
>
>
> Is there a way to activate sftp-logging for scponlyc-users also?
>
> Thanks in advance.
>
> Tobias
>
> *Von:* Kaleb Pederson <KIBAB at ICEHOUSE.NET>
> *Gesendet:* 19.10.06 17:22:57
> *An:* scponly at lists.ccs.neu.edu
> *Betreff:* Re: [scponly] Logging User Actions
>
>
> If you turn on logging you will get some of that behavior if the user in
> question is using scp. Also, copy of multiple files will not really show up
> correctly because of the way files are transferred.
>
> If the user is using sftp, nothing useful will show up in the logs.
>
> If this is what you would like, the best thing to do would be to use the
> sftp logging patch available at http://sftplogging.sourceforge.net/
>
> I hope that helps.
>
> --Kaleb
>
> On Thursday 19 October 2006 5:00 am, Nilocsia at web.de wrote:
> > Is there an option in scponly (or maybe in OpenSSH) which allows logging
> > of user actions, like deleting or copying of files?
> >
> > Tobias.
>
> Viren-Scan für Ihren PC! Jetzt für jeden. Sofort, online und kostenlos.
> Gleich testen! *http://www.pc-sicherheit.web.de/freescan/?mc=022222*
> [http://www.pc-sicherheit.web.de/freescan/?mc=022222]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : https://lists.ccs.neu.edu/pipermail/scponly/attachments/20061109/9aadbd10/attachment.bin
More information about the scponly
mailing list