[scponly] Logging User Actions

Ralf Durkee rd at rd1.net
Fri Nov 10 10:58:16 EST 2006 

Keep in mind that the logging patch modifies the sftp-server executable, 
so you need to make sure you have the patched version of sftp-server in 
the chrooted area.  Also you will need the appropriate logging device 
such as /dev/log created in the chrooted area.  There may be additional 
dynamic libraries needed as well.

-- Ralf Durkee, CISSP, GSEC, GCIH, GSNA
Principal Security Consultant
http://rd1.net



Nilocsia at web.de wrote:
>
> The sftp loggin patch works fine but only with non-scponly-users:
>
> Nov  9 12:37:00 localhost sftp-server[14073]: Starting sftp-server 
> logging for user tobias.
> ...
> Nov  9 12:37:53 localhost sftp-server[14073]: opendir /usr/local/etc
> Nov  9 12:37:56 localhost sftp-server[14073]: open 
> /usr/local/etc/ssh_config
> Nov  9 12:37:56 localhost sftp-server[14073]: reading 1354 bytes from file
> Nov  9 12:37:56 localhost sftp-server[14073]: reading 0 bytes from file
>
> Loggin in with an chroot-account that uses "scponlyc" creates just a 
> message like this:
>
> Nov  9 12:48:09 localhost scponly[16683]: running: 
> /usr/local/libexec/sftp-server (username: scponly(501), IP/port: 
> 192.168.75.1 1704 22)
>
> Is there a way to activate sftp -logging for scponlyc-users also?
>
> Thanks in advance.
>
> Tobias
>
> ------------------------------------------------------------------------
> *Von:* Kaleb Pederson
> *Gesendet:* 19.10.06 17:22:57
> *An:* scponly at lists.ccs.neu.edu
> *Betreff:* Re: [scponly] Logging User Actions
>
>
> If you turn on logging you will get some of that behavior if the user in
> question is using scp. Also, copy of multiple files will not really 
> show up
> correctly because of the way files are transferred.
>
> If the user is using sftp, nothing useful will show up in the logs.
>
> If this is what you would like, the best thing to do would be to use 
> the sftp
> logging patch available at http://sftplogging.sourceforge.net/
>
> I hope that helps.
>
> --Kaleb
>
>
> On Thursday 19 October 2006 5:00 am, Nilocsia at web.de wrote:
> > Is there an option in scponly (or maybe in OpenSSH) which allows 
> logging of
> > u ser actions, like deleting or copying of files?
> >
> > Tobias.
> >
>
>
>
>
> Viren-Scan für Ihren PC! Jetzt für jeden. Sofort, online und kostenlos.   
> Gleich testen! *http://www.pc-sicherheit.web.de/freescan/?mc=022222*  
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly
>

More information about the scponly mailing list