Answer the question
In order to leave comments, you need to log in
A
A
Anton B2015-11-06 17:03:09
Anton B, 2015-11-06 17:03:09
How to log OpenSSH SFTP user actions?
Hello.
Created a user with a home directory, gave him SFTP access.
How to log its actions: created a file, deleted a file, changed a file?
Thank you!
useradd -m -d /var/www/mysite.ru -s /bin/false mysite
addgroup --system sftp
usermod -G sftp mysite
vi /etc/ssh/sshd_config
Subsystem sftp internal-sftp
Match Group sftp
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp 3 answer(s)
@bigton
That is, we simply mount /dev/log into the user's environment, the lack of access to which did not allow logging.
A
Anton B, 2015-11-08 @bigton
I read a lot of things, different solutions are offered, but I like simple solutions.
-f USER so that the logs are dumped not in auth.log, but in user.log. Thus, the SSH authorization logs will not interfere with the SFTP logs.
Then a problem arises, when authorizing via SFTP, the user is limited by his environment (ChrootDirectory), so nothing is written to the log file. You can solve this problem in different ways, but the simplest one is:
mkdir /var/www/mysite.ru/dev
touch /var/www/mysite.ru/dev/log
chmod 511 /var/www/mysite.ru/dev
chattr +i /var/www/mysite.ru/dev
mount --bind /dev/log /var/www/mysite.ru/dev/logThat is, we simply mount /dev/log into the user's environment, the lack of access to which did not allow logging.
Similar questions
A
V
U
S
S
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question