Good afternoon, Staff set up openssh to direct users to a certain group members to a chroot environment and these users will have access only to the server using sftp protocol. Put in the sshd_config file: Match Group customers ChrootDirectory% h ForceCommand internal-sftp-l VERBOSE f-AUTH Thus each user is directed to the chroot environment indicated in the variable% h (home directory defined in / etc / passwd) An example of directory is: User: naira Home directory: /var/www/naira.com.br The problem is that I am not able to capture logs of the user group "clients" that are targeted to the chroot environment. Access via internal-sftp from other users who do not belong to the "client" I get the logs in auth.log files. I just create dir and file /var/www/naira.com.br/dev/log but i not had log files... I'm using syslog-ng. Has anyone ever made this kind of setup? Thanks, -- Naira Kaieski Nucleo de Internet/Redes - Faccat Linux Professional Institute - LPI000223834
Hi, Did you check with strace where the apps is trying to log? It could happen that it tries to open /dev/log within the chroot so you should tell syslog-ng to create/listen on /var/www/naira.com.br/dev/log This is documented in the sshd_config manpage. Regards, Sandor On Tue, Mar 1, 2011 at 5:23 PM, Naira Kaieski <naira@faccat.br> wrote:
Good afternoon,
Staff set up openssh to direct users to a certain group members to a chroot environment and these users will have access only to the server using sftp protocol.
Put in the sshd_config file: Match Group customers ChrootDirectory% h ForceCommand internal-sftp-l VERBOSE f-AUTH
Thus each user is directed to the chroot environment indicated in the variable% h (home directory defined in / etc / passwd)
An example of directory is: User: naira Home directory: /var/www/naira.com.br
The problem is that I am not able to capture logs of the user group "clients" that are targeted to the chroot environment. Access via internal-sftp from other users who do not belong to the "client" I get the logs in auth.log files.
I just create dir and file /var/www/naira.com.br/dev/log but i not had log files...
I'm using syslog-ng.
Has anyone ever made this kind of setup?
Thanks, -- Naira Kaieski Nucleo de Internet/Redes - Faccat Linux Professional Institute - LPI000223834 ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
Good afternoon, http://groups.google.com/group/comp.security.ssh/browse_thread/thread/ce30a1... The tip above link to solve the problem. I had found this link, however I was creating the log file in the dev directory of the chroot user. With the command strace I noticed what was happening permission error file access. Effectively you need only create the dev directory, the Log Files syslog-ng will automatically create. The log file is actually a socket file that syslog-ng will create. Solution: My mistake was to manually create the log file in the dev directory of the chroot user. An example of directory is: User: naira Home directory: /var/www/naira.com.br --> File sshd_config Match Group customers ChrootDirectory %h ForceCommand internal-sftp-l VERBOSE f-AUTH --> File syslog-ng.conf source src { unix-stream("/dev/log"); internal(); unix-stream("/var/www/naira.com.br/dev/log"); }; # ls -lah /var/www/naira.com.br/ drwxrwxr-x 13 root root 3.8K Mar 1 14:58 dev Restart syslog-ng. Thanks. Naira Kaieski Nucleo de Internet/Redes - Faccat Linux Professional Institute - LPI000223834 Em 1/3/2011 13:33, Sandor Geller escreveu:
Hi,
Did you check with strace where the apps is trying to log? It could happen that it tries to open /dev/log within the chroot so you should tell syslog-ng to create/listen on /var/www/naira.com.br/dev/log This is documented in the sshd_config manpage.
Regards,
Sandor
On Tue, Mar 1, 2011 at 5:23 PM, Naira Kaieski<naira@faccat.br> wrote:
Good afternoon,
Staff set up openssh to direct users to a certain group members to a chroot environment and these users will have access only to the server using sftp protocol.
Put in the sshd_config file: Match Group customers ChrootDirectory% h ForceCommand internal-sftp-l VERBOSE f-AUTH
Thus each user is directed to the chroot environment indicated in the variable% h (home directory defined in / etc / passwd)
An example of directory is: User: naira Home directory: /var/www/naira.com.br
The problem is that I am not able to capture logs of the user group "clients" that are targeted to the chroot environment. Access via internal-sftp from other users who do not belong to the "client" I get the logs in auth.log files.
I just create dir and file /var/www/naira.com.br/dev/log but i not had log files...
I'm using syslog-ng.
Has anyone ever made this kind of setup?
Thanks, -- Naira Kaieski Nucleo de Internet/Redes - Faccat Linux Professional Institute - LPI000223834 ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
participants (2)
-
Naira Kaieski
-
Sandor Geller