[syslog-ng] internal-sftp and logs files

Naira Kaieski naira at faccat.br
Thu Mar 3 18:38:38 CET 2011 

Good afternoon,

http://groups.google.com/group/comp.security.ssh/browse_thread/thread/ce30a1d9889dc2e2?pli=1

The tip above link to solve the problem. I had found this link, however 
I was creating the log file in the dev directory of the chroot user. 
With the command strace I noticed what was happening permission error 
file access.

Effectively you need only create the dev directory, the Log Files 
syslog-ng will automatically create. The log file is actually a socket 
file that syslog-ng will create.

Solution:

My mistake was to manually create the log file in the dev directory of 
the chroot user.

An example of directory is:
User: naira
Home directory: /var/www/naira.com.br

--> File sshd_config
Match Group customers
     ChrootDirectory %h
     ForceCommand internal-sftp-l VERBOSE f-AUTH

--> File syslog-ng.conf
source src {
     unix-stream("/dev/log");
     internal();
     unix-stream("/var/www/naira.com.br/dev/log");
};

# ls -lah /var/www/naira.com.br/
drwxrwxr-x  13 root     root     3.8K Mar  1 14:58 dev

Restart syslog-ng.

Thanks.

Naira Kaieski
Nucleo de Internet/Redes - Faccat
Linux Professional Institute - LPI000223834


Em 1/3/2011 13:33, Sandor Geller escreveu:
> Hi,
>
> Did you check with strace where the apps is trying to log? It could
> happen that it tries to open /dev/log within the chroot so you should
> tell syslog-ng to create/listen on /var/www/naira.com.br/dev/log This
> is documented in the sshd_config manpage.
>
> Regards,
>
> Sandor
>
> On Tue, Mar 1, 2011 at 5:23 PM, Naira Kaieski<naira at faccat.br>  wrote:
>> Good afternoon,
>>
>> Staff set up openssh to direct users to a certain group members to a
>> chroot environment and these users will have access only to the server
>> using sftp protocol.
>>
>> Put in the sshd_config file:
>> Match Group customers
>>      ChrootDirectory% h
>>      ForceCommand internal-sftp-l VERBOSE f-AUTH
>>
>> Thus each user is directed to the chroot environment indicated in the
>> variable% h (home directory defined in / etc / passwd)
>>
>> An example of directory is:
>> User: naira
>> Home directory: /var/www/naira.com.br
>>
>> The problem is that I am not able to capture logs of the user group
>> "clients" that are targeted to the chroot environment. Access via
>> internal-sftp from other users who do not belong to the "client" I get
>> the logs in auth.log files.
>>
>> I just create dir and file /var/www/naira.com.br/dev/log but i not had
>> log files...
>>
>> I'm using syslog-ng.
>>
>> Has anyone ever made this kind of setup?
>>
>> Thanks,
>> --
>> Naira Kaieski
>> Nucleo de Internet/Redes - Faccat
>> Linux Professional Institute - LPI000223834
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>
>>

More information about the syslog-ng mailing list