This Blog is to share our knowledge and expertise on Linux System Administration and VMware Administration

Friday, October 20, 2017

How to enable log for chroot sftp users in Linux Server?

Follow the below steps to enable logs for chroot sftp users

1. Take the backup of /etc/ssh/sshd_config

2. Add the below settings to sshd_config

Subsystem       sftp   internal-sftp  -f LOCAL6 -l INFO

  Match group sftpgroup
  ChrootDirectory /home/%u
  KbdInteractiveAuthentication no
  PasswordAuthentication no
  AllowTCPForwarding no
  X11Forwarding no
  Subsystem       sftp  internal-sftp -f LOCAL6 -l INFO

Save & Exit the sshd configuration.

3. Take the back of /etc/sysconfig/rsyslog & add the below entry.

SYSLOGD_OPTIONS="-m 0 -a /home/sftpuser/dev/log"

4. Create sftp.log file under /etc/rsyslog.d & add the below entry (This is used for create sockets)

# create additional sockets for the sftp chrooted users
input(type="imuxsock" Socket="/path/to/somedirectory/dev/log" CreatePath="on")
input(type="imuxsock" Socket="/path/to/anotherdirectory/dev/log" CreatePath="on")

# log internal-sftp activity to sftp.log
if $programname == 'internal-sftp' then /var/log/sftp/sftp.log
& stop

5. Create dev directory under /home/sftpuser user

6. Now restart both sshd & rsyslog service

7. Now chroot sftp users activity logs are enabled & available under /var/log/sftp/

Hope it helps.

No comments:

Post a Comment