Follow the below steps to enable logs for chroot sftp users
1. Take the backup of /etc/ssh/sshd_config
2. Add the below settings to sshd_config
Subsystem sftp internal-sftp -f LOCAL6 -l INFO
Match group sftpgroup
ChrootDirectory /home/%u
KbdInteractiveAuthentication no
PasswordAuthentication no
AllowTCPForwarding no
X11Forwarding no
Subsystem sftp internal-sftp -f LOCAL6 -l INFO
Save & Exit the sshd configuration.
3. Take the back of /etc/sysconfig/rsyslog & add the below entry.
SYSLOGD_OPTIONS="-m 0 -a /home/sftpuser/dev/log"
4. Create sftp.log file under /etc/rsyslog.d & add the below entry (This is used for create sockets)
# create additional sockets for the sftp chrooted users
module(load="imuxsock")
input(type="imuxsock" Socket="/path/to/somedirectory/dev/log" CreatePath="on")
input(type="imuxsock" Socket="/path/to/anotherdirectory/dev/log" CreatePath="on")
# log internal-sftp activity to sftp.log
if $programname == 'internal-sftp' then /var/log/sftp/sftp.log
& stop
5. Create dev directory under /home/sftpuser user
6. Now restart both sshd & rsyslog service
7. Now chroot sftp users activity logs are enabled & available under /var/log/sftp/
Hope it helps.
Friday, October 20, 2017
How to enable log for chroot sftp users in Linux Server?
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment