Kmaiti

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Wednesday, 14 March 2012

How to store sftp log messages in custom file on RHEL 6?

Posted on 06:01 by Unknown
How to setup chrooted sftp account on RHEL 6?

$groupadd sftponly
$$useradd user123
$usermod -d /myhome -g sftponly -s /bin/false user123
$mkdir -p /chroots/user123 ; chmod -R 755 /chroots/user123
$mkdir /chroots/user123/myhome ; chown user123:sftponly /chroots/user123/myhome
$passwd user123

Also make sure below is successfully configured :


How to store sftp log messages in custom file on RHEL 6?

--------------------------------
1. Make sure "AUTHPRIV" facility is used in sshd_config file. Sample file looks like :


$ cat /etc/ssh/sshd_config :


-------------
Subsystem sftp internal-sftp -f AUTHPRIV -l VERBOSE

# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server

Match Group sftponly
ChrootDirectory /chroots/%u
AllowTcpForwarding no
ForceCommand internal-sftp -f AUTHPRIV -l VERBOSE
X11Forwarding no
-------------

2. Use proper additional socket file in /etc/sysconfig/rsyslog like :

vi /etc/sysconfig/rsyslog

SYSLOGD_OPTIONS="-m 0 -a /chroots/dev/log"

3. Following lines should be present in /etc/rsyslog.conf :

Add following lins :

-----------
$InputUnixListenSocketHostname internal-sftp
$AddUnixListenSocket /chroots/dev/log

# Log internal-sftp activity in a separate file

:programname, isequal, "internal-sftp" -/var/log/sftp.log
:programname, isequal, "internal-sftp" ~
:programname, isequal, "sshd" -/var/log/sftp.log
:programname, isequal, "sshd" ~

------------

4. Make sure you have done a hard link to socket file like :

$mkdir -p /chroots//dev
$ln /chroots/dev/log /chroots//dev/log

Note : Replace username in above command.

5. Restart rsyslog and sshd service :

$service rsyslog restart
$service sshd restart

Testing :

Open a terminal and execute following command on it like :

$tailf /var/log/sftp.log

Try to access SFTP account like :

$sftp username@IP
pw: << Enter password You'll see that all sftp logs messages are available in /var/log/sftp.log. Note : Note that all sshd and sftp related messages will be logged in above file. --------------------------- You may get following error : fatal: safely_chroot: stat("/chroots/"): Permission denied Solution : This is appearing due to SELinux issue. Please execute following commands : $chcon -t user_home_t /chroots/user123 $chcon -t user_home_t /chroots/user123/myhome $getsebool -a|grep sftp sftpd_anon_write --> off
sftpd_enable_homedirs --> off
sftpd_full_access --> off
sftpd_write_ssh_home --> off

Enable boolean like :

$setsebool -P sftpd_enable_homedirs 1

That's it.
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • unable connect to socket: No route to host (113)
    Guys, This error message usually comes when you try to access remote linux desktop using vncviewer. Please check the firewall in the linux s...
  • NDMP communication failure error
    Guys, Issue : Netbackup server sends alert NDMP communication failure once everyday. But there is no issue to run scheduled backup jobs. Env...
  • what does it mean by "cman expected_votes="1" two_node="1" in cluster.conf ?
    For two node clusters ordinarily, the loss of quorum after one out of two nodes fails will prevent the remaining node from continuing (if bo...
  • How to make bridge over VLAN?
    How to make bridge over VLAN? Bridging over VLAN's : By constructing a bridge between a "normal" and a "VLAN" ethern...
  • How to verify UDP packet communication between two linux system?
    Guys, Today, I had to check UDP packet communication between linux and a windows system. Main purpose of the windows system was to capturing...
  • How to install pdo_mysql module with php on 64 bit linux machine?
    Guys, The PHP Data Objects (PDO) extension defines a lightweight, consistent interface for accessing databases in PHP. Each database driver ...
  • configure: error: C preprocessor "/lib/cpp" fails sanity check + Resolved
    Guys, I got that error messages when I was going to configure any software on the linux server. I was unable to execute easyapache or ./conf...
  • configure: error: could not find library containing RSA_new
    Guys, It seems you have enabled the SSL option during configuring the package. Please either resolve that dependency or disable the SSL opti...
  • Cannot find config.m4 + phpize +Resolved
    Guys, I got the same error messages and sorted out it. Here is the error that I got. ===== root@server [/home/cpeasyapache/src/php-5.2.9/ext...
  • How to redirect output of script to a file(Need to save log in a file and file should be menioned in the script itself?
    Expectation : @subject Steps : 1. Create a bash script. 2. add line : exec > >(tee /var/log/my_logfile.txt) That's it. All output ...

Categories

  • ACL
  • ESX
  • Linux
  • Storage
  • UCS

Blog Archive

  • ►  2013 (5)
    • ►  May (1)
    • ►  April (3)
    • ►  February (1)
  • ▼  2012 (10)
    • ►  July (1)
    • ►  June (1)
    • ►  April (1)
    • ▼  March (3)
      • How to enable php in apache on RHEL ?
      • How to store sftp log messages in custom file on R...
      • How to setup multiple gateways for multiple Ethern...
    • ►  February (3)
    • ►  January (1)
  • ►  2011 (86)
    • ►  December (3)
    • ►  November (2)
    • ►  September (19)
    • ►  August (9)
    • ►  July (5)
    • ►  June (9)
    • ►  May (12)
    • ►  April (3)
    • ►  March (4)
    • ►  February (5)
    • ►  January (15)
  • ►  2010 (152)
    • ►  December (9)
    • ►  November (34)
    • ►  October (20)
    • ►  September (14)
    • ►  August (24)
    • ►  July (19)
    • ►  June (3)
    • ►  May (25)
    • ►  April (3)
    • ►  January (1)
Powered by Blogger.