| 1 |
Good afternoon, |
| 2 |
|
| 3 |
http://groups.google.com/group/comp.security.ssh/browse_thread/thread/ce30a1d9889dc2e2?pli=1 |
| 4 |
|
| 5 |
The tip above link to solve the problem. I had found this link, however |
| 6 |
I was creating the log file in the dev directory of the chroot user. |
| 7 |
With the command strace I noticed what was happening permission error |
| 8 |
file access. |
| 9 |
|
| 10 |
Effectively you need only create the dev directory, the Log Files |
| 11 |
syslog-ng will automatically create. The log file is actually a socket |
| 12 |
file that syslog-ng will create. |
| 13 |
|
| 14 |
Solution: |
| 15 |
|
| 16 |
My mistake was to manually create the log file in the dev directory of |
| 17 |
the chroot user. |
| 18 |
|
| 19 |
An example of directory is: |
| 20 |
User: naira |
| 21 |
Home directory: /var/www/naira.com.br |
| 22 |
|
| 23 |
--> File sshd_config |
| 24 |
Match Group customers |
| 25 |
ChrootDirectory %h |
| 26 |
ForceCommand internal-sftp-l VERBOSE f-AUTH |
| 27 |
|
| 28 |
--> File syslog-ng.conf |
| 29 |
source src { |
| 30 |
unix-stream("/dev/log"); |
| 31 |
internal(); |
| 32 |
unix-stream("/var/www/naira.com.br/dev/log"); |
| 33 |
}; |
| 34 |
|
| 35 |
# ls -lah /var/www/naira.com.br/ |
| 36 |
drwxrwxr-x 13 root root 3.8K Mar 1 14:58 dev |
| 37 |
|
| 38 |
Restart syslog-ng. |
| 39 |
|
| 40 |
Thanks. |
| 41 |
|
| 42 |
Naira Kaieski |
| 43 |
Nucleo de Internet/Redes - Faccat |
| 44 |
Linux Professional Institute - LPI000223834 |
| 45 |
|
| 46 |
Em 2/3/2011 14:05, Ivan Kharlamov escreveu: |
| 47 |
> 2011/3/1 Naira Kaieski<naira@××××××.br>: |
| 48 |
>> Good afternoon, |
| 49 |
>> |
| 50 |
>> Staff set up openssh to direct users to a certain group members to a chroot |
| 51 |
>> environment and these users will have access only to the server using sftp |
| 52 |
>> protocol. |
| 53 |
>> |
| 54 |
>> Put in the sshd_config file: |
| 55 |
>> Match Group customers |
| 56 |
>> ChrootDirectory% h |
| 57 |
>> ForceCommand internal-sftp-l VERBOSE f-AUTH |
| 58 |
>> |
| 59 |
>> Thus each user is directed to the chroot environment indicated in the |
| 60 |
>> variable% h (home directory defined in / etc / passwd) |
| 61 |
>> |
| 62 |
>> An example of directory is: |
| 63 |
>> User: naira |
| 64 |
>> Home directory: /var/www/naira.com.br |
| 65 |
>> |
| 66 |
>> The problem is that I am not able to capture logs of the user group |
| 67 |
>> "clients" that are targeted to the chroot environment. Access via |
| 68 |
>> internal-sftp from other users who do not belong to the "client" I get the |
| 69 |
>> logs in auth.log files. |
| 70 |
>> |
| 71 |
>> I'm using syslog-ng. |
| 72 |
>> |
| 73 |
>> Has anyone ever made this kind of setup? |
| 74 |
>> |
| 75 |
>> Thanks, |
| 76 |
>> |
| 77 |
>> -- |
| 78 |
>> Naira Kaieski |
| 79 |
>> Nucleo de Internet/Redes - Faccat |
| 80 |
>> Linux Professional Institute - LPI000223834 |
| 81 |
>> |
| 82 |
>> |
| 83 |
> |
| 84 |
> Hi! |
| 85 |
> |
| 86 |
> Actually, I am incompetent at this area, but have you tried this? |
| 87 |
> http://groups.google.com/group/comp.security.ssh/browse_thread/thread/ce30a1d9889dc2e2 |
| 88 |
> |
| 89 |
> Best regards, |
| 90 |
> Ivan |
| 91 |
> |
Archives