1 |
Good afternoon, |
2 |
|
3 |
http://groups.google.com/group/comp.security.ssh/browse_thread/thread/ce30a1d9889dc2e2?pli=1 |
4 |
|
5 |
The tip above link to solve the problem. I had found this link, however |
6 |
I was creating the log file in the dev directory of the chroot user. |
7 |
With the command strace I noticed what was happening permission error |
8 |
file access. |
9 |
|
10 |
Effectively you need only create the dev directory, the Log Files |
11 |
syslog-ng will automatically create. The log file is actually a socket |
12 |
file that syslog-ng will create. |
13 |
|
14 |
Solution: |
15 |
|
16 |
My mistake was to manually create the log file in the dev directory of |
17 |
the chroot user. |
18 |
|
19 |
An example of directory is: |
20 |
User: naira |
21 |
Home directory: /var/www/naira.com.br |
22 |
|
23 |
--> File sshd_config |
24 |
Match Group customers |
25 |
ChrootDirectory %h |
26 |
ForceCommand internal-sftp-l VERBOSE f-AUTH |
27 |
|
28 |
--> File syslog-ng.conf |
29 |
source src { |
30 |
unix-stream("/dev/log"); |
31 |
internal(); |
32 |
unix-stream("/var/www/naira.com.br/dev/log"); |
33 |
}; |
34 |
|
35 |
# ls -lah /var/www/naira.com.br/ |
36 |
drwxrwxr-x 13 root root 3.8K Mar 1 14:58 dev |
37 |
|
38 |
Restart syslog-ng. |
39 |
|
40 |
Thanks. |
41 |
|
42 |
Naira Kaieski |
43 |
Nucleo de Internet/Redes - Faccat |
44 |
Linux Professional Institute - LPI000223834 |
45 |
|
46 |
Em 2/3/2011 14:05, Ivan Kharlamov escreveu: |
47 |
> 2011/3/1 Naira Kaieski<naira@××××××.br>: |
48 |
>> Good afternoon, |
49 |
>> |
50 |
>> Staff set up openssh to direct users to a certain group members to a chroot |
51 |
>> environment and these users will have access only to the server using sftp |
52 |
>> protocol. |
53 |
>> |
54 |
>> Put in the sshd_config file: |
55 |
>> Match Group customers |
56 |
>> ChrootDirectory% h |
57 |
>> ForceCommand internal-sftp-l VERBOSE f-AUTH |
58 |
>> |
59 |
>> Thus each user is directed to the chroot environment indicated in the |
60 |
>> variable% h (home directory defined in / etc / passwd) |
61 |
>> |
62 |
>> An example of directory is: |
63 |
>> User: naira |
64 |
>> Home directory: /var/www/naira.com.br |
65 |
>> |
66 |
>> The problem is that I am not able to capture logs of the user group |
67 |
>> "clients" that are targeted to the chroot environment. Access via |
68 |
>> internal-sftp from other users who do not belong to the "client" I get the |
69 |
>> logs in auth.log files. |
70 |
>> |
71 |
>> I'm using syslog-ng. |
72 |
>> |
73 |
>> Has anyone ever made this kind of setup? |
74 |
>> |
75 |
>> Thanks, |
76 |
>> |
77 |
>> -- |
78 |
>> Naira Kaieski |
79 |
>> Nucleo de Internet/Redes - Faccat |
80 |
>> Linux Professional Institute - LPI000223834 |
81 |
>> |
82 |
>> |
83 |
> |
84 |
> Hi! |
85 |
> |
86 |
> Actually, I am incompetent at this area, but have you tried this? |
87 |
> http://groups.google.com/group/comp.security.ssh/browse_thread/thread/ce30a1d9889dc2e2 |
88 |
> |
89 |
> Best regards, |
90 |
> Ivan |
91 |
> |