Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am new at this forum, I have a Server with Centos
Linux Server01 2.6.32-279.1.1.el6.x86_64 #1 SMP Tue Jul 10 13:47:21 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
with SFTP implemented it is working fine, but I need to audit all user that will use de SFTP.
My sshd_config is like this:
# override default of no subsystems
#Subsystem sftp internal-sftp
Subsystem sftp internal-sftp -l VERBOSE
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
Match group sftponly
ChrootDirectory /sftp/sftp
X11Forwarding no
AllowTcpForwarding no
#ForceCommand internal-sftp
ForceCommand internal-sftp -l VERBOSE
I search at internet and find some people that use the option -l VERBOSE and it start to register at the logs, but it not work, it just log when user log, logoff, password mistake, I need it show when user got inside dir, change file, delete files for exemple.
Someone ahead had this problem ?
Log I have in /var/log/secure
Aug 14 17:41:33 server01 sshd[2664]: Accepted password for mickey from xxx.xxx.xxx.xxx port 57250 ssh2
Aug 14 17:41:33 server01 sshd[2664]: pam_unix(sshd:session): session opened for user mickey by (uid=0)
Aug 14 17:41:34 server01 sshd[2666]: subsystem request for sftp
Aug 14 17:47:41 server01 sshd[2664]: pam_unix(sshd:session): session closed for user mickey
I got inside of many dir copy files and delete but it dont show at logs.
I search at internet and find some people that use the option -l VERBOSE and it start to register at the logs, but it not work, it just log when user log, logoff, password mistake, I need it show when user got inside dir, change file, delete files for exemple.
Try replacing "internal-sftp" with "sftp-server" and see 'man 8 sftp-server' for logging options?
Since this thread showed up when I was googling the same problem, but for Debian/Ubuntu, I just wanted to share the solution that I eventually came to. I posted it over at the Ubuntu forums http://ubuntuforums.org/showthread.php?t=2081637.
Thank you for pointing me in the right direction.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.