Re: [gentoo-user] internal-sftp and logs files

2011-03-03 Thread Naira Kaieski 

Good afternoon,

http://groups.google.com/group/comp.security.ssh/browse_thread/thread/ce30a1d9889dc2e2?pli=1

The tip above link to solve the problem. I had found this link, however 
I was creating the log file in the dev directory of the chroot user. 
With the command strace I noticed what was happening permission error 
file access.


Effectively you need only create the dev directory, the Log Files 
syslog-ng will automatically create. The log file is actually a socket 
file that syslog-ng will create.


Solution:

My mistake was to manually create the log file in the dev directory of 
the chroot user.


An example of directory is:
User: naira
Home directory: /var/www/naira.com.br

-- File sshd_config
Match Group customers
ChrootDirectory %h
ForceCommand internal-sftp-l VERBOSE f-AUTH

-- File syslog-ng.conf
source src {
unix-stream(/dev/log);
internal();
unix-stream(/var/www/naira.com.br/dev/log);
};

# ls -lah /var/www/naira.com.br/
drwxrwxr-x  13 root root 3.8K Mar  1 14:58 dev

Restart syslog-ng.

Thanks.

Naira Kaieski
Nucleo de Internet/Redes - Faccat
Linux Professional Institute - LPI000223834

Em 2/3/2011 14:05, Ivan Kharlamov escreveu:

2011/3/1 Naira Kaieskina...@faccat.br:

Good afternoon,

Staff set up openssh to direct users to a certain group members to a chroot
environment and these users will have access only to the server using sftp
protocol.

Put in the sshd_config file:
Match Group customers
ChrootDirectory% h
ForceCommand internal-sftp-l VERBOSE f-AUTH

Thus each user is directed to the chroot environment indicated in the
variable% h (home directory defined in / etc / passwd)

An example of directory is:
User: naira
Home directory: /var/www/naira.com.br

The problem is that I am not able to capture logs of the user group
clients that are targeted to the chroot environment. Access via
internal-sftp from other users who do not belong to the client I get the
logs in auth.log files.

I'm using syslog-ng.

Has anyone ever made this kind of setup?

Thanks,

--
Naira Kaieski
Nucleo de Internet/Redes - Faccat
Linux Professional Institute - LPI000223834




Hi!

Actually, I am incompetent at this area, but have you tried this?
http://groups.google.com/group/comp.security.ssh/browse_thread/thread/ce30a1d9889dc2e2

Best regards,
Ivan

Re: [gentoo-user] internal-sftp and logs files

2011-03-02 Thread Ivan Kharlamov 
2011/3/1 Naira Kaieski na...@faccat.br:
 Good afternoon,

 Staff set up openssh to direct users to a certain group members to a chroot
 environment and these users will have access only to the server using sftp
 protocol.

 Put in the sshd_config file:
 Match Group customers
    ChrootDirectory% h
    ForceCommand internal-sftp-l VERBOSE f-AUTH

 Thus each user is directed to the chroot environment indicated in the
 variable% h (home directory defined in / etc / passwd)

 An example of directory is:
 User: naira
 Home directory: /var/www/naira.com.br

 The problem is that I am not able to capture logs of the user group
 clients that are targeted to the chroot environment. Access via
 internal-sftp from other users who do not belong to the client I get the
 logs in auth.log files.

 I'm using syslog-ng.

 Has anyone ever made this kind of setup?

 Thanks,

 --
 Naira Kaieski
 Nucleo de Internet/Redes - Faccat
 Linux Professional Institute - LPI000223834



Hi!

Actually, I am incompetent at this area, but have you tried this?
http://groups.google.com/group/comp.security.ssh/browse_thread/thread/ce30a1d9889dc2e2

Best regards,
Ivan

[gentoo-user] internal-sftp and logs files

2011-03-01 Thread Naira Kaieski 

Good afternoon,

Staff set up openssh to direct users to a certain group members to a 
chroot environment and these users will have access only to the server 
using sftp protocol.


Put in the sshd_config file:
Match Group customers
ChrootDirectory% h
ForceCommand internal-sftp-l VERBOSE f-AUTH

Thus each user is directed to the chroot environment indicated in the 
variable% h (home directory defined in / etc / passwd)


An example of directory is:
User: naira
Home directory: /var/www/naira.com.br

The problem is that I am not able to capture logs of the user group 
clients that are targeted to the chroot environment. Access via 
internal-sftp from other users who do not belong to the client I get 
the logs in auth.log files.


I'm using syslog-ng.

Has anyone ever made this kind of setup?

Thanks,

--
Naira Kaieski
Nucleo de Internet/Redes - Faccat
Linux Professional Institute - LPI000223834