the.root
Apprentice
Joined: 29 Apr 2007
Posts: 210
Location: -84.706059324915, -62.4843750666430
|
 Posted: Sat Jul 24, 2010 6:13 pm Post subject: Command & file logging for sftp/scp/ssh |
 |
|
So I'm trying to increase the logging on my servers so I can tell what some people are doing (and breaking).
I basically want to log all sftp file transfers (basic information on it). All scp file transfers (basic information as well). And ALL ssh commands that was sent without opening a tty (IE they arent passed to .sh_history).
I figured out the sftp by adding the -l INFO line to :
Subsystem sftp /usr/local/libexec/sftp-server -l INFO
I think I've found a few options for ssh - i'm not sure yet, I still want to look into. What I'm really stumped on is the scp logging. It doesn't log with the sftp and I cant seem to find a way to get log information on files transferred using the scp app on the server side. I would be really surprised if openssh didn't have the scp & ssh cmd logging built into it somehow. This has to be a pretty common requirement of sysadmins, especially ones who have to conform to PCI specs (another main reason why i need to do this).
If anyone has any suggestions on how to go about doing this, please let me know!!
Thanks!
_________________
Ps = (1.5 x 6 x .75) / {(4/3) (pi) [(31.039 x 10^15) (46.5 x 10^9)]^3}
Seems like a waste.. |
|
Networking & Security
