log of sftp in a chroot (with rssh)

This is the place for you, if you got rsyslog up and running but wonder how to make it do what you want.

Moderator: rgerhards

Google Ads


log of sftp in a chroot (with rssh)

Postby yanlolot » Wed Aug 25, 2010 6:52 pm

Hello

At first, sorry for my english, I'me french.

Here is my problem:
My system is squeeze (debian testing). I've a sftp server (with openssh), and every client is chrooted in /home/sftp, thanks to rssh.
The man page of sftp-server says: "For logging to work, sftp-server must be able to access /dev/log. Use of sftp-server in a chroot configuration therefore requires that syslogd(8) establish a logging socket inside the chroot directory."
And the man page of syslogd: "-a socket: Using this argument you can specify additional sockets from that syslogd has to listen to.
This is needed if you're going to let some daemon run within a chroot() environment.
"
So, when I used syslogd, I only had to add SYSLOGD="-a /home/sftp/dev" in /etc/defaut/syslog.
I would like to know how to do the same thing with rsyslog ?
I've tried to add $AddUnixListenSocket -a /home/sftp/dev in /etc/rsyslog.conf but when I restart rsyslog, I've this in /var/log/syslog:
rsyslogd: error: extra characters in config line ignored: '/home/sftp/dev'

Thanks for your help.
yanlolot
New
 
Posts: 4
Joined: Wed Aug 25, 2010 6:33 pm

Urgent Question?

  • Pulling out your Hair?
  • Wasting Time and Money?
  • Deadline Approaching?

Re: log of sftp in a chroot (with rssh)

Postby yossarian » Fri Aug 27, 2010 7:53 pm

I believe you need to do this:
$ModLoad imuxsock
$AddUnixListenSocket /home/sftp/dev


You will want a $AddUnixListenSocket line for each chroot jail, but $ModLoad imuxsock needs only to appear once.
yossarian
New
 
Posts: 1
Joined: Fri Aug 27, 2010 7:45 pm

Re: log of sftp in a chroot (with rssh)

Postby yanlolot » Sat Aug 28, 2010 12:12 am

Thanks for your answer, but it doesn't work:
when I add
Code: Select all
$ModLoad imuxsock
$AddUnixListenSocket /home/sftp/dev

in /etc/rsyslog.conf, and restart rsyslog, I 've got in /var/log/syslog:
/var/log/syslog wrote:rsyslogd: [origin software="rsyslogd" swVersion="4.6.4" x-pid="14877" x-info="http://www.rsyslog.com"] exiting on signal 15.
rsyslogd: connot create '/home/sftp/dev': Address already in use


Thanks for help.
yanlolot
New
 
Posts: 4
Joined: Wed Aug 25, 2010 6:33 pm

Re: log of sftp in a chroot (with rssh)

Postby yanlolot » Tue Sep 07, 2010 3:58 pm

Hello

I've tried to do this:
add $AddUnixListenSocket /home/sftp/dev/log (instead of $AddUnixListenSocket /home/sftp/dev ), and restart rsyslog.
I've no errors, and syslogd creates /dev/log in the chroot:
Code: Select all
# ls -al /home/sftp/dev/log
srw-rw-rw- 1 root root 0  7 sept. 11:01 /home/sftp/dev/log


But no messages of transferts in /var/log/syslog, or /var/log/kern.log...

Thanks for your help.

PS: I tried to apply this to my case: http://www.dmo.ca/blog/20081009143754/
yanlolot
New
 
Posts: 4
Joined: Wed Aug 25, 2010 6:33 pm

Re: log of sftp in a chroot (with rssh)

Postby yanlolot » Tue Sep 07, 2010 4:31 pm

Ok, it's solved:
--> add $AddUnixListenSocket /home/sftp/dev/log in /etc/rsyslog.conf (and verify that $ModLoad imuxsock is uncommented at the top of this file)
--> add -f LOCAL7 -l INFO in the line about the subsystem in /etc/ssh/sshd_config :
/etc/ssh/sshd_config wrote:(...)
Subsystem sftp /usr/lib/openssh/sftp-server -f LOCAL7 -l INFO
(...)

-->add local7.info /var/log/sftp in /etc/rsyslog.conf
--> restart ssh and rsyslog:
Code: Select all
/etc/init.d/ssh restart
/etc/init.d/rsyslog restart


And the log of the transferts are in /var/log/sftp :D

PS: how do I add solved to the title of this topic (I can't edit my posts) ?
yanlolot
New
 
Posts: 4
Joined: Wed Aug 25, 2010 6:33 pm

Re: log of sftp in a chroot (with rssh)

Postby Sarah1984 » Tue Aug 09, 2011 2:46 pm

try $ModLoad imuxsock, it should help in any case..but if not there may be some problems with the system :!:
Sarah1984
New
 
Posts: 2
Joined: Tue Aug 09, 2011 2:41 pm

Re: log of sftp in a chroot (with rssh)

Postby AdamD_TX » Thu Sep 27, 2012 12:30 am

Thanks alot yanlolot.

> add -f LOCAL7 -l INFO in the line about the subsystem

Also look for "ForceCommand" directives in your /etc/ssh/sshd_config
and add the "-f LOCAL7 -l INFO" to those lines too.

Example:
ForceCommand internal-sftp -f LOCAL7 -l INFO
AdamD_TX
New
 
Posts: 1
Joined: Thu Sep 27, 2012 12:24 am

Google Ads



Return to Configuration

Who is online

Users browsing this forum: No registered users and 10 guests

cron