[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
  Web www.spinics.net

Re: sftp-server logging under chroot & privilege separation

It might be an issue with /dev/log not existing in the chrooted

If you are running syslog-ng, you could tell it to open a second
Unix domain dgram socket. ("unix-dgram(/chroot/path/dev/log);")

On Mon, Mar 8, 2010 at 9:53 AM,  <kjh26@xxxxxxxxxxxx> wrote:
> Hello:
> We are using OpenSSH 5.3p1.
> We are using this to host an SFTP drop-box.  We have implemented chroot &
> privilege separation.
> For corporate security reasons, we are running sshd as an application ID
> setuid root (long story - don't want to go into it here)
> The issue we are noting is that we 'lose' SFTP logging of commands when
> sshd is run normally.
> When we run it in DEBUG, we see the SFTP commands in the log.
> We suspected the chrooting/priv sep had something to do with it, however,
> changing the sftp-server to be setuid root did not fix the issue.
> Any ideas?
> Thanks
> Kevin J. Herman
> Sr. Systems Analyst
> EBMX [Electronic Business Message eXchange]
> ITM - Procurement Systems
> T/L 776-6793
> O/L (248)576-6793
> FAX (248)576-2185
> CTC E3000-3S2E8
> CIMS 483-01-19
> LOC/DEPT: 1100-1721

And, did Galoka think the Ulus were too ugly to save?

[Home]     [Fedora Users]     [Fedora Legacy]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

Add to Google Powered by Linux