Red Hat Enterprise Linux (RHEL) 9 – logging sftp commands « IT Solutions Technology Blog

Red Hat Enterprise Linux (RHEL) 9 – logging sftp commands

Red Hat Enterprise Linux (RHEL) 9 – using sftp to store data on a file server became a popular and secure way

[root@VA-RHEL9-02 ~]# vi /etc/ssh/sshd_config
Subsystem sftp /usr/libexec/openssh/sftp-server -l VERBOSE

[root@VA-RHEL9-02 ~]# systemctl restart sshd

[root@VA-RHEL9-02 ~]# systemctl status sshd
● sshd.service – OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2023-03-15 10:04:17 CET; 1min 7s ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 3897 (sshd)
Tasks: 1 (limit: 74490)
Memory: 1.7M
CPU: 23ms
CGroup: /system.slice/sshd.service
└─3897 „sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups“

Mär 15 10:04:17 VA-RHEL9-02 systemd[1]: Starting OpenSSH server daemon…
Mär 15 10:04:17 VA-RHEL9-02 sshd[3897]: Server listening on 0.0.0.0 port 22.
Mär 15 10:04:17 VA-RHEL9-02 sshd[3897]: Server listening on :: port 22.
Mär 15 10:04:17 VA-RHEL9-02 systemd[1]: Started OpenSSH server daemon.

[root@VA-RHEL9-02 ~]#

[root@VA-RHEL9-02 ~]# vi /var/log/messages
Mar 14 14:09:45 VA-RHEL9-02 sftp-server[1995]: session opened for local user root from [192.168.1.3]
Mar 14 14:09:45 VA-RHEL9-02 sftp-server[1995]: received client version 6
Mar 14 14:09:45 VA-RHEL9-02 sftp-server[1995]: realpath „.“
Mar 14 14:09:45 VA-RHEL9-02 sftp-server[1995]: opendir „/root“
Mar 14 14:09:46 VA-RHEL9-02 sftp-server[1995]: closedir „/root“
Mar 14 14:10:11 VA-RHEL9-02 systemd[1176]: Created slice User Background Tasks Slice.
Mar 14 14:10:11 VA-RHEL9-02 systemd[1176]: Starting Cleanup of User’s Temporary Files and Directories…
Mar 14 14:10:11 VA-RHEL9-02 systemd[1176]: Finished Cleanup of User’s Temporary Files and Directories.
Mar 14 14:10:27 VA-RHEL9-02 sftp-server[1995]: realpath „/root/..“
Mar 14 14:10:27 VA-RHEL9-02 sftp-server[1995]: lstat name „/“
Mar 14 14:10:27 VA-RHEL9-02 sftp-server[1995]: opendir „/“
Mar 14 14:10:27 VA-RHEL9-02 sftp-server[1995]: readlink „/bin“
Mar 14 14:10:27 VA-RHEL9-02 sftp-server[1995]: stat name „/bin“
Mar 14 14:10:27 VA-RHEL9-02 sftp-server[1995]: readlink „/sbin“
Mar 14 14:10:27 VA-RHEL9-02 sftp-server[1995]: stat name „/sbin“
Mar 14 14:10:27 VA-RHEL9-02 sftp-server[1995]: readlink „/lib“
Mar 14 14:10:27 VA-RHEL9-02 sftp-server[1995]: stat name „/lib“
Mar 14 14:10:27 VA-RHEL9-02 sftp-server[1995]: readlink „/lib64“
Mar 14 14:10:27 VA-RHEL9-02 sftp-server[1995]: stat name „/lib64“
Mar 14 14:10:29 VA-RHEL9-02 sftp-server[1995]: closedir „/“
Mar 14 14:10:30 VA-RHEL9-02 sftp-server[1995]: realpath „/tmp“
Mar 14 14:10:30 VA-RHEL9-02 sftp-server[1995]: lstat name „/tmp“
Mar 14 14:10:30 VA-RHEL9-02 sftp-server[1995]: opendir „/tmp“
Mar 14 14:10:31 VA-RHEL9-02 sftp-server[1995]: closedir „/tmp“
Mar 14 14:11:12 VA-RHEL9-02 sftp-server[1995]: realpath „/tmp/“
Mar 14 14:11:12 VA-RHEL9-02 sftp-server[1995]: lstat name „/tmp/josef.jpg“
Mar 14 14:11:12 VA-RHEL9-02 sftp-server[1995]: sent status No such file
Mar 14 14:11:12 VA-RHEL9-02 sftp-server[1995]: lstat name „/tmp/josef.jpg.filepart“
Mar 14 14:11:12 VA-RHEL9-02 sftp-server[1995]: sent status No such file
Mar 14 14:11:12 VA-RHEL9-02 sftp-server[1995]: open „/tmp/josef.jpg.filepart“ flags WRITE,CREATE,TRUNCATE mode 0666
Mar 14 14:11:13 VA-RHEL9-02 sftp-server[1995]: close „/tmp/josef.jpg.filepart“ bytes read 0 written 742912
Mar 14 14:11:13 VA-RHEL9-02 sftp-server[1995]: rename old „/tmp/josef.jpg.filepart“ new „/tmp/josef.jpg“
Mar 14 14:11:13 VA-RHEL9-02 sftp-server[1995]: set „/tmp/josef.jpg“ modtime 20191029-11:28:28
Mar 14 14:11:13 VA-RHEL9-02 sftp-server[1995]: opendir „/tmp“
Mar 14 14:11:14 VA-RHEL9-02 sftp-server[1995]: closedir „/tmp“
Mar 14 14:13:11 VA-RHEL9-02 systemd[1917]: Created slice User Background Tasks Slice.
Mar 14 14:13:11 VA-RHEL9-02 systemd[1917]: Starting Cleanup of User’s Temporary Files and Directories…
Mar 14 14:13:11 VA-RHEL9-02 systemd[1917]: Finished Cleanup of User’s Temporary Files and Directories.
Mar 14 14:16:05 VA-RHEL9-02 sftp-server[1995]: open „/tmp/josef.jpg“ flags READ mode 0666
Mar 14 14:16:05 VA-RHEL9-02 sftp-server[1995]: close „/tmp/josef.jpg“ bytes read 742912 written 0
Mar 14 14:16:12 VA-RHEL9-02 sftp-server[1995]: remove name „/tmp/josef.jpg“
Mar 14 14:16:12 VA-RHEL9-02 sftp-server[1995]: opendir „/tmp“
Mar 14 14:16:13 VA-RHEL9-02 sftp-server[1995]: closedir „/tmp“

[root@VA-RHEL9-02 ~]#

This entry was posted on Dienstag, März 14th, 2023 at 13:09 and is filed under Administration, RedHat Solution. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.