How to be Notified of each SFTP access to server
I have found various ways on line of using the ConfigServer Firewall to track (by means of an email to server admin) each SSH access to my servers.
I am now looking for ways to improve upon this by being able to get a notification email to the server admin email address stating the IP / approx. location, and time and account for each SFTP Cpanel account access (success or failure).
Further Details:
I have a working system for giving email notifications when a pure SSH connection (winSCP, WHM Terminal, etc.) is established to/on the server, however, when a SFTP (FTP over SSH) access is opened, such as with PhpStorm or FileZilla etc; this connection does not trigger the notification system. How can I report these sorts of connections by email?
I can't find any options for doing this on the standard WHM / ConfigServer Firewall, and more frustratingly my Internet Search Engine diggings only come up with similarly phrased but completely off-topic results (such as "how do I FTP to my server", etc. etc.) .
Many thanks for any clues to create this trackability.
Cheers
Martin
P.s> Success or failure of each SFTP connection is not important, it would be nice to report the status of each attempted connection (ie is it a valid login?) but this is secondary to knowing the connection is taking place.
-
Hey there! I looked around for a bit as well, but I didn't find anything ready-made for this either. This sounds like a great idea for a feature request, though, and you can get that submitted using the link in my signature. 0 -
I CPRex, I am currently researching writing a shim bash script to carry out this task, and will update if/when I get progress on doing this! Cheers 0 -
A useful script for emailing these details when a SFTP connection is CLOSED is: 1. Upload the below code (adjusting as required) 2. Update the sshd_config file 3. Restart sshd (using WHM restart is fine) .... #!/bin/bash # Create a temporary log file LOGFILE=$(/bin/mktemp /tmp/sftplog.XXXXXX) # Redirect stderr to LOGFILE exec 2>"$LOGFILE" # Run the SFTP with logging to stderr /usr/libexec/openssh/sftp-server -e -u 022 -l VERBOSE exec >/dev/null # Use some sendmail substitute to send an e-mail /usr/sbin/sendmail -i root@localhost <
NOTE: The file must have the same permissions set as the/usr/libexec/openssh/sftp-server
THe file can be placed anywhere, say for example usr/local/bin/sftp-logger and then referenced from the etc/ssh/sshd_config file, for example;# override default of no subsystems #Subsystem sftp /usr/libexec/openssh/sftp-server Subsystem sftp /usr/local/bin/sftp-logger0
Please sign in to leave a comment.
Comments
3 comments