Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > General

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 10-11-2013, 12:55 PM
shoebear shoebear is offline
Registered User
 
Join Date: Dec 2009
Posts: 8
Log file for audit purposes

Where I work, applications are owned by superusers. In production environments, I must first log in as myself, then su to the application superuser. I do so by executing a script that starts a log file of my session, then su's me. This log is kept for audit purposes. We do not know the superuser account passwords.

This is a pain in the patootie, especially when we need to migrate program files from Windows to Unix. Since we can only sftp as ourselves, not the superuser, we have to sftp the file to a temporary location, ssh in as the superuser, copy the file to the final location, then delete the file from the temp location. Oh, and we are locked out of the chown command also.

It would be much easier to authenticate with a key pair directly as the superuser, which is what we do in dev & test environments. The reason we can't do this in production is because of the requirement to keep a log.

I played with the log file feature in SecureCRT/FX, and I couldn't get it to log SecureFX transactions. Besides, we could turn it off if we wanted to do something nefarious.

So my questions:
  • Is there a way to log SecureFX transactions?
  • Is there a way to lock down the log file feature so that we can't turn it off?
  • If not, does anyone know of a way to enforce mandatory logging of both SSH and SFTP sessions at the Linux level and still allow us to connect directly as the superuser?

Thanks!
Dan
Reply With Quote
  #2  
Old 10-11-2013, 04:28 PM
jdev's Avatar
jdev jdev is offline
VanDyke Technical Support
 
Join Date: Nov 2003
Location: Albuquerque, NM
Posts: 1,099
There currently isn't a way to enforce logging to occur in SecureCRT/SecureFX. Even if there were a way to enforce logging within SecureCRT/FX, it wouldn't be fail-safe since a user could simply use another client application to perform their nefarious action(s).

The best practice would be for the SSH/SFTP server to log all transactions.
That way, regardless of the client being used and its configuration for logging or not, all transactions would be logged by the SFTP server.

What SSH server is in use on the remote machine(s)?

What is the universe of SFTP transactions you need to log (or keep track of in some way for auditing)?

What is the myriad of shell transactions that would need to be tracked for auditing?

If for whatever reason you feel your answers would give away too much on a public forum such as this, feel free to send email to support@vandyke.com or give us a call directly: +1 505-332-5730 (7:30AM - 5:30PM Mountain).


--Jake
__________________
Jake Devenport
VanDyke Software
Technical Support
YouTube Channel: https://www.youtube.com/vandykesoftware
Email: support@vandyke.com
Web: https://www.vandyke.com/support
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 08:40 AM.