|
-
September 28th, 2005, 06:11 AM
#1
Chrooted SSH Shell - Who Logged In?
OK well here's my question of the week...
I have recently brought a public webserver online, which includes ssh acess to itself to allow users to manage thier webspace.
Here's the rub: all the servies on this box are chrooted, including the ssh server they are logging in to, and the apache server thier pages are served up from. The /home direcory is mounted in multiple location to allow this.
So, when I have users logged in to my chrooted ssh server, the "w" ,"who" amd whatnot commands show only people logged in locally, or people logged in to the main box via an ssh connection on another port which is not chrooted.
I need a way to quickly tell who is logged in via a chrooted ssh shell, such as the output given with the "who" command"...
Any ideas?
Government is like fire - a handy servant, but a dangerous master - George Washington
Government is not reason, it is not eloquence - it is force. - George Washington.
Join the UnError community!
-
September 28th, 2005, 10:02 AM
#2
May be use some user logon script that can get user name and send it to someone?
// too far away outside of limit
-
September 28th, 2005, 02:40 PM
#3
If they are chroot, won't they also have their own /var ? If so you could use last with a -f and point it to their /var/log/wtmp file ?
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
September 29th, 2005, 12:00 AM
#4
where I have sort of the same setup I mounted /proc and /dev/pts twice. Once in the real root, and another time in the chroot. That should make your w and who and ps commands work.
-
September 29th, 2005, 06:40 PM
#5
Nebulus, Heretic, those were exactly the answers I was looking for.
last -f <filename> will tell me who is logged, and can be run from outside the jail without the need to mount /dev/pts and /proc twice.
With /dev/pts and /proc mounted within the jail, the w, who, whoami and whatnot commands all work. Additionally, the write and talk programs are working now too, however they cannot communicate outside the jail, but that is the whole point, after all.
I would like to avoid mounting /dev/pts and /proc inside the jail. Well, actually I need /dev/pts for ssh logins to work, but /proc is not needed to connect to it. It gives out a whole crapload of info about my system, which rather defeats the point of having a jail.
What about making a "proc" goup, setting all of /proc to be owned by that group, and then setting the w, who, write and whatever commands that need /proc to also be in that group, and then setting those commands sgid? That way users would not be able to peek inside /proc except through the use of an authorized program. I think that would work, but can anyone think of any security implications for it?
Government is like fire - a handy servant, but a dangerous master - George Washington
Government is not reason, it is not eloquence - it is force. - George Washington.
Join the UnError community!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote