VanDyke Software Forums

VanDyke Software Forums (https://forums.vandyke.com/index.php)
-   General (https://forums.vandyke.com/forumdisplay.php?f=11)
-   -   Log file for audit purposes (https://forums.vandyke.com/showthread.php?t=11230)

shoebear 10-11-2013 11:55 AM

Log file for audit purposes
 
Where I work, applications are owned by superusers. In production environments, I must first log in as myself, then su to the application superuser. I do so by executing a script that starts a log file of my session, then su's me. This log is kept for audit purposes. We do not know the superuser account passwords.

This is a pain in the patootie, especially when we need to migrate program files from Windows to Unix. Since we can only sftp as ourselves, not the superuser, we have to sftp the file to a temporary location, ssh in as the superuser, copy the file to the final location, then delete the file from the temp location. Oh, and we are locked out of the chown command also.

It would be much easier to authenticate with a key pair directly as the superuser, which is what we do in dev & test environments. The reason we can't do this in production is because of the requirement to keep a log.

I played with the log file feature in SecureCRT/FX, and I couldn't get it to log SecureFX transactions. Besides, we could turn it off if we wanted to do something nefarious.

So my questions:
  • Is there a way to log SecureFX transactions?
  • Is there a way to lock down the log file feature so that we can't turn it off?
  • If not, does anyone know of a way to enforce mandatory logging of both SSH and SFTP sessions at the Linux level and still allow us to connect directly as the superuser?

Thanks!
Dan

jdev 10-11-2013 03:28 PM

There currently isn't a way to enforce logging to occur in SecureCRT/SecureFX. Even if there were a way to enforce logging within SecureCRT/FX, it wouldn't be fail-safe since a user could simply use another client application to perform their nefarious action(s).

The best practice would be for the SSH/SFTP server to log all transactions.
That way, regardless of the client being used and its configuration for logging or not, all transactions would be logged by the SFTP server.

What SSH server is in use on the remote machine(s)?

What is the universe of SFTP transactions you need to log (or keep track of in some way for auditing)?

What is the myriad of shell transactions that would need to be tracked for auditing?

If for whatever reason you feel your answers would give away too much on a public forum such as this, feel free to send email to support@vandyke.com or give us a call directly: +1 505-332-5730 (7:30AM - 5:30PM Mountain).


--Jake


All times are GMT -6. The time now is 09:44 PM.