Re: logging file names with sftp



On Wed, Sep 02, 2009 at 10:34:18PM -0700, Agile Aspect wrote:
The so-called "normal" logging is working - the problem is it's
tragically incomplete.

We store IP information on the server. In addition, it's not
possible to have security without accountability.

The logging of individual file transfers arguably buys you very little
though, because the users are legitimate users who are authenticated.
This is generally quite a different situation from FTP installations,
where often the users are anonymous, and tracking downloads of files
may be interesting from a purely statistical point of view (e.g. how
many downloads of a particular game, application, etc., to determine
its popularity). An individual FTP site may not fall into this
category, but FTP software generally needs to cope with this very
common usage.

With sftp sites, the users are (in some sense) people that you know,
and access to data can and should be carefully regulated via file
system permissions. Users should not be physically able to access
anything they shouldn't have access to, and logging file transfers of
files they legitimately should have access to is in most cases little
more than spying on them.

If your site is *especially* security sensitive, this may be called
for (though, if that's the case, you might also want to re-evaluate
whether you really should be providing file access this way), but most
of the time it probably isn't warranted, and may be considered by
some as an unnecessary invasion of privacy.

--
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0x81CFE75D

Attachment: pgpRVTZZGV9Pi.pgp
Description: PGP signature



Relevant Pages

  • RE: VMWare poor guest isolation design
    ... So, the only risk is the from your hosting company's admins, and any ... and then common security practices of logging & auditing applies. ...
    (Bugtraq)
  • Re: Security logging stopped
    ... login successes and failure events was turned on in the RAS server settings. ... enable auditing on your RAS server: ... Note that to enable logging of access to files or registry settings, ... security properties in Windows Explorer or the REGEDT32 registry editor. ...
    (microsoft.public.security)
  • Re: track user logons
    ... including user actions such as logging on and logging off, and the success and failure of key ... Before you enable auditing, it will be important for you to define exactly ... For example, if you decide to audit account logon sessions, you need to consider what the information ... Your security administrators group might be interested in logging failed logon events ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Honeypot server?
    ... >maximum audit logging to catch worms and hackers. ... Honeypots are nice for security auditing and planning, ...
    (microsoft.public.win2000.security)
  • Re: Security Log Not recording Security events
    ... What size is your log file set to? ... stop logging even if you've configured for a larger size. ... Disable "Halt the system if unable to log security events" in local ... Windows Auditing and Intrusion Detection ...
    (microsoft.public.win2000.security)