In this guide, we are looking into a PAM implementation. By default, SFTP chroots and non-chroot users last login information will not be saved, To get the same we need to configure the PAM.

While the security team look for each and every log from our server it’s system admin responsible to implement the logging system, This guide applies for both RHEL 6 & 7 based operating systems.

Enabling last log information for SFTP users in Red Hat Enterprise Linux and variants.

Step: 1

Before starting with implementing PAM let us verify whether pam module enabled and PAM support enabled in sshd_config using a simple grep.

# grep "pam_lastlog" /etc/pam.d/sshd
# grep "UsePAM" /etc/ssh/sshd_config

sshd pam configuration

Verify SSHD using PAM




Step2:

 
Edit and configure the PAM settings to “Yes” in SSHD configuration to start using PAM.

# vi /etc/ssh/sshd_config
UsePAM=yes

 

Step 3:

 
Enable pam_laslog.so by adding in the first line of the session section above the SELinux.

# vi /etc/pam.d/sshd

 

Add only the first line which contains pam_lastlog.so

session required pam_lastlog.so  # Append with only this line.
session required pam_selinux.so close
session required pam_loginuid.so

 

sshd lastlog pam configuration

sshd lastlog pam configuration

Step 4:

Restart the SSHD service and check for the status.

# systemctl restart sshd
# systemctl status sshd

 

Restart sshd service

Restart sshd service



Finally, the last log will start to log all SFTP chroot user and non-chroot user log-in information under the wtmp file.

# lastlog

 

Verify lastlog

Verify lastlog

 

That’s it, We have managed to enable last log information for SFTP Chroot and non-chroot users.

Conclusion:

A default configuration which not in place has been implemented using PAM for chroot users in RHEL based operating systems. This will help us to find which user accessing server for SFTP service, Its a key factor for security audit purpose.

Provide your feedback in below comment section we are looking forward to hearing something from you.

Babin Lonston
Overall 13+ Years of experience in IT field, 7+ years of experience in Linux administration with Virtualization & Cloud technologies. Love documentation and being Numismatics for a long time.

How to install and register Linux clients with Spacewalk server 2.8

Previous article

FDISK to partition the disks in Linux

Next article

You may also like

Comments

Leave a reply

Your email address will not be published.

More in Linux