Is there a way to keep a log of the files copied using SCP? I am administering a server which contains some files that should be monitored (in a specific folder and its subfolders), so when someone copies them via SSH, the copying process should be logged.
I thought of looking into the Bash command history of users and search for commands that start with scp, but that's blatant invasion of privacy and it's also very easy for users to delete this history (even without bad intent).
Does anyone know a way for this? I can make a web-based interface to the server with usernames/passwords and logging downloads would be easy then, but I'm interested in a "bare metal" solution, if there's one.
EDIT: I looked over SSHD's logging options, like FascistLogging, or Debug logging, but those didn't seem very appropriate. Are they actually the solution?
EDIT 2: I'm beginning to believe that this question shouldn't be on Stack Overflow, but rather on Server Fault… What should I do?
Best Answer
I would use incron. It utilizes Linux kernel
inotifysubsystem and if some monitored directory tree / file gets modified, you can execute anything you want. Theincrontabfile format is very straightforward, for examplewould run
/usr/local/bin/log_file_modifications.shevery time something gets modified at/your/directorydirectory tree, calling the script with the full path ($@argument) and the file that got modified ($#argument).Your script could be about as simple as