Is there a way to keep a log of the files copied using SCP? I am administering a server which contains some files that should be monitored (in a specific folder and its subfolders), so when someone copies them via SSH, the copying process should be logged.
I thought of looking into the Bash command history of users and search for commands that start with scp
, but that's blatant invasion of privacy and it's also very easy for users to delete this history (even without bad intent).
Does anyone know a way for this? I can make a web-based interface to the server with usernames/passwords and logging downloads would be easy then, but I'm interested in a "bare metal" solution, if there's one.
EDIT: I looked over SSHD's logging options, like FascistLogging, or Debug logging, but those didn't seem very appropriate. Are they actually the solution?
EDIT 2: I'm beginning to believe that this question shouldn't be on Stack Overflow, but rather on Server Fault… What should I do?
Best Answer
I would use incron. It utilizes Linux kernel
inotify
subsystem and if some monitored directory tree / file gets modified, you can execute anything you want. Theincrontab
file format is very straightforward, for examplewould run
/usr/local/bin/log_file_modifications.sh
every time something gets modified at/your/directory
directory tree, calling the script with the full path ($@
argument) and the file that got modified ($#
argument).Your script could be about as simple as