Docker CentOS 7 Container Logging SFTP

General support questions
Post Reply
magnezone150
Posts: 3
Joined: 2015/11/25 15:55:19

Docker CentOS 7 Container Logging SFTP

Post by magnezone150 » 2021/10/19 01:48:19

Hello,

I have been looking through quite a few websites.

https://www.ibm.com/support/pages/confi ... -transfers
https://access.redhat.com/articles/1374633
https://serverfault.com/questions/73319 ... here-a-way
https://www.the-art-of-web.com/system/s ... ng-chroot/
https://www.ucartz.com/clients/index.ph ... rRHEL.html
https://unix.stackexchange.com/question ... el-in-sftp
https://serverfault.com/questions/99712 ... -to/997172
https://serverfault.com/questions/66016 ... erver?rq=1

Issue is... It's a Non-privileged container so I'm not sure where to start setting it up or properly restart services without 'systemctl' or 'service' commands and rsyslog doesn't seem work at logging anything by default in containers, I wonder if there are other settings or things that I've been neglecting for Syslog or Rsyslog to work.

The goal is to Log SFTP Sessions

magnezone150
Posts: 3
Joined: 2015/11/25 15:55:19

Re: Docker CentOS 7 Container Logging SFTP

Post by magnezone150 » 2021/10/21 20:25:56

Goal: Container needed to run SFTP and Local Syslogging

Findings: From researching Containerization, Unfortunately there is no clear cut easy setting for one to just turn on/off; once the containers are built and running they will disable service/systemd commands and limit dbus capabilities and will only log out to stderr/stdout by default which is great for additional security, microservices and for webapp deployment and so on but not for local management of container resources.

Conclusion: In theory and from some digging around and testing it is possible to custom make/build a multiservice container or a form of init container with systemd enabled
The only downside would be the requirement for more customization instead of a simple config file changes and would have to be verified to meet security compliance due to potential risks involved (Eg. Container almost getting unlimited power over the host system and the ability to break out of the container space if not built properly)

Options:

1. Reconfigure parts of the DockerFile for an Init Container to be possible then Re-deploy Container.

An Example:

Code: Select all

docker pull mianasbat/centos-ssh-systemd
docker run --privileged --name css1 -v /sys/fs/cgroup:/sys/fs/cgroup:ro -p 2222:22 -p 3306:3306 -p 8080:80 -d mianasbat/centos-ssh-systemd
ssh pos@localhost -p 2222 password is ol2432sn324231024113310

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Docker CentOS 7 Container Logging SFTP

Post by jlehtone » 2021/10/22 08:15:53

I don't know containers, but I do know that there is 'podman' (yum list podman\*) and 'singularity' (in EPEL).
* Neither requires a daemon
* Both can be run as regular user
* With user namespaces the uid/gid inside podman container do not overlap with host uid/gid
* Podman can use docker images/repository
* To convert docker image into singularity image does unfortunately require admin privileges

Post Reply