Robert Vangel wrote:
Binish A R wrote:
Hello,
I am trying to write my custom firewall rules.
I want to drop all outgoing ssh for non root users and log any such attempts at the same time.
I want to log the username trying to do that. What option should I give?
The following won't definitely work.
iptables -I OUTPUT -p tcp --dport 22 -m owner ! --uid-owner root -j LOG --log-prefix "$USER NO SSH ALLOWED"
because the shell expands $USER variable immediately.
Is there any other option to find the value of owner that get matched by the below rule:
iptables -I OUTPUT -p tcp --dport 22 -m owner ! --uid-owner root
Any help is much appreciated.
Thanks and Regards,
Binish
Make it `--uid-owner ! root' instead of `! --uid-owner root'
iptables -I OUTPUT -p tcp --dport 22 -m owner ! --uid-owner root -j REJECT is working fine, ie its blocking ssh from non-root users. What I want is to log the username (uid) trying to do ssh. Any comments?
