Despite dozens of searches, I can't for the live of me find the snippet of code used to email the admin whenever someone login via SSH, if I remember correctly it was appended to .profile.

Can someone point me in the right direction?

(wishes for natural language search)

Append this to the bottom of ~/.bash_profile:
# Send alert to server admin
echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access on Server `hostname` from `who | awk '{print $6}'`" YOUREMAIL
To test it, issue this command after adding the above to ~/.bash_profile:
source ~/.bash_profile
Hope this is what you are looking for ;)

choon beat me to it

Thanks guys

Originally posted by choon
Append this to the bottom of ~/.bash_profile:
# Send alert to server admin
echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access on Server `hostname` from `who | awk '{print $6}'`" YOUREMAIL
To test it, issue this command after adding the above to ~/.bash_profile:
source ~/.bash_profile
Hope this is what you are looking for ;)

I've done that before and it is working. Now I am trying to do the same on the new server but have a problem with saving file.

It doesn't allow me to save changes:
[ Could not open file for writing: Permission denied ]

Permissions on file are (it is the same on another server where I was able to save changes!):
-rw-r--r-- 1 root root 356 Aug 8 2004 .bash_profile


Please help.

Thanks!

Originally posted by choon
Append this to the bottom of ~/.bash_profile:

whats the suggestion for ppl not using bash?
for csh it could be /etc/csh.login or ~/.login file
using /etc/profile would be nice, but not all shells do read it, beside it might be read on non-login invocation too
maybe abuse $HOME/.ssh/rc or /etc/ssh/sshrc?

Originally posted by 00000
I've done that before and it is working. Now I am trying to do the same on the new server but have a problem with saving file.

It doesn't allow me to save changes:
[ Could not open file for writing: Permission denied ]

Permissions on file are (it is the same on another server where I was able to save changes!):
-rw-r--r-- 1 root root 356 Aug 8 2004 .bash_profile


Please help.

Thanks!

I had the same problem yesterday, you need to chattr -i .bash_profile.

There is a better approach to this. One I can think of is using tenshi (http://www.gentoo.org/proj/en/infrastructure/tenshi/). The description for the utility is

Tenshi is a log monitoring program, designed to watch one or more log files for lines
matching user defined regular expressions and report on the matches........


You could write a small shell script to do the same if you don't need the more advanced features of this tool.

Don't forget to:

#chattr +i .bash_profile

Might it not be better to put the code in /etc/bashrc ?

http://forums.ev1servers.net/showthread.php?p=279225#post279225

Originally posted by rfxn
http://forums.ev1servers.net/showthread.php?p=279225#post279225

that isn't going to work when someone run commands without allocating a shell. To test this out, just do:

ssh servername "command here"

Originally posted by rfxn
http://forums.ev1servers.net/showthread.php?p=279225#post279225

Thanks, this works great!

Jeeeeez, talk about dragging up a reaaaaaly old post ;)
adding this to ~/.bash_profile will work, but if you want to really be efficient, add it to something like /etc/profile, or create a script like /etc/profile.d/login.sh with the following

echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access on Server `hostname` from `who | awk '{print $6}'`" YOUREMAIL

The difference? This will let you know when ANY user logs in, not just when that specific user logs in. Of course, you'll need to make that an executable (chmod a+x /etc/profile.d/filename.sh), and make sure to get the .sh part in there as well :)

Originally posted by Microsoft Warrior
Jeeeeez, talk about dragging up a reaaaaaly old post ;)

Yes, that is happening when users are using search function :)