Results 1 to 15 of 15
  1. #1
    Join Date
    Nov 2000
    Location
    localhost
    Posts
    3,771

    Email upon SSH login

    Despite dozens of searches, I can't for the live of me find the snippet of code used to email the admin whenever someone login via SSH, if I remember correctly it was appended to .profile.

    Can someone point me in the right direction?

    (wishes for natural language search)
    MattF - Since the start..

  2. #2
    Join Date
    Jul 2001
    Location
    Singapore
    Posts
    1,889
    Append this to the bottom of ~/.bash_profile:
    Code:
    # Send alert to server admin
    echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access on Server `hostname` from `who | awk '{print $6}'`" YOUREMAIL
    To test it, issue this command after adding the above to ~/.bash_profile:
    Code:
    source ~/.bash_profile
    Hope this is what you are looking for
    Giam Teck Choon
    :: Join choon.net Community today to share your tips and tricks on server issues please ::
    :: Singapore Dedicated Servers :: Singapore Virtual Private Servers :: Linux/FreeBSD Server Management ::

  3. #3
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    choon beat me to it
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  4. #4
    Join Date
    Nov 2000
    Location
    localhost
    Posts
    3,771
    Thanks guys
    MattF - Since the start..

  5. #5
    Join Date
    Nov 2002
    Posts
    47
    Originally posted by choon
    Append this to the bottom of ~/.bash_profile:
    Code:
    # Send alert to server admin
    echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access on Server `hostname` from `who | awk '{print $6}'`" YOUREMAIL
    To test it, issue this command after adding the above to ~/.bash_profile:
    Code:
    source ~/.bash_profile
    Hope this is what you are looking for
    I've done that before and it is working. Now I am trying to do the same on the new server but have a problem with saving file.

    It doesn't allow me to save changes:
    [ Could not open file for writing: Permission denied ]

    Permissions on file are (it is the same on another server where I was able to save changes!):
    -rw-r--r-- 1 root root 356 Aug 8 2004 .bash_profile


    Please help.

    Thanks!

  6. #6
    Join Date
    Jun 2003
    Posts
    976
    Originally posted by choon
    Append this to the bottom of ~/.bash_profile:
    whats the suggestion for ppl not using bash?
    for csh it could be /etc/csh.login or ~/.login file
    using /etc/profile would be nice, but not all shells do read it, beside it might be read on non-login invocation too
    maybe abuse $HOME/.ssh/rc or /etc/ssh/sshrc?

  7. #7
    Join Date
    Apr 2003
    Location
    NC
    Posts
    3,093
    Originally posted by 00000
    I've done that before and it is working. Now I am trying to do the same on the new server but have a problem with saving file.

    It doesn't allow me to save changes:
    [ Could not open file for writing: Permission denied ]

    Permissions on file are (it is the same on another server where I was able to save changes!):
    -rw-r--r-- 1 root root 356 Aug 8 2004 .bash_profile


    Please help.

    Thanks!
    I had the same problem yesterday, you need to chattr -i .bash_profile.
    John W, CISSP, C|EH
    MS Information Security and Assurance
    ITEagleEye.com - Server Administration and Security
    Yawig.com - Managed VPS and Dedicated Servers with VIP Service

  8. #8
    There is a better approach to this. One I can think of is using tenshi. The description for the utility is
    Tenshi is a log monitoring program, designed to watch one or more log files for lines
    matching user defined regular expressions and report on the matches........
    You could write a small shell script to do the same if you don't need the more advanced features of this tool.
    -Justin Mazzi
    HostRocket SysAdmin
    Protect your servers from vulnerable PHP scripts

  9. #9
    Don't forget to:

    #chattr +i .bash_profile

  10. #10
    Might it not be better to put the code in /etc/bashrc ?
    www.corevps.com - Hosting with Integrity

  11. #11
    Join Date
    Apr 2002
    Location
    Troy, MI
    Posts
    324
    Ryan MacDonald
    Lead Administrator | TotalChoice Hosting
    Choice Does Matter! | Serving over 26,000 clients

  12. #12
    that isn't going to work when someone run commands without allocating a shell. To test this out, just do:

    ssh servername "command here"
    -Justin Mazzi
    HostRocket SysAdmin
    Protect your servers from vulnerable PHP scripts

  13. #13
    Join Date
    Nov 2002
    Posts
    47
    Thanks, this works great!

  14. #14
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,135
    Jeeeeez, talk about dragging up a reaaaaaly old post
    adding this to ~/.bash_profile will work, but if you want to really be efficient, add it to something like /etc/profile, or create a script like /etc/profile.d/login.sh with the following
    Code:
    echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access on Server `hostname` from `who | awk '{print $6}'`" YOUREMAIL
    The difference? This will let you know when ANY user logs in, not just when that specific user logs in. Of course, you'll need to make that an executable (chmod a+x /etc/profile.d/filename.sh), and make sure to get the .sh part in there as well
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons

  15. #15
    Join Date
    Nov 2002
    Posts
    47
    Originally posted by Microsoft Warrior
    Jeeeeez, talk about dragging up a reaaaaaly old post
    Yes, that is happening when users are using search function

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •