Results 1 to 15 of 15
Thread: Email upon SSH login
-
05-03-2004, 10:19 AM #1Web Hosting Master
- Join Date
- Nov 2000
- Location
- localhost
- Posts
- 3,771
Email upon SSH login
Despite dozens of searches, I can't for the live of me find the snippet of code used to email the admin whenever someone login via SSH, if I remember correctly it was appended to .profile.
Can someone point me in the right direction?
(wishes for natural language search)MattF - Since the start..
-
05-03-2004, 10:21 AM #2Retired Moderator
- Join Date
- Jul 2001
- Location
- Singapore
- Posts
- 1,889
Append this to the bottom of ~/.bash_profile:
Code:# Send alert to server admin echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access on Server `hostname` from `who | awk '{print $6}'`" YOUREMAIL
Code:source ~/.bash_profile
Giam Teck Choon
:: Join choon.net Community today to share your tips and tricks on server issues please ::
:: Singapore Dedicated Servers :: Singapore Virtual Private Servers :: Linux/FreeBSD Server Management ::
-
05-03-2004, 10:22 AM #3Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
choon beat me to it
Steven Ciaburri | Industry's Best Server Management - Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
-
05-03-2004, 01:11 PM #4Web Hosting Master
- Join Date
- Nov 2000
- Location
- localhost
- Posts
- 3,771
Thanks guys
MattF - Since the start..
-
03-30-2005, 05:35 PM #5Junior Guru Wannabe
- Join Date
- Nov 2002
- Posts
- 47
Originally posted by choon
Append this to the bottom of ~/.bash_profile:
Code:# Send alert to server admin echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access on Server `hostname` from `who | awk '{print $6}'`" YOUREMAIL
Code:source ~/.bash_profile
It doesn't allow me to save changes:
[ Could not open file for writing: Permission denied ]
Permissions on file are (it is the same on another server where I was able to save changes!):
-rw-r--r-- 1 root root 356 Aug 8 2004 .bash_profile
Please help.
Thanks!
-
03-30-2005, 05:55 PM #6Web Hosting Master
- Join Date
- Jun 2003
- Posts
- 976
Originally posted by choon
Append this to the bottom of ~/.bash_profile:
for csh it could be /etc/csh.login or ~/.login file
using /etc/profile would be nice, but not all shells do read it, beside it might be read on non-login invocation too
maybe abuse $HOME/.ssh/rc or /etc/ssh/sshrc?
-
03-30-2005, 06:13 PM #7Web Hosting Master
- Join Date
- Apr 2003
- Location
- NC
- Posts
- 3,093
Originally posted by 00000
I've done that before and it is working. Now I am trying to do the same on the new server but have a problem with saving file.
It doesn't allow me to save changes:
[ Could not open file for writing: Permission denied ]
Permissions on file are (it is the same on another server where I was able to save changes!):
-rw-r--r-- 1 root root 356 Aug 8 2004 .bash_profile
Please help.
Thanks!John W, CISSP, C|EH
MS Information Security and Assurance
ITEagleEye.com - Server Administration and Security
Yawig.com - Managed VPS and Dedicated Servers with VIP Service
-
03-30-2005, 07:28 PM #8Newbie
- Join Date
- Sep 2001
- Posts
- 25
There is a better approach to this. One I can think of is using tenshi. The description for the utility is
Tenshi is a log monitoring program, designed to watch one or more log files for lines
matching user defined regular expressions and report on the matches........
-
03-31-2005, 08:40 AM #9Premium Member
- Join Date
- Jul 2004
- Posts
- 535
Don't forget to:
#chattr +i .bash_profile
-
03-31-2005, 08:54 AM #10Junior Guru Wannabe
- Join Date
- Mar 2005
- Posts
- 54
Might it not be better to put the code in /etc/bashrc ?
www.corevps.com - Hosting with Integrity
-
03-31-2005, 01:13 PM #11Web Hosting Guru
- Join Date
- Apr 2002
- Location
- Troy, MI
- Posts
- 324
Ryan MacDonald
Lead Administrator | TotalChoice Hosting
Choice Does Matter! | Serving over 26,000 clients
-
03-31-2005, 01:34 PM #12Newbie
- Join Date
- Sep 2001
- Posts
- 25
Originally posted by rfxn
http://forums.ev1servers.net/showthr...225#post279225
ssh servername "command here"
-
03-31-2005, 07:45 PM #13Junior Guru Wannabe
- Join Date
- Nov 2002
- Posts
- 47
Originally posted by rfxn
http://forums.ev1servers.net/showthr...225#post279225
-
03-31-2005, 08:18 PM #14
Jeeeeez, talk about dragging up a reaaaaaly old post
adding this to ~/.bash_profile will work, but if you want to really be efficient, add it to something like /etc/profile, or create a script like /etc/profile.d/login.sh with the following
Code:echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access on Server `hostname` from `who | awk '{print $6}'`" YOUREMAIL
Tom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons
-
04-01-2005, 06:24 AM #15Junior Guru Wannabe
- Join Date
- Nov 2002
- Posts
- 47
Originally posted by Microsoft Warrior
Jeeeeez, talk about dragging up a reaaaaaly old post