It’s useful sometimes to get notifications on every ssh login that is happen on the server (though, could be used to monitor logins made by other means). First method is based on the /etc/profile, but it should not be used because user can override it with setting own variables if home directory is writable for him. Most convenient is to use PAM, putting in the /etc/pam.d/sshd execution of the script that whould send the mail in the session section:
session optional pam_exec.so seteuid /usr/local/bin/send_mail.sh
I would not recommend to set “required” here because the fail of the scrip should not be critical. The script just sends notification mail:
#!/bin/sh
if [ "$PAM_TYPE" != "open_session" ]
then
exit 0
else
{
echo "User: $PAM_USER"
echo "User: $PAM_TYPE"
echo "Remote Host: $PAM_RHOST"
echo "Service: $PAM_SERVICE"
echo "TTY: $PAM_TTY"
echo "Date: `date`"
echo "Server: `uname -a`"
} | mail -s "$PAM_SERVICE login on `hostname -s` for account $PAM_USER" admin@example.com
fi
exit 0
Don’t forget to put +x permissions on it with:
chmod +x /usr/local/bin/send_mail.sh
Leave a Reply