Difference between revisions of "SSH Email Alerts"
From Amahi Wiki
(6 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | This guide shows a simple way to know when someone logged in as root or normal user using [[SSH]]. It will send an email alert notification to the specified email address along with the IP address of last login. | + | This guide shows a simple way to know when someone logged in as root or normal user using [[Key-Based SSH Logins|Secure Shell (SSH)]]. It will send an email alert notification to the specified email address along with the IP address of last login. |
− | * [[Open_Terminal|As root user]] create ''ssh_email_alert | + | '''PREREQUISITE:''' You must have configured your HDA to send emails. One way to do so is by following the [[Outgoing_mail_via_gmail|Outgoing mail via Gmail]] guidance. |
+ | |||
+ | == Method 1 == | ||
+ | * [[Open_Terminal|As root user]] create ''/usr/bin/ssh_email_alert'' with the following text: | ||
<pre>#!/bin/bash | <pre>#!/bin/bash | ||
Line 13: | Line 16: | ||
echo "SSH Login:" >> $tmptxt | echo "SSH Login:" >> $tmptxt | ||
echo "`who -m`" >> $tmptxt | echo "`who -m`" >> $tmptxt | ||
− | |||
echo "" >> $tmptxt | echo "" >> $tmptxt | ||
Line 26: | Line 28: | ||
echo "Current sudo:" >> $tmptxt | echo "Current sudo:" >> $tmptxt | ||
echo "`whoami`" >> $tmptxt | echo "`whoami`" >> $tmptxt | ||
− | |||
echo "" >> $tmptxt | echo "" >> $tmptxt | ||
Line 40: | Line 41: | ||
* Set execute permissions: | * Set execute permissions: | ||
− | chmod 755 /usr/bin/ssh_email_alert | + | chmod 755 /usr/bin/ssh_email_alert |
* Edit ''/etc/profile'' and add this to the bottom of the file: | * Edit ''/etc/profile'' and add this to the bottom of the file: | ||
− | ssh_email_alert. | + | ssh_email_alert |
+ | |||
+ | Reference: [http://linux.alanstudio.hk/ssh_emailalert.htm Email Alert for SSH login] | ||
+ | |||
+ | == Method 2 == | ||
+ | * [[Open_Terminal|As root user]] edit ''/etc/profile'' and add this to the bottom of the file: | ||
+ | <pre>if [ -n "$SSH_CLIENT" ]; then | ||
+ | TEXT="$(date): SSH login to ${USER}@$(hostname -f)" | ||
+ | TEXT="$TEXT from $(echo $SSH_CLIENT|awk '{print $1}')" | ||
+ | echo $TEXT|mail -s "SSH Login" name@domain.com | ||
+ | fi</pre> | ||
− | + | :'''NOTE:''' Ensure you replace name@domain.com with your email address. | |
− | + | You should not get an email anytime a user logs into your HDA via [[Key-Based SSH Logins|Secure Shell (SSH)]]. |
Latest revision as of 00:47, 3 November 2014
This guide shows a simple way to know when someone logged in as root or normal user using Secure Shell (SSH). It will send an email alert notification to the specified email address along with the IP address of last login.
PREREQUISITE: You must have configured your HDA to send emails. One way to do so is by following the Outgoing mail via Gmail guidance.
Method 1
- As root user create /usr/bin/ssh_email_alert with the following text:
#!/bin/bash tmptxt="/tmp/ssh_alert_email.txt" ip="`who -m | cut -d'(' -f2 | cut -d')' -f1`" echo "ALERT - SSH Shell Access" > $tmptxt echo "" >> $tmptxt echo "SSH Login:" >> $tmptxt echo "`who -m`" >> $tmptxt echo "" >> $tmptxt echo "IP:" >> $tmptxt echo "$ip" >> $tmptxt echo "" >> $tmptxt echo "Access time:" >> $tmptxt echo "`date`" >> $tmptxt echo "" >> $tmptxt echo "Current sudo:" >> $tmptxt echo "`whoami`" >> $tmptxt echo "" >> $tmptxt echo "Home path:" >> $tmptxt echo "`pwd`" >> $tmptxt #cat $tmptxt cat $tmptxt | mail -s "Alert: SSH Access from $ip" name@domain.com rm -fr $tmptxt
- NOTE: Ensure you replace name@domain.com with your email address.
- Set execute permissions:
chmod 755 /usr/bin/ssh_email_alert
- Edit /etc/profile and add this to the bottom of the file:
ssh_email_alert
Reference: Email Alert for SSH login
Method 2
- As root user edit /etc/profile and add this to the bottom of the file:
if [ -n "$SSH_CLIENT" ]; then TEXT="$(date): SSH login to ${USER}@$(hostname -f)" TEXT="$TEXT from $(echo $SSH_CLIENT|awk '{print $1}')" echo $TEXT|mail -s "SSH Login" name@domain.com fi
- NOTE: Ensure you replace name@domain.com with your email address.
You should not get an email anytime a user logs into your HDA via Secure Shell (SSH).