Difference between revisions of "SSH Email Alerts"
From Amahi Wiki
| Line 1: | Line 1: | ||
| − | This guide shows a simple way to know when someone logged in as root or normal user using [[SSH]]. It will send an email alert notification to the specified email address along with the IP address of last login. | + | This guide shows a simple way to know when someone logged in as root or normal user using [[Key-Based SSH Logins|Secure Shell (SSH)]]. It will send an email alert notification to the specified email address along with the IP address of last login. |
* [[Open_Terminal|As root user]] create ''ssh_email_alert.sh'' with the following text: | * [[Open_Terminal|As root user]] create ''ssh_email_alert.sh'' with the following text: | ||
| Line 45: | Line 45: | ||
ssh_email_alert.sh | ssh_email_alert.sh | ||
| − | You should not get an email anytime a user logs into your HDA via Secure Shell. | + | You should not get an email anytime a user logs into your HDA via [[Key-Based SSH Logins|Secure Shell (SSH)]]. |
Reference: [http://linux.alanstudio.hk/ssh_emailalert.htm Email Alert for SSH login] | Reference: [http://linux.alanstudio.hk/ssh_emailalert.htm Email Alert for SSH login] | ||
Revision as of 14:54, 3 August 2014
This guide shows a simple way to know when someone logged in as root or normal user using Secure Shell (SSH). It will send an email alert notification to the specified email address along with the IP address of last login.
- As root user create ssh_email_alert.sh with the following text:
#!/bin/bash
tmptxt="/tmp/ssh_alert_email.txt"
ip="`who -m | cut -d'(' -f2 | cut -d')' -f1`"
echo "ALERT - SSH Shell Access" > $tmptxt
echo "" >> $tmptxt
echo "SSH Login:" >> $tmptxt
echo "`who -m`" >> $tmptxt
echo "" >> $tmptxt
echo "IP:" >> $tmptxt
echo "$ip" >> $tmptxt
echo "" >> $tmptxt
echo "Access time:" >> $tmptxt
echo "`date`" >> $tmptxt
echo "" >> $tmptxt
echo "Current sudo:" >> $tmptxt
echo "`whoami`" >> $tmptxt
echo "" >> $tmptxt
echo "Home path:" >> $tmptxt
echo "`pwd`" >> $tmptxt
#cat $tmptxt
cat $tmptxt | mail -s "Alert: SSH Access from $ip" name@domain.com
rm -fr $tmptxt
- NOTE: Ensure you replace name@domain.com with your email address.
- Set execute permissions:
chmod 755 /usr/bin/ssh_email_alert.sh
- Edit /etc/profile and add this to the bottom of the file:
ssh_email_alert.sh
You should not get an email anytime a user logs into your HDA via Secure Shell (SSH).
Reference: Email Alert for SSH login
