I'm trying to let my server send me automatically an email on ssh-login.
What I've done:
-
Created a
login-notify.sh
file (user root, group root, chmod 755) and placed it inside/etc/ssh/
#!/bin/sh if [ "$PAM_TYPE" != "close_session" ]; then # assembling my variable $TEXT ... echo $TEXT | mail -r "root@.... " - s "Subject line" root
-
Modified
/etc/pam.d/sshd
:echo "session required pam_exec.so seteuid /etc/ssh/login-notify.sh" | sudo tee -a /etc/pam.d/sshd
-
restarted sshd server and even rebooted the machine
-
Manually fired up
/etc/ssh/login-notify.sh
-> mail successful sent -
Logged in through ssh -> no mail has been sent
Addition steps / Information
-
for sending emails from command line I use ssmtp and a gmail-account
-
instead of sending a mail I've tried to append a string to a file and see if it works (echo "ssh login > /home/user/ssh-test) -> no luck…
-
server only accepts public/key authentication for ssh-logins
-
/var/log/syslog
provides no useful information:Dec 27 14:20:51 srv1 fwknopd[2155]: Removed rule 1 from FWKNOP_INPUT with expire time of 1419686451 Dec 27 14:41:48 srv1 fwknopd[2155]: (stanza #1) SPA Packet from IP: xxx.xxx.xxx.xxx received with Access source match Dec 27 14:41:48 srv1 fwknopd[2155]: [xxx.xxx.xxx.xxx] (stanza #1) Incoming SPA data signed by 'XXXXXX'. Dec 27 14:41:48 srv1 fwknopd[2155]: Added Rule to FWKNOP_INPUT for xxx.xxx.xxx.xxx, tcp/xxx expires at 1419687738
After this line I logged in through ssh… no additional text was written to
/var/log/syslog
Best Answer
hm, install csf firewall or OSSEC, with built in functionality you need... according to your question subject line.
CSF Firewall:
.
OSSEC:
and so on in fact you can modify alerts like you need them.
http://configserver.com/cp/csf.html
http://www.ossec.net/