Sending email notifications of SSH logins on a system
There are some setups where it's beneficial to get a notice of user logins on a system. Here's one way to do it.
Create /usr/local/sbin/notify-login-mail.sh
:
#!/bin/sh
if [ "$PAM_TYPE" != "open_session" ]
then
exit 0
else
{
echo "User: $PAM_USER"
echo "Remote host: $PAM_RHOST"
echo "Service: $PAM_SERVICE"
echo "TTY: $PAM_TTY"
echo "Date: `date`"
echo "Server: `uname -a`"
} | mail -s "$PAM_SERVICE login on `hostname -s` for account $PAM_USER" root
fi
exit 0
# chmod 500 /usr/local/sbin/notify-login-mail.sh
Append the execution trigger to certain files, e.g. /etc/pam.d/[sshd|su|sudo]
:
session optional pam_exec.so /usr/local/sbin/notify-login-mail.sh
For example the following triggers the notification from SSH logins, and successful su
's and sudo
's:
echo "session optional pam_exec.so /usr/local/sbin/notify-login-mail.sh" >> /etc/pam.d/sshd
echo "session optional pam_exec.so /usr/local/sbin/notify-login-mail.sh" >> /etc/pam.d/su
echo "session optional pam_exec.so /usr/local/sbin/notify-login-mail.sh" >> /etc/pam.d/sudo
Check that mail
exists; if not, it's in the package mailx:
# yum install mailx
Check the root account mail has been sensibly forwarded (e.g. /etc/aliases
). Ensure there's a local MTA installed.
{{ 'Comments (%count%)' | trans {count:count} }}
{{ 'Comments are closed.' | trans }}