Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ip=`echo $SSH_CONNECTION | cut -d " " -f 1`
- logger -t ssh-wrapper $USER login from $ip
- echo "User $USER just logged in from $ip" | sendemail -q -u "SSH Login" -f "Originator <from@address.com>" -t "Your Name <your.email@domain.com>" -s smtp.server.com &
- #!/bin/sh
- # Change these two lines:
- sender="sender-address@example.com"
- recepient="notify-address@example.org"
- if [ "$PAM_TYPE" != "close_session" ]; then
- host="`hostname`"
- subject="SSH Login: $PAM_USER from $PAM_RHOST on $host"
- # Message to send, e.g. the current environment variables.
- message="`env`"
- echo "$message" | mailx -r "$sender" -s "$subject" "$recepient"
- fi
- session optional pam_exec.so seteuid /path/to/login-notify.sh
- check file ssh_logins with path /var/log/auth.log
- # Ignore login's from whitelist ip addresses
- ignore match "100.100.100.1"
- # Else, alert
- if match "Accepted publickey" then alert
- if [ -n "$SSH_CLIENT" ]; then
- TEXT="$(date): ssh login to ${USER}@$(hostname -f)"
- TEXT="$TEXT from $(echo $SSH_CLIENT|awk '{print $1}')"
- echo $TEXT|mail -s "ssh login" you@your.domain
- fi
- ip=`echo $SSH_CONNECTION | cut -d " " -f 1`
- logger -t ssh-wrapper $USER login from $ip
- echo "User $USER just logged in from $ip" | mail -s "SSH Login" "who to <who-to@youremail.com>" &
- #!/bin/sh
- # this script is triggered on SSH login and sends an email with details of the login
- # such as user, IP, hostname, and environment variables
- # script should be placed somewhere on the server, eg /etc/ssh
- # to trigger on SSH login, put this line in /etc/pam.d/sshd:
- # session optional pam_exec.so seteuid /etc/ssh/snippet-for-sending-emails-on-SSH-login-using-PAM.sh
- # Script settings
- MAILGUN_API_KEY=
- MAILGUN_DOMAIN=
- SENDER_NAME=
- SENDER_EMAIL_ADDRESS=
- RECIPIENT_EMAIL_ADDRESS=
- if [ "$PAM_TYPE" != "close_session" ]; then
- host=$(hostname)
- ip=$(dig +short myip.opendns.com @resolver1.opendns.com) # gets public IP
- # Message to send, e.g. the current environment variables.
- subject="SSH login - user:$USER pam-host:$PAM_RHOST host:$host ip:$ip"
- message=$(env)
- curl -s --user '$MAILGUN_API_KEY'
- https://api.mailgun.net/v3/$MAILGUN_DOMAIN/messages
- -F from='$SENDER_NAME <$SENDER_EMAIL_ADDRESS>'
- -F to=$RECIPIENT_EMAIL_ADDRESS
- -F subject="$subject"
- -F text="${subject} ${message}"
- fi
Add Comment
Please, Sign In to add comment