Guest User

Untitled

a guest
Nov 16th, 2017
455
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.34 KB | None | 0 0
  1. ip=`echo $SSH_CONNECTION | cut -d " " -f 1`
  2.  
  3. logger -t ssh-wrapper $USER login from $ip
  4. echo "User $USER just logged in from $ip" | sendemail -q -u "SSH Login" -f "Originator <from@address.com>" -t "Your Name <your.email@domain.com>" -s smtp.server.com &
  5.  
  6. #!/bin/sh
  7.  
  8. # Change these two lines:
  9. sender="sender-address@example.com"
  10. recepient="notify-address@example.org"
  11.  
  12. if [ "$PAM_TYPE" != "close_session" ]; then
  13. host="`hostname`"
  14. subject="SSH Login: $PAM_USER from $PAM_RHOST on $host"
  15. # Message to send, e.g. the current environment variables.
  16. message="`env`"
  17. echo "$message" | mailx -r "$sender" -s "$subject" "$recepient"
  18. fi
  19.  
  20. session optional pam_exec.so seteuid /path/to/login-notify.sh
  21.  
  22. check file ssh_logins with path /var/log/auth.log
  23. # Ignore login's from whitelist ip addresses
  24. ignore match "100.100.100.1"
  25. # Else, alert
  26. if match "Accepted publickey" then alert
  27.  
  28. if [ -n "$SSH_CLIENT" ]; then
  29. TEXT="$(date): ssh login to ${USER}@$(hostname -f)"
  30. TEXT="$TEXT from $(echo $SSH_CLIENT|awk '{print $1}')"
  31. echo $TEXT|mail -s "ssh login" you@your.domain
  32. fi
  33.  
  34. ip=`echo $SSH_CONNECTION | cut -d " " -f 1`
  35.  
  36. logger -t ssh-wrapper $USER login from $ip
  37. echo "User $USER just logged in from $ip" | mail -s "SSH Login" "who to <who-to@youremail.com>" &
  38.  
  39. #!/bin/sh
  40.  
  41. # this script is triggered on SSH login and sends an email with details of the login
  42. # such as user, IP, hostname, and environment variables
  43.  
  44. # script should be placed somewhere on the server, eg /etc/ssh
  45. # to trigger on SSH login, put this line in /etc/pam.d/sshd:
  46. # session optional pam_exec.so seteuid /etc/ssh/snippet-for-sending-emails-on-SSH-login-using-PAM.sh
  47.  
  48. # Script settings
  49. MAILGUN_API_KEY=
  50. MAILGUN_DOMAIN=
  51. SENDER_NAME=
  52. SENDER_EMAIL_ADDRESS=
  53. RECIPIENT_EMAIL_ADDRESS=
  54.  
  55. if [ "$PAM_TYPE" != "close_session" ]; then
  56. host=$(hostname)
  57. ip=$(dig +short myip.opendns.com @resolver1.opendns.com) # gets public IP
  58. # Message to send, e.g. the current environment variables.
  59. subject="SSH login - user:$USER pam-host:$PAM_RHOST host:$host ip:$ip"
  60. message=$(env)
  61. curl -s --user '$MAILGUN_API_KEY'
  62. https://api.mailgun.net/v3/$MAILGUN_DOMAIN/messages
  63. -F from='$SENDER_NAME <$SENDER_EMAIL_ADDRESS>'
  64. -F to=$RECIPIENT_EMAIL_ADDRESS
  65. -F subject="$subject"
  66. -F text="${subject} ${message}"
  67. fi
Add Comment
Please, Sign In to add comment