LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (http://www.linuxquestions.org/questions/linux-general-1/)
-   -   notify the administrator for every remote login attempt (http://www.linuxquestions.org/questions/linux-general-1/notify-the-administrator-for-every-remote-login-attempt-802793/)

kabazzi 04-19-2010 02:44 AM

notify the administrator for every remote login attempt
 
Hello, am using RHEL 5 ,i would like the system to send me an email for every time some one attempts to login to the server remotely. i have created the emailing script in perl and it works. but i want it to be triggered if someone tries to access the server. how can this be possible

barshani 04-19-2010 03:28 AM

Add that script in /etc/profile
so that u will get mail for every success login

kabazzi 04-19-2010 07:03 AM

i've done like you said but it didnt send the mail. this is my script sendemail.sh

#! /usr/bin/perl
use Net::SMTP;
print "starting email send .";
$smtp = Net::SMTP->new("192.168.0.1");
$smtp->mail("c.baranga\@cit.mak.ac.ug");
$smtp->to("a.agaba\@cit.mak.ac.ug");
$smtp->data;
$smtp->datasend("Subject: Remote Server Login Attempt");
$smtp->datasend("\n");
$smtp->datasend("Check your secure.Log now ..");
$smtp->dataend;
$mssg = $smtp->quit;
print "$mssg";
print "finished, email sent ";


i would like this script to be executed once there is a remote login attempt to the system whether successfull or unsuccessful

chrism01 04-19-2010 08:07 PM

Show how you've put it in /etc/profile.
Incidentally, for all Perl scripts, start with

Code:

#!/usr/bin/perl -w
use strict;

At least your first problem is
Code:

#! /usr/bin/perl
note the space between '!' and '/usr'; that should not be there..

kabazzi 04-20-2010 12:02 AM

chrism01 , i have changed the script , and it is being triggered for every remote login attempt, the only thing is that it shows the script has errors .. like so

bash: use: command not found
bash: print: command not found
bash: /etc/profile.d/sendemail.sh: line 4: syntax error near unexpected token `('
bash: /etc/profile.d/sendemail.sh: line 4: `$smtp = Net::SMTP->new("192.168.0.1");'

what is confusing me is that , when i execute the script alone with ./sendemail.sh , it works perfectly. is there something am doing wrongly ....

nowonmai 04-20-2010 11:31 AM

How are you calling the script? Bash is trying to run it, which, given that it's a perl script, would cause problems.

barshani 04-21-2010 12:24 AM

Please add
/usr/bin/perl /pathOfFile/sendmail.sh in /etc/profile

Note:-
you should check the file permission for /pathOfFile/sendmail.sh

this will send maill for every success login.

chrism01 04-21-2010 01:37 AM

Perl progs should end in .pl eg send_email.pl and you need to run it as a standalone prog, not embed it in bash, its not shell code eg

Code:

#some bash code
x=test

# calling perl prog
/path/to/perl/prog/sendemail.pl

# more bash
x=done

Ensure that the Perl prog has the appropriate ownerships and perms eg

root:root rwx------ sendemail.pl

kabazzi 04-22-2010 12:28 AM

For Real ... thats it , thanks you guys , its now working after setting the permissions and invoked it the correct way ..

#!/bin/bash
perl /etc/profile.d/sendemail.pl
#echo "finished ";

chrism01 04-22-2010 09:14 PM

Quote:

perl /etc/profile.d/sendemail.pl
the initial 'perl' bit is redundant if you've specified the perl exe as the first line of the script ie hashbang line (best practice).

bwyan 02-09-2013 05:08 AM

Authentication Monitor
 
For those of you using Debian or Ubuntu, I've created an application that solves this in a different way, running as a system daemon.

I call it Authentication Monitor and it can be configured to monitor a list of services and users. Whenever a users logs in to one of these services, an alert-email will be sent, notifying of this login.

Authentication Monitor is free and can be found at my website "bwyan DOT dk" or by searching for "Authentication Monitor" using Google.

unSpawn 02-09-2013 09:15 AM

Currently your "Authentication Monitor" only checks one distribution-specific log file (could add /var/log/secure?), it only searches for one pattern (how about "Accepted publickey"?), it requires PHP (even if you never heard of fail2ban, Logwatch or Swatch you could use PAM or else a simple shell script would suffice) and since authorized logins are already recorded I wonder what the reason for using this would be anyway. If anyone would justify usage in terms of "enhancing security" then that would point to flawed reasoning IMHO. Because all it does is send a mail (or a deluge of emails given a busy host), it is an "after the fact" op, it does not command any action nor does it prevent anything.


All times are GMT -5. The time now is 09:13 AM.