notify the administrator for every remote login attempt
 

Hello, am using RHEL 5 ,i would like the system to send me an email for every time some one attempts to login to the server remotely. i have created the emailing script in perl and it works. but i want it to be triggered if someone tries to access the server. how can this be possible

Add that script in /etc/profile
so that u will get mail for every success login

i've done like you said but it didnt send the mail. this is my script sendemail.sh

#! /usr/bin/perl
use Net::SMTP;
print "starting email send .";
$smtp = Net::SMTP->new("192.168.0.1");
$smtp->mail("c.baranga\@cit.mak.ac.ug");
$smtp->to("a.agaba\@cit.mak.ac.ug");
$smtp->data;
$smtp->datasend("Subject: Remote Server Login Attempt");
$smtp->datasend("\n");
$smtp->datasend("Check your secure.Log now ..");
$smtp->dataend;
$mssg = $smtp->quit;
print "$mssg";
print "finished, email sent ";


i would like this script to be executed once there is a remote login attempt to the system whether successfull or unsuccessful

Show how you've put it in /etc/profile.
Incidentally, for all Perl scripts, start with

At least your first problem is
note the space between '!' and '/usr'; that should not be there..

chrism01 , i have changed the script , and it is being triggered for every remote login attempt, the only thing is that it shows the script has errors .. like so

bash: use: command not found
bash: print: command not found
bash: /etc/profile.d/sendemail.sh: line 4: syntax error near unexpected token `('
bash: /etc/profile.d/sendemail.sh: line 4: `$smtp = Net::SMTP->new("192.168.0.1");'

what is confusing me is that , when i execute the script alone with ./sendemail.sh , it works perfectly. is there something am doing wrongly ....

How are you calling the script? Bash is trying to run it, which, given that it's a perl script, would cause problems.

Please add
/usr/bin/perl /pathOfFile/sendmail.sh in /etc/profile

Note:-
you should check the file permission for /pathOfFile/sendmail.sh

this will send maill for every success login.

Perl progs should end in .pl eg send_email.pl and you need to run it as a standalone prog, not embed it in bash, its not shell code eg

Ensure that the Perl prog has the appropriate ownerships and perms eg

root:root rwx------ sendemail.pl

For Real ... thats it , thanks you guys , its now working after setting the permissions and invoked it the correct way ..

#!/bin/bash
perl /etc/profile.d/sendemail.pl
#echo "finished ";

the initial 'perl' bit is redundant if you've specified the perl exe as the first line of the script ie hashbang line (best practice).

Authentication Monitor
 

For those of you using Debian or Ubuntu, I've created an application that solves this in a different way, running as a system daemon.

I call it Authentication Monitor and it can be configured to monitor a list of services and users. Whenever a users logs in to one of these services, an alert-email will be sent, notifying of this login.

Authentication Monitor is free and can be found at my website "bwyan DOT dk" or by searching for "Authentication Monitor" using Google.

Currently your "Authentication Monitor" only checks one distribution-specific log file (could add /var/log/secure?), it only searches for one pattern (how about "Accepted publickey"?), it requires PHP (even if you never heard of fail2ban, Logwatch or Swatch you could use PAM or else a simple shell script would suffice) and since authorized logins are already recorded I wonder what the reason for using this would be anyway. If anyone would justify usage in terms of "enhancing security" then that would point to flawed reasoning IMHO. Because all it does is send a mail (or a deluge of emails given a busy host), it is an "after the fact" op, it does not command any action nor does it prevent anything.