[SOLVED] notify the administrator for every remote login attempt
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
notify the administrator for every remote login attempt
Hello, am using RHEL 5 ,i would like the system to send me an email for every time some one attempts to login to the server remotely. i have created the emailing script in perl and it works. but i want it to be triggered if someone tries to access the server. how can this be possible
chrism01 , i have changed the script , and it is being triggered for every remote login attempt, the only thing is that it shows the script has errors .. like so
bash: use: command not found
bash: print: command not found
bash: /etc/profile.d/sendemail.sh: line 4: syntax error near unexpected token `('
bash: /etc/profile.d/sendemail.sh: line 4: `$smtp = Net::SMTP->new("192.168.0.1");'
what is confusing me is that , when i execute the script alone with ./sendemail.sh , it works perfectly. is there something am doing wrongly ....
For those of you using Debian or Ubuntu, I've created an application that solves this in a different way, running as a system daemon.
I call it Authentication Monitor and it can be configured to monitor a list of services and users. Whenever a users logs in to one of these services, an alert-email will be sent, notifying of this login.
Authentication Monitor is free and can be found at my website "bwyan DOT dk" or by searching for "Authentication Monitor" using Google.
Currently your "Authentication Monitor" only checks one distribution-specific log file (could add /var/log/secure?), it only searches for one pattern (how about "Accepted publickey"?), it requires PHP (even if you never heard of fail2ban, Logwatch or Swatch you could use PAM or else a simple shell script would suffice) and since authorized logins are already recorded I wonder what the reason for using this would be anyway. If anyone would justify usage in terms of "enhancing security" then that would point to flawed reasoning IMHO. Because all it does is send a mail (or a deluge of emails given a busy host), it is an "after the fact" op, it does not command any action nor does it prevent anything.