LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 04-19-2010, 02:44 AM   #1
kabazzi
LQ Newbie
 
Registered: Apr 2010
Posts: 11

Rep: Reputation: 0
notify the administrator for every remote login attempt


Hello, am using RHEL 5 ,i would like the system to send me an email for every time some one attempts to login to the server remotely. i have created the emailing script in perl and it works. but i want it to be triggered if someone tries to access the server. how can this be possible
 
Old 04-19-2010, 03:28 AM   #2
barshani
LQ Newbie
 
Registered: Sep 2004
Location: Trivandrum
Distribution: Redhat
Posts: 18

Rep: Reputation: 3
Add that script in /etc/profile
so that u will get mail for every success login
 
1 members found this post helpful.
Old 04-19-2010, 07:03 AM   #3
kabazzi
LQ Newbie
 
Registered: Apr 2010
Posts: 11

Original Poster
Rep: Reputation: 0
i've done like you said but it didnt send the mail. this is my script sendemail.sh

#! /usr/bin/perl
use Net::SMTP;
print "starting email send .";
$smtp = Net::SMTP->new("192.168.0.1");
$smtp->mail("c.baranga\@cit.mak.ac.ug");
$smtp->to("a.agaba\@cit.mak.ac.ug");
$smtp->data;
$smtp->datasend("Subject: Remote Server Login Attempt");
$smtp->datasend("\n");
$smtp->datasend("Check your secure.Log now ..");
$smtp->dataend;
$mssg = $smtp->quit;
print "$mssg";
print "finished, email sent ";


i would like this script to be executed once there is a remote login attempt to the system whether successfull or unsuccessful
 
Old 04-19-2010, 08:07 PM   #4
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,283

Rep: Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032
Show how you've put it in /etc/profile.
Incidentally, for all Perl scripts, start with

Code:
#!/usr/bin/perl -w
use strict;
At least your first problem is
Code:
#! /usr/bin/perl
note the space between '!' and '/usr'; that should not be there..
 
Old 04-20-2010, 12:02 AM   #5
kabazzi
LQ Newbie
 
Registered: Apr 2010
Posts: 11

Original Poster
Rep: Reputation: 0
chrism01 , i have changed the script , and it is being triggered for every remote login attempt, the only thing is that it shows the script has errors .. like so

bash: use: command not found
bash: print: command not found
bash: /etc/profile.d/sendemail.sh: line 4: syntax error near unexpected token `('
bash: /etc/profile.d/sendemail.sh: line 4: `$smtp = Net::SMTP->new("192.168.0.1");'

what is confusing me is that , when i execute the script alone with ./sendemail.sh , it works perfectly. is there something am doing wrongly ....
 
Old 04-20-2010, 11:31 AM   #6
nowonmai
Member
 
Registered: Jun 2003
Posts: 481

Rep: Reputation: 48
How are you calling the script? Bash is trying to run it, which, given that it's a perl script, would cause problems.
 
Old 04-21-2010, 12:24 AM   #7
barshani
LQ Newbie
 
Registered: Sep 2004
Location: Trivandrum
Distribution: Redhat
Posts: 18

Rep: Reputation: 3
Please add
/usr/bin/perl /pathOfFile/sendmail.sh in /etc/profile

Note:-
you should check the file permission for /pathOfFile/sendmail.sh

this will send maill for every success login.
 
1 members found this post helpful.
Old 04-21-2010, 01:37 AM   #8
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,283

Rep: Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032
Perl progs should end in .pl eg send_email.pl and you need to run it as a standalone prog, not embed it in bash, its not shell code eg

Code:
#some bash code
x=test

# calling perl prog
/path/to/perl/prog/sendemail.pl

# more bash
x=done
Ensure that the Perl prog has the appropriate ownerships and perms eg

root:root rwx------ sendemail.pl
 
1 members found this post helpful.
Old 04-22-2010, 12:28 AM   #9
kabazzi
LQ Newbie
 
Registered: Apr 2010
Posts: 11

Original Poster
Rep: Reputation: 0
For Real ... thats it , thanks you guys , its now working after setting the permissions and invoked it the correct way ..

#!/bin/bash
perl /etc/profile.d/sendemail.pl
#echo "finished ";
 
Old 04-22-2010, 09:14 PM   #10
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,283

Rep: Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032
Quote:
perl /etc/profile.d/sendemail.pl
the initial 'perl' bit is redundant if you've specified the perl exe as the first line of the script ie hashbang line (best practice).
 
Old 02-09-2013, 05:08 AM   #11
bwyan
LQ Newbie
 
Registered: Feb 2013
Posts: 1

Rep: Reputation: Disabled
Authentication Monitor

For those of you using Debian or Ubuntu, I've created an application that solves this in a different way, running as a system daemon.

I call it Authentication Monitor and it can be configured to monitor a list of services and users. Whenever a users logs in to one of these services, an alert-email will be sent, notifying of this login.

Authentication Monitor is free and can be found at my website "bwyan DOT dk" or by searching for "Authentication Monitor" using Google.
 
Old 02-09-2013, 09:15 AM   #12
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,374
Blog Entries: 54

Rep: Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872Reputation: 2872
Currently your "Authentication Monitor" only checks one distribution-specific log file (could add /var/log/secure?), it only searches for one pattern (how about "Accepted publickey"?), it requires PHP (even if you never heard of fail2ban, Logwatch or Swatch you could use PAM or else a simple shell script would suffice) and since authorized logins are already recorded I wonder what the reason for using this would be anyway. If anyone would justify usage in terms of "enhancing security" then that would point to flawed reasoning IMHO. Because all it does is send a mail (or a deluge of emails given a busy host), it is an "after the fact" op, it does not command any action nor does it prevent anything.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to notify users of last unsuccessful login after succesfully loggin in mccartjd Linux - Security 3 11-11-2009 07:02 AM
Remote Administrator Tool with Linux client and Windows Server WarlockofVirgo Linux - Security 3 04-19-2007 09:27 PM
illegal ssh login attempt killing me ridwan77 Linux - Security 9 05-30-2006 03:27 AM
remote administrator in linux puru_09 Linux - Software 8 03-21-2004 11:58 AM
wrong login attempt limits jester_69 Linux - General 1 10-13-2003 01:57 PM


All times are GMT -5. The time now is 12:06 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration