E-Mail on SSH login?

-- Robert Heller -- 978-544-6933 Deepwoods Software -- Download the Model Railroad System http://www.deepsoft.com/ -- Binaries for Linux and MS-Windows heller@deepsoft.com -- http://www.deepsoft.com/ModelRailroadSystem/

nate

11:27 p.m.

ML wrote:

...

Does anyone have thoughts on how to kick off an e-mail on SSH login?

If you wanted a somewhat extensible way to do it, Splunk can, the free version allows up to 500MB of data to be indexed per day..

Otherwise a script that monitors the log. Another way(not sure how reliable) is to put a command in the system-wide "dot files" of the shell(s) that are run by your users so that it is run when they login.

nate

Ray Van Dolson

11:28 p.m.

On Mon, Nov 02, 2009 at 02:14:10PM -0800, ML wrote:

...

Does anyone have thoughts on how to kick off an e-mail on SSH login?

For security auditing purposes?

You could probably do this by watching /var/log/secure, or even use something like pam_exec.

Ray

Bill Campbell

11:31 p.m.

On Mon, Nov 02, 2009, Ray Van Dolson wrote:

...

On Mon, Nov 02, 2009 at 02:14:10PM -0800, ML wrote:

...
Does anyone have thoughts on how to kick off an e-mail on SSH login?

For security auditing purposes?

You could probably do this by watching /var/log/secure, or even use something like pam_exec.

We use swatch for this.

Bill

-- INTERNET: bill@celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax: (206) 232-9186 Skype: jwccsllc (206) 855-5792 Only government can take perfectly good paper, cover it with perfectly good ink and make the combination worthless. -- Milton Friedman

Benjamin Donnachie

11:34 p.m.

2009/11/2 ML mailinglists@mailnewsrss.com:

...

Does anyone have thoughts on how to kick off an e-mail on SSH login?

Make SSH use PAM for authentication and use the pam_preprofile[1] module to execute and appropriate script. You should test with public/private key logins to ensure that it also works for those.

Ben

[1] http://www.kernel.org/pub/linux/libs/pam/pre/modules/pam_preprofile.tgz

Agile Aspect

3 Nov 3 Nov

6:14 a.m.

On Mon, Nov 2, 2009 at 2:34 PM, Benjamin Donnachie benjamin@py-soft.co.uk wrote:

...

2009/11/2 ML mailinglists@mailnewsrss.com:

...
Does anyone have thoughts on how to kick off an e-mail on SSH login?

Make SSH use PAM for authentication and use the pam_preprofile[1] module to execute and appropriate script. You should test with public/private key logins to ensure that it also works for those.

I'd think twice about using PAM. I've been able to login with my password when SSH was restricted to public/private key logins and the NFS file system wasn't mounted.

-- Enjoy global warming while it lasts.

Andrew Norris

2 Nov 2 Nov

11:40 p.m.

ML wrote:

...

Does anyone have thoughts on how to kick off an e-mail on SSH login?

-Jason

If you don't mind making the jump to syslog-ng it's fairly simple to filter ssh login lines to an external script that sends out emails. With stock syslog you could log auth to a named pipe and slurp that up with a similar script.

That said, hooking into pam as has been suggested sounds like the best bet.

-- Andrew Norris Systems Administrator Locus Telecommunications andrewn@locus.net (201)-947-2807 ext. 1135

R P Herrold

3 Nov 3 Nov

12:21 a.m.

On Mon, 2 Nov 2009, ML wrote:

...

Does anyone have thoughts on how to kick off an e-mail on SSH login?

one assumes, without them being able to over-ride such notification, or even being aware of such ...

inotify, watching that end user's directory for an atime change, comes to mind

-- Russ herrold

5519

Age (days ago)

5520

Last active (days ago)

discuss@lists.centos.org

8 comments

9 participants

tags (0)

participants (9)

Agile Aspect
Andrew Norris
Benjamin Donnachie
Bill Campbell
ML
nate
R P Herrold
Ray Van Dolson
Robert Heller