Friday, January 6, 2012

Mail after ssh login

Very secure, i run this short script and after each ssh login i get a email to an privat email-account, who was logged in from which ip-address.
If the server would be hacked, the mails goes out so quickly, that the person who breaks in has no chance to stop it.
Even if he removed every sign of his break in, the mails is out!

echo 'Login on' `hostname` `date` `who` | mail -s "Login on `hostname` `who | awk '{print $5}'`" my@email.org

I added the line to my .bashrc file.

6 comments:

  1. Where do you put the line in?
    Should I put it into the ssh server config file?

    ReplyDelete
  2. I put it into the .bashrc of the login-user.
    for this case i create a special login user without further rights.
    from this user i could use su if necessary

    ReplyDelete
  3. ah cool, intresting script and very helpful. but i dont understand how bashrc start a script. can you post the part in the bashrc please??

    ReplyDelete
  4. Just add a line into the bashrc to a executable programm.
    joe /home/user/irgendwas
    chmod +x /home/user/irgendwas
    and then at the .bashrc
    /home/user/irgendwas
    this start the program.

    Overview of the startscripts i wrote here:
    http://experienceswithdebian.blogspot.com/2012/01/startup-scripts.html

    ReplyDelete
    Replies
    1. Hey gnude,

      benötige ich einen Mail Client für das? Und wenn ja, welcher ist simpel und sicher, weil ich will nicht mehr als eine Mail an mich wenn sich jemand in SSH einloggt, ansonsten soll der Server rein gar nichts mit Mails zu tun haben.

      Delete