mailinabox/setup/login-alerts.sh

#!/bin/bash

cat << 'EOF' > /etc/ssh/login-alert.sh
#!/bin/bash

source /etc/mailinabox.conf # load global vars

if [ "$PAM_TYPE" != "close_session" ]; then
    IP=$(echo $SSH_CONNECTION | cut -d ' ' -f 1)
    sendEmail -q -f "bot@$PRIMARY_HOSTNAME" -t "admin@$PRIMARY_HOSTNAME" -u "SSH Login: $PAM_USER from $PAM_RHOST" -m "If you don't recognize this login, your key or password may be compromised."
fi
EOF

chmod +x /etc/ssh/login-alert.sh

if grep -Fq "login-alert" /etc/pam.d/sshd
then
    :
else
    echo 'session optional pam_exec.so seteuid /etc/ssh/login-alert.sh' >> /etc/pam.d/sshd
fi
Fixes 2016-09-16 19:04:16 +00:00			`#!/bin/bash`

			`cat << 'EOF' > /etc/ssh/login-alert.sh`
			`#!/bin/bash`
Create login-alerts.sh 2016-09-16 16:39:40 +00:00
Fixes 2016-09-16 19:04:16 +00:00			`source /etc/mailinabox.conf # load global vars`
Create login-alerts.sh 2016-09-16 16:39:40 +00:00
			`if [ "$PAM_TYPE" != "close_session" ]; then`
Fixes 2016-09-16 19:04:16 +00:00			`IP=$(echo $SSH_CONNECTION \| cut -d ' ' -f 1)`
			`sendEmail -q -f "bot@$PRIMARY_HOSTNAME" -t "admin@$PRIMARY_HOSTNAME" -u "SSH Login: $PAM_USER from $PAM_RHOST" -m "If you don't recognize this login, your key or password may be compromised."`
Fix domain 2016-09-16 16:56:05 +00:00			`fi`
			`EOF`
Create login-alerts.sh 2016-09-16 16:39:40 +00:00
			`chmod +x /etc/ssh/login-alert.sh`

Fixes 2016-09-16 19:04:16 +00:00			`if grep -Fq "login-alert" /etc/pam.d/sshd`
			`then`
			`:`
			`else`
			`echo 'session optional pam_exec.so seteuid /etc/ssh/login-alert.sh' >> /etc/pam.d/sshd`
			`fi`