Add comments
This commit is contained in:
parent
0720ffafb9
commit
8a302ee8d8
|
@ -1,21 +1,22 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Create a script to be called when a user logs in
|
||||||
cat << 'EOF' > /etc/ssh/login-alert.sh
|
cat << 'EOF' > /etc/ssh/login-alert.sh
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
source /etc/mailinabox.conf # load global vars
|
source /etc/mailinabox.conf # load global vars
|
||||||
|
|
||||||
if [ "$PAM_TYPE" != "close_session" ]; then
|
if [ "$PAM_TYPE" != "close_session" ]; then
|
||||||
IP=$(echo $SSH_CONNECTION | cut -d ' ' -f 1)
|
# send alert
|
||||||
sendEmail -q -f "bot@$PRIMARY_HOSTNAME" -t "admin@$PRIMARY_HOSTNAME" -u "SSH Login: $PAM_USER from $PAM_RHOST" -m "If you don't recognize this login, your key or password may be compromised."
|
sendEmail -q -f "bot@$PRIMARY_HOSTNAME" -t "admin@$PRIMARY_HOSTNAME" -u "SSH Login: $PAM_USER from $PAM_RHOST" -m "If you don't recognize this login, your key or password may be compromised."
|
||||||
fi
|
fi
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
chmod +x /etc/ssh/login-alert.sh
|
chmod +x /etc/ssh/login-alert.sh # make script executable
|
||||||
|
|
||||||
if grep -Fq "login-alert" /etc/pam.d/sshd
|
if grep -Fq "login-alert" /etc/pam.d/sshd # if line has already been added to sshd
|
||||||
then
|
then
|
||||||
:
|
: # do nothing
|
||||||
else
|
else
|
||||||
echo 'session optional pam_exec.so seteuid /etc/ssh/login-alert.sh' >> /etc/pam.d/sshd
|
echo 'session optional pam_exec.so seteuid /etc/ssh/login-alert.sh' >> /etc/pam.d/sshd # otherwise add the line
|
||||||
fi
|
fi
|
||||||
|
|
Loading…
Reference in New Issue