From ba5417bcffc7ec01d39f2199239c6e5961894e9d Mon Sep 17 00:00:00 2001 From: Max Isom Date: Fri, 16 Sep 2016 11:39:40 -0500 Subject: [PATCH] Create login-alerts.sh --- setup/login-alerts.sh | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 setup/login-alerts.sh diff --git a/setup/login-alerts.sh b/setup/login-alerts.sh new file mode 100644 index 00000000..f0479a8c --- /dev/null +++ b/setup/login-alerts.sh @@ -0,0 +1,29 @@ +function get_default_hostname { + # Guess the machine's hostname. It should be a fully qualified + # domain name suitable for DNS. None of these calls may provide + # the right value, but it's the best guess we can make. + set -- $(hostname --fqdn 2>/dev/null || + hostname --all-fqdns 2>/dev/null || + hostname 2>/dev/null) + printf '%s\n' "$1" # return this value +} + +echo ' +#!/bin/sh +# Change these two lines: +sender="bot@" +sender+=get_default_hostname +recepient="admin@" +recepient+=get_default_hostname + +if [ "$PAM_TYPE" != "close_session" ]; then + host="`hostname`" + subject="SSH Login: $PAM_USER from $PAM_RHOST on $host" + # Message to send, e.g. the current environment variables. + message="If you don't recognize this login, your key or password may be compromised." + echo "$message" | mailx -r "$sender" -s "$subject" "$recepient" +fi' > /etc/ssh/login-alert.sh + +chmod +x /etc/ssh/login-alert.sh + +echo 'session optional pam_exec.so seteuid /etc/ssh/login-alert.sh' >> /etc/pam.d/sshd