Email on root-login
- Thread starter xmats
- Start date
nobaloney
NoBaloney Internet Svcs - In Memoriam †
Edit; it doesn't work... see next post.
I haven't tried this:
mail [email protected] < `tail -f /var/log/secure | grep sshd`
Might work. Might not. Give it a try.
Be ready to shut it down if it doesn't work.
If it does work, then start it in the background.
Anyone else have any ideas?
Jeff
I haven't tried this:
mail [email protected] < `tail -f /var/log/secure | grep sshd`
Might work. Might not. Give it a try.
Be ready to shut it down if it doesn't work.
If it does work, then start it in the background.
Anyone else have any ideas?
Jeff
nobaloney
NoBaloney Internet Svcs - In Memoriam †
Well, the above doesn't work.
So try this...
write a script that will send an email for every line iit reads from standard input (you can use the mail command).
Then pipe the output of /var/log/secure to the script this way:
tail -f /var/log/secure | grep sshd | grep root > scriptname
Jeff
So try this...
write a script that will send an email for every line iit reads from standard input (you can use the mail command).
Then pipe the output of /var/log/secure to the script this way:
tail -f /var/log/secure | grep sshd | grep root > scriptname
Jeff
vandal
Verified User
nobaloney
NoBaloney Internet Svcs - In Memoriam †
Much nicer than my idea 
.
Jeff
.Jeff
vandal
Verified User
vingertop
Verified User
This works for me on BSD 5.4.
Edit the .cshrc in your /root dir :
echo 'Attention - Your IP for example - Root Access on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut
-d')' -f1`" [email protected]
Everytime you su - you get an email.
"OK i just checked the link from vandal "
Edit the .cshrc in your /root dir :
echo 'Attention - Your IP for example - Root Access on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut
-d')' -f1`" [email protected]
Everytime you su - you get an email.
"OK i just checked the link from vandal
"vingertop
Verified User
Vandals link works great indeed!