Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED]Notify via email access to interactive shell and non interactive shell

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      javcasta
      last edited by

      Hello.

      For notify via email access to interactive shell, I do it:

      Edit /etc/rc.initial and add in the begin (after coments # )

      echo "Acceso a shell :" `date` `who` | /usr/local/bin/php /usr/local/bin/mail.php -s"`hostname` Alerta de acceso a shell"
logger -f /var/log/system.log "Notificado acceso a shell via email - `who`"

      like this

      #!/bin/sh

      /etc/rc.initial

      part of pfSense by Scott Ullrich

      Copyright (C) 2004-2011 Scott Ullrich, All rights reserved.

      originally based on m0n0wall (http://neon1.net/m0n0wall)

      Copyright (C) 2003-2004 Manuel Kasper mk@neon1.net.

      All rights reserved.

      make sure the user can't kill us by pressing Ctrl-C,

      ctrl-z, etc.

      #trap : 2
      #trap : 3
      #trap : 4

      echo "Acceso a shell :" date who | /usr/local/bin/php /usr/local/bin/mail.php -s"hostname Alerta de acceso a shell"
      logger -f /var/log/system.log "Notificado acceso a shell via email - who"

      if [ -f /etc/rc.local ]; then
          RCLOCALPWD=`ps awux | grep rc.local | grep -v grep | awk '{ print $2 }'

      continue

      Work fine to me.

      But, for non interactive sessions, (like a remote batch command exec from ssh clients like plink ) How to?

      Regards.

      Javier Castañón
      Técnico de comunicaciones, soporte y sistemas.

      Mi web: https://javcasta.com/

      Soporte scripting/pfSense https://javcasta.com/soporte/

      1 Reply Last reply Reply Quote 0
      • J Offline
        javcasta
        last edited by

        HI.

        One way or solution:

        -Necessary condition: have configured and operative: System> advanced> notifications> e-mail.

        Create (or modify if exists) the file  /etc/ssh/sshrc file with the content:

        
ipfrom=`echo $SSH_CONNECTION | cut -d " " -f 1`
ippf=`echo $SSH_CONNECTION | cut -d " " -f 3`
theport=`echo $SSH_CONNECTION | cut -d " " -f 4`
echo "User $USER just logged in from $ipfrom to $ippf at port $theport || date: `date` || who: `who`" | /usr/local/bin/php /usr/local/bin/mail.php -s"`hostname`"

        And when you login to pfSense shell via ssh (interactive or not interactive shell) the system will notify with email:

        User root just logged in from 10.2.0.10 to 10.2.0.254 at port 22 || date: Wed Mar 22 15:58:25 CET 2017 || who: root            ttyv0        Mar 14 13:23

        root            pts/0        Mar 22 15:51 (10.2.0.10)

        Regards.

        Spanish ref: https://forum.pfsense.org/index.php?topic=112308.msg704419#msg704419

        Javier Castañón
        Técnico de comunicaciones, soporte y sistemas.

        Mi web: https://javcasta.com/

        Soporte scripting/pfSense https://javcasta.com/soporte/

        1 Reply Last reply Reply Quote 0
        • I Offline
          iplost
          last edited by

          Test ok  ;D

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.