4. [SOLVED]Notify via email access to interactive shell and non interactive shell

[SOLVED]Notify via email access to interactive shell and non interactive shell

  • J

    Hello.

    For notify via email access to interactive shell, I do it:

    Edit /etc/rc.initial and add in the begin (after coments # )

    echo "Acceso a shell :" `date` `who` | /usr/local/bin/php /usr/local/bin/mail.php -s"`hostname` Alerta de acceso a shell"
logger -f /var/log/system.log "Notificado acceso a shell via email - `who`"

    like this

    #!/bin/sh

    /etc/rc.initial

    part of pfSense by Scott Ullrich

    Copyright (C) 2004-2011 Scott Ullrich, All rights reserved.

    originally based on m0n0wall (http://neon1.net/m0n0wall)

    Copyright (C) 2003-2004 Manuel Kasper mk@neon1.net.

    All rights reserved.

    make sure the user can't kill us by pressing Ctrl-C,

    ctrl-z, etc.

    #trap : 2
    #trap : 3
    #trap : 4

    echo "Acceso a shell :" date who | /usr/local/bin/php /usr/local/bin/mail.php -s"hostname Alerta de acceso a shell"
    logger -f /var/log/system.log "Notificado acceso a shell via email - who"

    if [ -f /etc/rc.local ]; then
        RCLOCALPWD=`ps awux | grep rc.local | grep -v grep | awk '{ print $2 }'

    continue

    Work fine to me.

    But, for non interactive sessions, (like a remote batch command exec from ssh clients like plink ) How to?

    Regards.

    0
  • J

    HI.

    One way or solution:

    -Necessary condition: have configured and operative: System> advanced> notifications> e-mail.

    Create (or modify if exists) the file  /etc/ssh/sshrc file with the content:

    
ipfrom=`echo $SSH_CONNECTION | cut -d " " -f 1`
ippf=`echo $SSH_CONNECTION | cut -d " " -f 3`
theport=`echo $SSH_CONNECTION | cut -d " " -f 4`
echo "User $USER just logged in from $ipfrom to $ippf at port $theport || date: `date` || who: `who`" | /usr/local/bin/php /usr/local/bin/mail.php -s"`hostname`"

    And when you login to pfSense shell via ssh (interactive or not interactive shell) the system will notify with email:

    User root just logged in from 10.2.0.10 to 10.2.0.254 at port 22 || date: Wed Mar 22 15:58:25 CET 2017 || who: root            ttyv0        Mar 14 13:23

    root            pts/0        Mar 22 15:51 (10.2.0.10)

    Regards.

    Spanish ref: https://forum.pfsense.org/index.php?topic=112308.msg704419#msg704419

    0
  • I

    Test ok  ;D

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy