[SOLVED]Notify via email access to interactive shell and non interactive shell



  • Hello.

    For notify via email access to interactive shell, I do it:

    Edit /etc/rc.initial and add in the begin (after coments # )

    echo "Acceso a shell :" `date` `who` | /usr/local/bin/php /usr/local/bin/mail.php -s"`hostname` Alerta de acceso a shell"
    logger -f /var/log/system.log "Notificado acceso a shell via email - `who`"
    

    like this

    #!/bin/sh

    /etc/rc.initial

    part of pfSense by Scott Ullrich

    Copyright (C) 2004-2011 Scott Ullrich, All rights reserved.

    originally based on m0n0wall (http://neon1.net/m0n0wall)

    Copyright (C) 2003-2004 Manuel Kasper mk@neon1.net.

    All rights reserved.

    make sure the user can't kill us by pressing Ctrl-C,

    ctrl-z, etc.

    #trap : 2
    #trap : 3
    #trap : 4

    echo "Acceso a shell :" date who | /usr/local/bin/php /usr/local/bin/mail.php -s"hostname Alerta de acceso a shell"
    logger -f /var/log/system.log "Notificado acceso a shell via email - who"

    if [ -f /etc/rc.local ]; then
        RCLOCALPWD=`ps awux | grep rc.local | grep -v grep | awk '{ print $2 }'

    continue

    Work fine to me.

    But, for non interactive sessions, (like a remote batch command exec from ssh clients like plink ) How to?

    Regards.



  • HI.

    One way or solution:

    -Necessary condition: have configured and operative: System> advanced> notifications> e-mail.

    Create (or modify if exists) the file  /etc/ssh/sshrc file with the content:

    
    ipfrom=`echo $SSH_CONNECTION | cut -d " " -f 1`
    ippf=`echo $SSH_CONNECTION | cut -d " " -f 3`
    theport=`echo $SSH_CONNECTION | cut -d " " -f 4`
    echo "User $USER just logged in from $ipfrom to $ippf at port $theport || date: `date` || who: `who`" | /usr/local/bin/php /usr/local/bin/mail.php -s"`hostname`"
    
    

    And when you login to pfSense shell via ssh (interactive or not interactive shell) the system will notify with email:

    User root just logged in from 10.2.0.10 to 10.2.0.254 at port 22 || date: Wed Mar 22 15:58:25 CET 2017 || who: root            ttyv0        Mar 14 13:23

    root            pts/0        Mar 22 15:51 (10.2.0.10)

    Regards.

    Spanish ref: https://forum.pfsense.org/index.php?topic=112308.msg704419#msg704419



  • Test ok  ;D


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy