[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] email for every ssh login - USE TCPWrapper

Hello Jean.

If you want to have realtime email of every successful and/or failed 
logins, you can do that using the TCPWrapper.  Place the 
below in your /etc/hosts.allow and you will get email to root
of every service being accessed (provided they run under inetd).  
Such services are ssh, ftp, pop3, etc.  

Of course you can replace ALL with (in.ftpd or in.sshd) 
if you want only to monitor ftp and ssh:

-------Do not include this Line-------
ALL : ALL \       
        : spawn ( \
/bin/echo -e "\
logs\:\
\n\
TCP Wrappers\:  Connection Alert\n\
By\:            $(uname -n)\n\
date\:          $(date)\n\
hostip\:                %a\n\
hostname\:      %h\n\
process\:       %d (pid %p)\n\
connectfrom\:   %c\n\
source\:        %h %H\n\
port\:          %d\n\
"| /bin/mail -s "Wrappers@$(uname -n)\: %d Connection Alert %c" root ) &

-----------------------

SAMPLE E-MAIL MESSAGE (For SSH ACCESS):
======

Subject: Wrappers@xxxxxxxxxxxxxxxxxx: sshd Connection Alert from 111.222.333.444

logs:
TCP Wrappers:	Connection Alert
By:		YourServerName
date:		Wed Mar 12 10:44:33 EST 2003
hostip:		111.222.333.444
hostname:	someone.com
process:	sshd (pid 7915)
connectfrom:	111.222.333.444
source:	111.222.333.444 YourServer IP or Your V.Site IP
port:		sshd

==End Sample Report==

I have this working perfectly on a non-cobalt Redhat 7.2 Server.
RaQ4 Servers are shipped with RH 6.2 but I think it should work.  
But becareful when editing hosts.allow not to lock yourself out.

Also check hosts_options man pages at this link:
http://www.hmug.org/man/5/hosts_options.html

Regards,

Al-Juhani
aljuhani@xxxxxxxxx

==Original Message==

Hi,

I know that there is a simple way to send a email for every ssh login, but i
loose the howto....
If anybody know the trick, thanks to share it here
Best regards
Jean