I want to get Email or/and SMS alert whenever someone logs into my server. I have successfully done this for SSH login by editing .bashrc file.
But this method doesn't work for SFTP login.
I know I can do this by extracting information from log files, but i want a more efficient way (Since users can delete from log file).
I have also tried this, but it doesn't work.(I'm using ubuntu 12.04).
Basically, I want to execute a curl command (SMS API) on successful login.
Please help, thank you.
First, make sure you have the sendmail package (sudo apt-get install sendmail).
You can create or edit the file /etc/ssh/sshrc and give it the following code to achieve this:
ip=`echo $SSH_CONNECTION | cut -d " " -f 1`
logger -t ssh-wrapper $USER login from $ip echo "User $USER logged in from $ip" | sendemail -q -u "Email Title" -f "Sender <from#server.com>" -t "Your Name <you#email.com>" -s smtp.server.com &
Fill the appropriate variables (sender and recipient names and addresses) into this code.
Related
I wrote the following bash script to send me an alert if there is a problem with my website:
#!/bin/bash
# 1. download the page
BASE_URL="https://www.example.com/ja"
JS_URL="https://www.example.com/"
# # 2. search the page for the following URL: /sites/default/files/google_tag/google_tag.script.js?[FIVE-CHARACTER STRING WITH LETTERS AND NUMBERS]
curl -k -L ${BASE_URL} 2>/dev/null | grep -Eo "/sites/default/files/google_tag/google_tag.script.js?[^<]+" | while read line
do
# 3. download the js file
if curl -k -L ${JS_URL}/$line | grep gtm_preview >/dev/null 2>&1; then
# 4. check if this js file has the text "gtm_preview" or not; if it does, send an email
# echo "Error: gtm_preview found"
sendmail error-ec2#example.com < email-gtm-live.txt
else
echo "No gtm_preview tag found."
fi
done
I am running this from an Amazon EC2 Ubuntu instance. When I execute the script manually like ./script.sh, I receive an email in my webmail inbox for example.com.
However, when I configure this script to run via crontab, the mail does not get sent via the Internet; instead, it gets sent to /var/mail on the EC2 instance.
I don't understand why this is happening or what I can do to fix it. Why does sendmail behave different if it is being run from bash vs being run from crontab?
Be aware that the PATH environment variable is different for crontab executions than it is for your typical interactive sessions. Also, not all of the same environment variables are set. Consider specifying the full path for the sendmail executable ( which you can learn by issuing the 'which sendmail' command ).
We currently have several users that are using the admin user when logging into a server via SSH. They all have their own users but unfortunately they still occasionally use the admin one. We can lock this down of course and take action to make sure that user is never used, but I'm looking to see if there is a way to force each login to enter a reason why they are using that user, before they can login and access the server whenever they use the admin user.
This way we can have an easy way to compare access log files with employee names and the reason why they are using that user.
Any thoughts?
Here's what I would do.
Register everyone's ssh public key into admin user's authorized_keys. In each entry, set the environment EMPLOYEE to the employeename. This will require that PermitUserEnviroment be set to yes in /etc/ssh/sshd_config. A sample entry should look like below.
environment="EMPLOYEE=employee1" ssh-rsa AAAAB3NzaC1y.....EU88ovYKg4GfclWGCFYTuw8==
Now that we have an environment variable named EMPLOYEE, we can write a simple script to ask for the reason.
Create a file /etc/profile.d/reason.sh. The file does not need to be executable as it will be sourced.
if [[ $(whoami) = "admin" ]]; then
read -p "Please specify the reason for logging in as $USER user: " reason
if [ -z "$reason" ]; then
logout
fi
fi
Now you have $EMPLOYEE and $reason to log.
Here's a thought
#!/bin/bash
# if the user tries Ctrl+C to avoid this check
trap INT no_shell_for_you
no_shell_for_you() { exec /bin/false; }
read -p "Your username please: " username
if getent password "$username" >/dev/null 2>&1; then
echo "Welcome, $username"
# log $username somewhere
exec /bin/bash -l
else
no_shell_for_you
fi
Save that as ~admin_user/bin/get_real_user.sh
Add /full/path/to/admin_user/bin/get_real_user.sh to /etc/shells
Do sudo chsh -s /full/path/to/admin_user/bin/get_real_user.sh admin_user
This is untested. Test thoroughly before step 3.
I have herd of examples of people using alpine to send emails based on data collected or generated from bash scripts.
I have been looking for tutorials to create this for myself with no success. I do have alpine talking to my email server, but requires me to still enter a password. I am guessing I will need to correct this as well.
My end result would be to run a long task such as do a time lapse on my Pi3, and send an email... perform some imagemagick work, render a video on my servers gpu, send an email... it would be easier for me to check emails looking for machines reporting in completion of tasks, sending logs as well for review etc... I got all of this set except the darn email.
Any help would be appreciated
I'm using this method to send mail in bash one-liner via smtp public service using "nail" mail-client:
echo 'Test mail body text' | env MAILRC=/dev/null from='a#a.ru' smtp=mail.a.ru smtp-auth-user='a' smtp-auth-password='xxx' smtp-auth=login mailx -v -n -s 'Test mail again v01' b#b.ru
You can try using mutt
To install in Ubuntu
sudo apt-get install mutt
To send an email with attachment
echo "Please find the file attached." | mutt -a somefile.ext -s "Important File"
I have been stuck in this problem in a few days now and I really need help. My goal is to FTP a certain file into a bridge server. But before I can FTP, I need to enter some login credentials first. I want the login part to be automated that's why I created a separated parameter file. That parameter file has the login details.
So when I run the script, first it will create a txt file. Then the text file will be passed into the bridge server. Now, the script will also pass the login details from the parameter file to access the bridge server and finally a successful FTP. Any way to do this?
FTPFILE="File to be ftped"
Lets say the parameterised file has the details in the format
HostName username password.
Read the file contents using a loop statement like or however you like
I am using a while loop here
while read hostname username password
do
HOST=${hostname}
LOGIN=${username}
PWD=${password}
done
write the details - hostname,login, password to the $HOME/.netrc file
echo "machine ${HOST} login ${LOGIN} password ${PWD}" > /$HOME/.netrc
echo "macdef init" >> /$HOME/.netrc
echo "put ${FTPFILE} " >> /$HOME/.netrc
echo "bye" >> /$HOME/.netrc
echo >> /$HOME/.netrc
Ftp statement (Ftp first looks for .netrc file in $HOME directory to initiate the login process. If the file is not found then the username and password will be prompted)
ftp -i $HOST
This code will do the job:
#!/bin/sh
FTP_USERNAME=username
FTP_PASSWORD=password
FTP_SERVER=server_domaine
touch /directory/textfile.txt
run_access_server()
{
lftp <<STOP
#automatically access the server
open -u $FTP_USERNAME,$FTP_PASSWORD $FTP_SERVER
#changing directory
cd /directory/on/server
lcd /from/where/you/fetch/
#upload the file using get
mget textfile.txt
bye
STOP
}
run_access_server
Tell me how it works out with you.Regards
I've created a script in order to receive a mail with wan ip information and GPS location of my macbookpro. The content of the script is this:
#!/bin/bash
# -*- ENCODING: UTF-8 -*-
if [ ! -e /tmp/ip ]; then
curl -s icanhazip.com > /tmp/ip
fi
curl -s icanhazip.com > /tmp/ip2
newip=$(diff /tmp/ip /tmp/ip2 | wc -l)
if [ $newip -ne 0 ]; then
mv -f /tmp/ip2 /tmp/ip
date > IPlog.txt
curl -s icanhazip.com >> IPlog.txt
sudo ./Downloads/whereami >> IPlog.txt
mailx mymailadress#mail.com < IPlog.txt
rm IPlog.txt
else
rm /tmp/ip2
fi
Every minute the sistem executes this script that verifies if the wan ip has changed. If it has changed, the script send me a mail with the new information. The problems are:
1.- The mail is not always correctly sent. Sometimes I don't reveive it.
2.- The mail isn't contain all the info. Sometimes it includes only the new wan ip adress.
3.- Sometimes the mail is qualified as spam and I don't know why because the sender is always the same adress.
I have some suggestions to debug your problems.
First you should use a different location to store the ip than tmp. If your system wipes your tmp folder on boot and your system gets a new WAN ip after boot you would loose the previous recorded ip.
Check the exit code of mailx when sending using $?. 0 is ok. You could do a while loop and keep trying to send it until you get exit code 0.
You could add the info for the mail to a local variable instead of a file.
IPLog=`date`
IPLog+=`curl -s icanhazip.com`
The spam problem might be due to the IP address in the mail. Or whatever ./Downloads/whereami is adding to the file. Adding the sending email address as a trusted sender might do it.
Check the email header for information about spam score.