conf-99-basic_config_debian/etc/ssh/sshrc

19 lines
681 B
Plaintext
Raw Normal View History

# Extract ip address
ip=`echo $SSH_CONNECTION | cut -d " " -f 1`
# Test if the ip address is already present
if ! grep $ip /tmp/list_ip_ssh_$USER >/dev/null 2>&1
then
# New ip address
# Write to log
logger -t ssh-wrapper -p warning $USER login from unknown ip: $ip - $(host $ip|awk '{print $5}')
# Send by mail
echo "User $USER just logged in from $ip - $(host $ip|awk '{print $5}')" |mail -s "New SSH Login to $USER in $(hostname)" __ALERT_EMAIL__
# add the ip in temporary list
echo "$(date) - $ip" >> /tmp/list_ip_ssh_$USER
else
# IP address already present in temporary file
logger -t ssh-wrapper -p info $USER login from known ip: $ip
fi