2019-04-07 11:35:45 +02:00
|
|
|
# Extract ip address
|
2018-05-28 23:22:20 +02:00
|
|
|
ip=`echo $SSH_CONNECTION | cut -d " " -f 1`
|
|
|
|
|
2019-04-07 11:35:45 +02:00
|
|
|
# Test if the ip address is already present
|
2018-05-28 23:22:20 +02:00
|
|
|
if ! grep $ip /tmp/list_ip_ssh_$USER >/dev/null 2>&1
|
|
|
|
then
|
2019-04-07 11:35:45 +02:00
|
|
|
# New ip address
|
|
|
|
# Write to log
|
2018-05-28 23:22:20 +02:00
|
|
|
logger -t ssh-wrapper -p warning $USER login from unknown ip: $ip - $(host $ip|awk '{print $5}')
|
2019-04-07 11:35:45 +02:00
|
|
|
# Send by mail
|
2018-05-28 23:22:20 +02:00
|
|
|
echo "User $USER just logged in from $ip - $(host $ip|awk '{print $5}')" |mail -s "New SSH Login to $USER in $(hostname)" __ALERT_EMAIL__
|
|
|
|
|
|
|
|
# add the ip in temporary list
|
|
|
|
echo "$(date) - $ip" >> /tmp/list_ip_ssh_$USER
|
|
|
|
else
|
2019-04-07 11:35:45 +02:00
|
|
|
# IP address already present in temporary file
|
2018-05-28 23:22:20 +02:00
|
|
|
logger -t ssh-wrapper -p info $USER login from known ip: $ip
|
|
|
|
fi
|