From 8ee75f3c5fa94d2d2970215591e409ead61c1614 Mon Sep 17 00:00:00 2001 From: Alban VIDAL Date: Mon, 28 May 2018 23:22:20 +0200 Subject: [PATCH] Add alert by email for new ssh connexion Signed-off-by: Alban VIDAL --- README.md | 5 +++-- auto_config.sh | 7 +++++++ etc/ssh/sshrc | 14 ++++++++++++++ 3 files changed, 24 insertions(+), 2 deletions(-) create mode 100644 etc/ssh/sshrc diff --git a/README.md b/README.md index 37c4ea3..4360059 100644 --- a/README.md +++ b/README.md @@ -10,12 +10,13 @@ The following component are configured: + Install bash-completion + Install and configure auto updates (unattended-upgrades and apt-listchanges + Install and tune logrotate -+ Disable IPv6 ++ Disable IPv6 (or no, see parameters.conf) + Tune .vimrc + Tune .bashrc + Tune .profile ++ Send alert email for new ssh connexion -You just need to clone this repository in /srv/git/basic_config_debian and execute the auto_config.sh script +You just need to clone this repository in `/srv/git/basic_config_debian` and execute the `auto_config.sh` script ```bash apt install git diff --git a/auto_config.sh b/auto_config.sh index 8e56d6b..031157f 100755 --- a/auto_config.sh +++ b/auto_config.sh @@ -71,6 +71,7 @@ LIST_PARAM=" UNATTENDED_EMAIL Unattended email alert GIT_USERNAME Git username GIT_EMAIL Git email +SSH_EMAIL_ALERT alert email for new ssh connexion " IFS=$'\n' @@ -169,3 +170,9 @@ net.ipv6.conf.all.disable_ipv6 = 1 EOF sysctl -p /etc/sysctl.d/98-disable-ipv6.conf fi + +################################################################################ + +# alert by email for new ssh connexion +cp $GIT_DIR/etc/ssh/sshrc /etc/ssh/sshrc +sed -i "s/__ALERT_EMAIL__/$SSH_EMAIL_ALERT/" /etc/ssh/sshrc diff --git a/etc/ssh/sshrc b/etc/ssh/sshrc new file mode 100644 index 0000000..e9ea776 --- /dev/null +++ b/etc/ssh/sshrc @@ -0,0 +1,14 @@ +ip=`echo $SSH_CONNECTION | cut -d " " -f 1` + +# Test if ip arealy present +if ! grep $ip /tmp/list_ip_ssh_$USER >/dev/null 2>&1 +then + #logger -t ssh-wrapper $USER login from $ip + logger -t ssh-wrapper -p warning $USER login from unknown ip: $ip - $(host $ip|awk '{print $5}') + echo "User $USER just logged in from $ip - $(host $ip|awk '{print $5}')" |mail -s "New SSH Login to $USER in $(hostname)" __ALERT_EMAIL__ + + # add the ip in temporary list + echo "$(date) - $ip" >> /tmp/list_ip_ssh_$USER +else + logger -t ssh-wrapper -p info $USER login from known ip: $ip +fi