Add alert by email for new ssh connexion

Signed-off-by: Alban VIDAL <alban.vidal@zordhak.fr>

README.md

@@ -10,12 +10,13 @@ The following component are configured:
 + Install bash-completion
 + Install and configure auto updates (unattended-upgrades and apt-listchanges
 + Install and tune logrotate
-+ Disable IPv6
++ Disable IPv6 (or no, see parameters.conf)
 + Tune .vimrc
 + Tune .bashrc
 + Tune .profile
++ Send alert email for new ssh connexion
 
-You just need to clone this repository in /srv/git/basic_config_debian and execute the auto_config.sh script
+You just need to clone this repository in `/srv/git/basic_config_debian` and execute the `auto_config.sh` script
 
 ```bash
 apt install git

auto_config.sh

@@ -71,6 +71,7 @@ LIST_PARAM="
 UNATTENDED_EMAIL Unattended email alert
 GIT_USERNAME Git username
 GIT_EMAIL Git email
+SSH_EMAIL_ALERT alert email for new ssh connexion
 "
 
 IFS=$'\n'
@@ -169,3 +170,9 @@ net.ipv6.conf.all.disable_ipv6 = 1
 EOF
     sysctl -p /etc/sysctl.d/98-disable-ipv6.conf
 fi
+
+################################################################################
+
+# alert by email for new ssh connexion
+cp $GIT_DIR/etc/ssh/sshrc /etc/ssh/sshrc
+sed -i "s/__ALERT_EMAIL__/$SSH_EMAIL_ALERT/" /etc/ssh/sshrc

etc/ssh/sshrc

@@ -0,0 +1,14 @@
+ip=`echo $SSH_CONNECTION | cut -d " " -f 1`
+
+# Test if ip arealy present
+if ! grep $ip /tmp/list_ip_ssh_$USER >/dev/null 2>&1
+then
+    #logger -t ssh-wrapper $USER login from $ip
+    logger -t ssh-wrapper -p warning $USER login from unknown ip: $ip - $(host $ip|awk '{print $5}')
+    echo "User $USER just logged in from $ip - $(host $ip|awk '{print $5}')" |mail -s "New SSH Login to $USER in $(hostname)" __ALERT_EMAIL__
+
+    # add the ip in temporary list
+    echo "$(date) - $ip" >> /tmp/list_ip_ssh_$USER
+else
+    logger -t ssh-wrapper -p info $USER login from known ip: $ip
+fi