...
On more larger system it is more manageable to only send notification when sudo access is attempted.Here are the
Warning |
---|
This script can be improved,
|
Here is the start of the contents of the login notification script,
Code Block | ||||
---|---|---|---|---|
| ||||
#export REPLYTO=sentry@bonsaiframework.com # My tests have shown this is not necessary. Investigate why http://stackoverflow.com/questions/54725/change-the-from-address-in-unix-mail said it is needed. echo "User $LOGNAME logged in $(date)" | mail -aFrom:sentry@bonsaiframework.com -s "Sentry Alert" bhitch@imagecomics.com |
Add this Until the script is done simply add the email line to the end of the the global startup scripts /etc/profile,
Code Block | ||||
---|---|---|---|---|
| ||||
... more stuff up here ... umask 022 echo "User $LOGNAME logged in $(date)" | mail -aFrom:sentry@bonsaiframework.com -s "Sentry Alert" bhitch@imagecomics.com |
Now every login will result in an alert.
Email Sudo Events
On small systems, you will want to be emailed sudo events.
...