www.bonsaiframework.com
Page tree

Versions Compared

Old Version 8

changes.mady.by.user Tin Pham

Saved on

compared with

New Version 9

changes.mady.by.user Tin Pham

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

On more larger system it is more manageable to only send notification when sudo access is attempted.Here are the

Warning

This script can be improved,

  • add descriptive info to the header
  • use a code for level
  • have option to alert only for sudo enabled account
  • have option to alert only for specific group(s)

Here is the start of the contents of the login notification script,

Code Block
languagebash
titlesentry-login.sh
#export REPLYTO=sentry@bonsaiframework.com # My tests have shown this is not necessary. Investigate why http://stackoverflow.com/questions/54725/change-the-from-address-in-unix-mail said it is needed.
echo "User $LOGNAME logged in $(date)" | mail -aFrom:sentry@bonsaiframework.com -s "Sentry Alert" bhitch@imagecomics.com

Add this Until the script is done simply add the email line to the end of the the global startup scripts /etc/profile,

Code Block
languagebash
linenumberstrue
... more stuff up here ...
umask 022

echo "User $LOGNAME logged in $(date)" | mail -aFrom:sentry@bonsaiframework.com -s "Sentry Alert" bhitch@imagecomics.com

Now every login will result in an alert.

Email Sudo Events

On small systems, you will want to be emailed sudo events.

...