我正在尝试让我的服务器在 ssh-login 上自动给我发送电子邮件。
我做了什么:
创建一个
login-notify.sh文件(用户 root,组 root,chmod 755)并将其放在里面/etc/ssh/#!/bin/sh if [ "$PAM_TYPE" != "close_session" ]; then # assembling my variable $TEXT ... echo $TEXT | mail -r "root@.... " - s "Subject line" root修改的
/etc/pam.d/sshd:echo "session required pam_exec.so seteuid /etc/ssh/login-notify.sh" | sudo tee -a /etc/pam.d/sshd重新启动 sshd 服务器,甚至重启机器
手动启动
/etc/ssh/login-notify.sh-> 邮件发送成功通过 ssh 登录 -> 尚未发送邮件
添加步骤/信息
为了从命令行发送电子邮件,我使用 ssmtp 和 gmail 帐户
我没有发送邮件,而是尝试将字符串附加到文件中,看看它是否有效(echo“ssh login> /home/user/ssh-test)->没有运气......
服务器仅接受 ssh-logins 的公钥/密钥身份验证
/var/log/syslog没有提供有用的信息:Dec 27 14:20:51 srv1 fwknopd[2155]: Removed rule 1 from FWKNOP_INPUT with expire time of 1419686451 Dec 27 14:41:48 srv1 fwknopd[2155]: (stanza #1) SPA Packet from IP: xxx.xxx.xxx.xxx received with Access source match Dec 27 14:41:48 srv1 fwknopd[2155]: [xxx.xxx.xxx.xxx] (stanza #1) Incoming SPA data signed by 'XXXXXX'. Dec 27 14:41:48 srv1 fwknopd[2155]: Added Rule to FWKNOP_INPUT for xxx.xxx.xxx.xxx, tcp/xxx expires at 1419687738在此行之后,我通过 ssh 登录...没有写入其他文本
/var/log/syslog
答案1
嗯,安装 csf 防火墙或 OSSEC,内置您需要的功能...根据您的问题主题行。
CSF 防火墙:
lfd on cluster-master-acl: SSH login alert for user root from 86.234.45.45 (IE/Ireland/cm-86.234.45.045.ntlworld.ie)
Time: Fri Dec 26 13:59:51 2014 +0000
IP: 86.234.45.45 (IE/Ireland/cm-86.234.45.045.ntlworld.ie)
Account: root
Method: publickey authentication
。
lfd on web1: SU login alert - Successful login from admin(uid=0) to root
Time: Sat Dec 27 11:45:26 2014 -0500
From: admin(uid=0)
To: root
Status: Successful login
操作系统安全评估中心(OSSEC):
OSSEC HIDS Notification.
2014 Dec 28 10:58:53
Received From: (web-node-3) 138.71.183.65->/var/log/secure
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Dec 28 05:58:49 ID13412 sudo: pam_unix(sudo:auth): conversation failed
等等,事实上您可以根据需要修改警报。
答案2
不要把它弄得太复杂。您只需设置fail2ban一个仅发送邮件的操作,以便在尝试失败时通知您。