ElliotNB/notify.sh

## notify.sh
#!/bin/bash
##
## New IP login notification script
## 2009-11-20 00:28 Samuele ~redShadow~ Santi
## 2018-06-04 12:53 ElliotNB
## 2018-10-17 17:55 ElliotNB - bug fixes for non-interactive sessions and `sudo su` commands
## Licensed under GPL
##
## This script will email the contact specified below whenever
## a user logs into the system from a new IP address. The email will contain the
## username, IP address and geolocation info for the login as well as current system
## stats (running processes, other logged in users, network connections, etc).
##
## Tested on RHEL6 and RHEL7.
##
## Installation:
##     - Install GeoIP (ver 1.6+) and mutt (ver 1.5+) -- dnf install mutt GeoIP GeoIP-devel
##     - Copy and paste this script into /etc/profile.d/notify.sh
##
## Configuration:


NOTIFY_ADDR="admin@transformativemed.com"
FROM_ADDR="noreply@transformativemed.com"


LOG_USER="$( whoami )"
LOG_DATE="$( date "+%Y-%m-%d %H:%M:%S" )"
OUT_WHO="$( who )"
LOG_IP="$( echo ${SSH_CLIENT} | awk '{ print $1}' )"

if ! [ -z "$LOG_IP" ]; then
	FULL_GEO_LOC="$( geoiplookup ${LOG_IP} )"
	GEO_LOC="$( geoiplookup ${LOG_IP} | awk '{$1=$2=$3=$4=$5=""; print $6 $7 $8 $9 $10}' | sed -n 2p )"
else
	FULL_GEO_LOC="Unknown"
	GEO_LOC="Unknown"
fi

# if this is an interactive shell and we were able to capture an IP address, then proceed
if ! [ -z "$PS1" ] && ! [ -z "$LOG_IP" ]; then

# if this user and IP address combination is not present in our logs
if ! [[ $(last $LOG_USER -i |grep -v still |grep $LOG_IP) ]]
then

netstat -ln > /tmp/netstat-listen.txt
netstat -n > /tmp/netstat.txt
ps afux > /tmp/processes.txt
who > /tmp/who.txt

(
cat <<EOF
------------------------------------------------------------------------
  LOGIN NOTIFICATION
------------------------------------------------------------------------

Host:   $(hostname)
User:   ${LOG_USER}
IP:	${LOG_IP}
Date:   ${LOG_DATE}
        $(date)
Uptime: $(uptime)

Geo/Host Info:

${FULL_GEO_LOC}

--- Logged in users ----------------------------------------------------
${OUT_WHO}

------------------------------------------------------------------------
Attaching other relevant system data.

EOF
) | /usr/bin/mutt -s "[LOGIN] $(hostname) ${LOG_USER} login from ${LOG_IP} [${GEO_LOC}] " \
  -e "my_hdr From: ${FROM_ADDR}" \
  -a /tmp/netstat-listen.txt -a /tmp/netstat.txt -a /tmp/processes.txt -a /tmp/who.txt \
  -- "${NOTIFY_ADDR}"

rm -rf /tmp/netstat-listen.txt /tmp/netstat.txt /tmp/processes.txt /tmp/who.txt
fi
fi
	#!/bin/bash
	##
	## New IP login notification script
	## 2009-11-20 00:28 Samuele ~redShadow~ Santi
	## 2018-06-04 12:53 ElliotNB
	## 2018-10-17 17:55 ElliotNB - bug fixes for non-interactive sessions and `sudo su` commands
	## Licensed under GPL
	##
	## This script will email the contact specified below whenever
	## a user logs into the system from a new IP address. The email will contain the
	## username, IP address and geolocation info for the login as well as current system
	## stats (running processes, other logged in users, network connections, etc).
	##
	## Tested on RHEL6 and RHEL7.
	##
	## Installation:
	## - Install GeoIP (ver 1.6+) and mutt (ver 1.5+) -- dnf install mutt GeoIP GeoIP-devel
	## - Copy and paste this script into /etc/profile.d/notify.sh
	##
	## Configuration:


	NOTIFY_ADDR="admin@transformativemed.com"
	FROM_ADDR="noreply@transformativemed.com"


	LOG_USER="$( whoami )"
	LOG_DATE="$( date "+%Y-%m-%d %H:%M:%S" )"
	OUT_WHO="$( who )"
	LOG_IP="$( echo ${SSH_CLIENT} \| awk '{ print $1}' )"

	if ! [ -z "$LOG_IP" ]; then
	FULL_GEO_LOC="$( geoiplookup ${LOG_IP} )"
	GEO_LOC="$( geoiplookup ${LOG_IP} \| awk '{$1=$2=$3=$4=$5=""; print $6 $7 $8 $9 $10}' \| sed -n 2p )"
	else
	FULL_GEO_LOC="Unknown"
	GEO_LOC="Unknown"
	fi

	# if this is an interactive shell and we were able to capture an IP address, then proceed
	if ! [ -z "$PS1" ] && ! [ -z "$LOG_IP" ]; then

	# if this user and IP address combination is not present in our logs
	if ! [[ $(last $LOG_USER -i \|grep -v still \|grep $LOG_IP) ]]
	then

	netstat -ln > /tmp/netstat-listen.txt
	netstat -n > /tmp/netstat.txt
	ps afux > /tmp/processes.txt
	who > /tmp/who.txt

	(
	cat <<EOF
	------------------------------------------------------------------------
	LOGIN NOTIFICATION
	------------------------------------------------------------------------

	Host: $(hostname)
	User: ${LOG_USER}
	IP: ${LOG_IP}
	Date: ${LOG_DATE}
	$(date)
	Uptime: $(uptime)

	Geo/Host Info:

	${FULL_GEO_LOC}

	--- Logged in users ----------------------------------------------------
	${OUT_WHO}

	------------------------------------------------------------------------
	Attaching other relevant system data.

	EOF
	) \| /usr/bin/mutt -s "[LOGIN] $(hostname) ${LOG_USER} login from ${LOG_IP} [${GEO_LOC}] " \
	-e "my_hdr From: ${FROM_ADDR}" \
	-a /tmp/netstat-listen.txt -a /tmp/netstat.txt -a /tmp/processes.txt -a /tmp/who.txt \
	-- "${NOTIFY_ADDR}"

	rm -rf /tmp/netstat-listen.txt /tmp/netstat.txt /tmp/processes.txt /tmp/who.txt
	fi
	fi