gfoss/ssh-alert-cronjob

Last active December 12, 2015 02:38

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/gfoss/4700590.js"></script>
Save gfoss/4700590 to your computer and use it in GitHub Desktop.

Download ZIP

simple cronjob to alert on 'unknown/unexpected' access to a system.

Raw

ssh-alert-cronjob

0 */1 * * * last -5 | grep -v '[user]\|wtmp\|reboot\|shutdown' && last -10 | grep -v '[user]\|wtmp\|reboot\|shutdown' >> ~/Desktop/ALERT && wall -g [group] ~/Desktop/ALERT

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment