Created
April 19, 2023 20:14
-
-
Save willboudle/7a68a8c44fceccd2422d6a4f1e07ab65 to your computer and use it in GitHub Desktop.
Send email when someone ssh's into the server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| while true | |
| do | |
| # Search for the user string in the auth.log file and extract the relevant information | |
| session_info=$(grep -oP 'pam_unix\(sshd:session\): session opened for user \K[^ ]+' /var/log/auth.log | grep -oP '^[^\s]+') | |
| # If session_info is not empty, send an email with the session information | |
| if [ -n "$session_info" ] | |
| then | |
| echo "Session information: $session_info" | mail -s "Session opened" recipient@example.com | |
| fi | |
| # Wait for one minute before checking again | |
| sleep 60 | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment