2009/7/30 Vagner Rodrigues vag...@litrixlinux.org:
Hi Folks !
Somebody know how I to so send mail with IP and Date/time when same
user login on shell ( remote or local ) ?
I work with another admin's and I never told me when they access and
for what my server to do something, I try log but this can be erased
and maybe mail can help me about access and with this I can Ask about
this access.
--
Esta mensagem foi verificada pelo sistema de antivírus e
acredita-se estar livre de perigo.
Well, all questions regarding the reasons you'd be giving root privs
to someone you don't entirely trust aside... the quick and dirty
approach I can think of would be to modify the system wide
/etc/profile to check uid and send an email if a given uid is logged
in. In the end, there's little to no way I'm aware of to guarantee
being alerted about use once someone's being handed root privileges.
If you do go about setting it up that way... OpenSSH sets variables[1]
regarding the session (IP and such) and those can be used to identify
that. The `tty` command[2] can be used to tell you whether the access
is direct physical access to the system's virtual consoles or not. You
could even bypass dependency on the local system having working mail
configuration and such if you have an smtp server off-host you can
send through by using netcat. A Windows variation[3] I found of the
same principle idea does just that. And, lastly, if you use sudo you
can leverage its own auditing capabilities to know when it's being
used[4].
[1] For example:
SSH_CLIENT=127.0.0.1 44681 22
SSH_TTY=/dev/pts/1
SSH_CONNECTION=127.0.0.1 44681 127.0.0.1 22
Which are of the form:
SSH_CLIENT=client ip client port server port
SSH_TTY=local tty or pty
SSH_CONNECTION=client ip client port server ip server port
[2] http://swoolley.org/man.cgi/tty
[3] http://community.spiceworks.com/how_to/show/225
[4] http://www.cyberciti.biz/faq/sudo-send-e-mail-sudo-log-file/
--
Poison [BLX]
Joshua M. Murphy
Real programmers can write assembly code in any language. - Larry Wall