2009/7/30 Vagner Rodrigues <[email protected]>: > > > Hi Folks ! > > > Somebody know how I to so send mail with IP and Date/time when same > user login on shell ( remote or local ) ? > > I work with another admin's and I never told me when they access and > for what my server to do something, I try log but this can be erased > and maybe mail can help me about access and with this I can Ask about > this access. > > > > > > > > -- > > Esta mensagem foi verificada pelo sistema de antivírus e > acredita-se estar livre de perigo.
Well, all questions regarding the reasons you'd be giving root privs to someone you don't entirely trust aside... the quick and dirty approach I can think of would be to modify the system wide /etc/profile to check uid and send an email if a given uid is logged in. In the end, there's little to no way I'm aware of to guarantee being alerted about use once someone's being handed root privileges. If you do go about setting it up that way... OpenSSH sets variables[1] regarding the session (IP and such) and those can be used to identify that. The `tty` command[2] can be used to tell you whether the access is direct physical access to the system's virtual consoles or not. You could even bypass dependency on the local system having working mail configuration and such if you have an smtp server off-host you can send through by using netcat. A Windows variation[3] I found of the same principle idea does just that. And, lastly, if you use sudo you can leverage its own auditing capabilities to know when it's being used[4]. [1] For example: SSH_CLIENT=127.0.0.1 44681 22 SSH_TTY=/dev/pts/1 SSH_CONNECTION=127.0.0.1 44681 127.0.0.1 22 Which are of the form: SSH_CLIENT=<client ip> <client port> <server port> SSH_TTY=<local tty or pty> SSH_CONNECTION=<client ip> <client port> <server ip> <server port> [2] http://swoolley.org/man.cgi/tty [3] http://community.spiceworks.com/how_to/show/225 [4] http://www.cyberciti.biz/faq/sudo-send-e-mail-sudo-log-file/ -- Poison [BLX] Joshua M. Murphy "Real programmers can write assembly code in any language." - Larry Wall
