pfSense Gold Subscription

Author Topic: [SOLVED]Notify via email access to interactive shell and non interactive shell  (Read 253 times)

0 Members and 1 Guest are viewing this topic.

Offline javcasta

  • Hero Member
  • *****
  • Posts: 668
  • Karma: +552/-85
  • Los routers buscan la convergencia.
    • View Profile
    • PIyMenta
Hello.

For notify via email access to interactive shell, I do it:

Edit /etc/rc.initial and add in the begin (after coments # )

Code: [Select]
echo "Acceso a shell :" `date` `who` | /usr/local/bin/php /usr/local/bin/mail.php -s"`hostname` Alerta de acceso a shell"
logger -f /var/log/system.log "Notificado acceso a shell via email - `who`"

like this

Quote
#!/bin/sh

# /etc/rc.initial
# part of pfSense by Scott Ullrich
# Copyright (C) 2004-2011 Scott Ullrich, All rights reserved.
# originally based on m0n0wall (http://neon1.net/m0n0wall)
# Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
# All rights reserved.

# make sure the user can't kill us by pressing Ctrl-C,
# ctrl-z, etc.
#trap : 2
#trap : 3
#trap : 4

echo "Acceso a shell :" `date` `who` | /usr/local/bin/php /usr/local/bin/mail.php -s"`hostname` Alerta de acceso a shell"
logger -f /var/log/system.log "Notificado acceso a shell via email - `who`"   

if [ -f /etc/rc.local ]; then
    RCLOCALPWD=`ps awux | grep rc.local | grep -v grep | awk '{ print $2 }'
# continue

Work fine to me.

But, for non interactive sessions, (like a remote batch command exec from ssh clients like plink ) How to?

Regards.
« Last Edit: March 22, 2017, 10:51:54 am by javcasta »
Javier Casta˝ˇn
TÚcnico de comunicaciones, soporte y sistemas.

Mi web: https://javcasta.com/

Soporte scripting/pfSense https://javcasta.com/soporte/

Offline javcasta

  • Hero Member
  • *****
  • Posts: 668
  • Karma: +552/-85
  • Los routers buscan la convergencia.
    • View Profile
    • PIyMenta
HI.

One way or solution:

-Necessary condition: have configured and operative: System> advanced> notifications> e-mail.

Create (or modify if exists) the file  /etc/ssh/sshrc file with the content:

Code: [Select]
ipfrom=`echo $SSH_CONNECTION | cut -d " " -f 1`
ippf=`echo $SSH_CONNECTION | cut -d " " -f 3`
theport=`echo $SSH_CONNECTION | cut -d " " -f 4`
echo "User $USER just logged in from $ipfrom to $ippf at port $theport || date: `date` || who: `who`" | /usr/local/bin/php /usr/local/bin/mail.php -s"`hostname`"

And when you login to pfSense shell via ssh (interactive or not interactive shell) the system will notify with email:

Quote
User root just logged in from 10.2.0.10 to 10.2.0.254 at port 22 || date: Wed Mar 22 15:58:25 CET 2017 || who: root             ttyv0        Mar 14 13:23

root             pts/0        Mar 22 15:51 (10.2.0.10)

Regards.

Spanish ref: https://forum.pfsense.org/index.php?topic=112308.msg704419#msg704419
Javier Casta˝ˇn
TÚcnico de comunicaciones, soporte y sistemas.

Mi web: https://javcasta.com/

Soporte scripting/pfSense https://javcasta.com/soporte/

Offline iplost

  • Jr. Member
  • **
  • Posts: 60
  • Karma: +12/-3
    • View Profile
Test ok   ;D