How to achieve E-Mail Notification on root login?
Robert Huff
roberthuff at rcn.com
Tue Feb 12 14:31:33 UTC 2013
Polytropon writes:
> > given there is a FreeBSD system with users in the wheel group,
> > what is the best practise to send out a notification
> > via E-Mail if one of them becomes root via su? In an ideal
> > case the E-Mail would contain the user name and the time.
>
> I'm not sure if there already is a solution (provided in the
> base system) that offers this functionality, but the fact of
> a user having used "su" to "su root" is logged by the system.
> The line is appended to /var/log/messages:
>
> Feb 12 14:40:57 r56 su: poly to root on /dev/pts/2
>
> The information you want is in there, and you could either use
> the whole line, or apply some sed, awk or even perl to form a
> message with less information (only date and user).
>
> A scripted solution could monitor /var/log/messages for changes
> and use the system's builtin mailer to deliver the message. Tools
> like "tail -f", "grep" and "| mail" could be involved. It should
> be quite trivial to implement this and add a custom rc.d-style
> script (or even few lines in ye olde /etc/rc.local).
Take a look at the "-p" option of "split".
The bigger question is how quickly do you need to know -
instantly? once an hour? once a day?
Robert Huff
More information about the freebsd-questions
mailing list