How to achieve E-Mail Notification on root login?
Zyumbilev, Peter
peter at aboutsupport.com
Tue Feb 12 14:41:51 UTC 2013
Hi,
Allow "sudo bash" only.
Modify .bashrc to mail last entry from the log
http://tldp.org/LDP/abs/html/sample-bashrc.html
So you will get alert instantly :-)
Peter
On 12/02/2013 16:31, Robert Huff wrote:
>
> Polytropon writes:
>
>> > given there is a FreeBSD system with users in the wheel group,
>> > what is the best practise to send out a notification
>> > via E-Mail if one of them becomes root via su? In an ideal
>> > case the E-Mail would contain the user name and the time.
>>
>> I'm not sure if there already is a solution (provided in the
>> base system) that offers this functionality, but the fact of
>> a user having used "su" to "su root" is logged by the system.
>> The line is appended to /var/log/messages:
>>
>> Feb 12 14:40:57 r56 su: poly to root on /dev/pts/2
>>
>> The information you want is in there, and you could either use
>> the whole line, or apply some sed, awk or even perl to form a
>> message with less information (only date and user).
>>
>> A scripted solution could monitor /var/log/messages for changes
>> and use the system's builtin mailer to deliver the message. Tools
>> like "tail -f", "grep" and "| mail" could be involved. It should
>> be quite trivial to implement this and add a custom rc.d-style
>> script (or even few lines in ye olde /etc/rc.local).
>
> Take a look at the "-p" option of "split".
> The bigger question is how quickly do you need to know -
> instantly? once an hour? once a day?
>
>
> Robert Huff
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list