Script send email to admin warning ssh login

Share this post to your friends !

WriteBash - If you usually work with Linux systems, you will need to be aware of security issues with ssh.

The purpose of the script

The following script is written for the CentOS operating system, the purpose of the script is to check the log file for security at regular intervals and email the administrator every time a user makes a successful ssh connection.

#!/bin/bash
# Script by: WriteBash.com
# Script date: 20-12-2017
# Script version: 1.0
# Script use to send an email to administrator everytime an user login ssh successfully.


# Define URL to log file
define_log () {
   LOG_FILE="/var/log/secure"
   FOLDER="/opt/scripts/do-not-remove"
   NUMBER="/opt/scripts/do-not-remove/number_line_ssh.txt"
}

# Define some temp files, used to store temporary log information
define_tmp () {
   TEMP_LOG="/tmp/ssh_temp_log.txt"
   GREP="/tmp/ssh_grep_temp.txt"
}

# Declare some basic information about the server
server_info () {
   SERVER=`hostname | awk -F'.' '{print $1}'`
   DATE=`date`
}

# Check the "filenumber_line_ssh.txt" is exists or not, otherwise create a new file
check_folder () {
   if [[ -d $FOLDER ]]; then
      if [[ ! -s $NUMBER ]]; then
         touch $NUMBER
         echo 0 > $NUMBER
      fi
   else
      mkdir -p $FOLDER
      touch $NUMBER
      echo 0 > $NUMBER
   fi
}

# Function get ssh log for 1 minutes
get_log () {
   NUM=`cat $NUMBER`
   SUM=`expr "$NUM" + 1`
   tail -n +"$SUM" $LOG_FILE > $TEMP_LOG
   echo `wc -l < $LOG_FILE` > $NUMBER
}

# Function send an email to administrator
send_mail () {
   SSH_U=$1
   SSH_F=$2
   SSH_T=$3
   mailx -v -r "system@yourdomain.com" -s "SSH ALERT: [ $SERVER ] " -S smtp="192.168.1.10:25" -S smtp-auth=login -S smtp-auth-user="system@yourdomain.com" -S smtp-auth-password="yourpassword" -S ssl-verify=ignore administrator@yourdomain.com <<END_OF_MAIL
-----------------------------------------
SERVER: $(hostname)
DATE: $DATE
-----------------------------------------

USER: $SSH_U
SSH FROM: $SSH_F
TIME SSH: $SSH_T
-----------------------------------------
END_OF_MAIL
}

# Function process the temp log
process_log () {
   cat $TEMP_LOG | grep "Accepted password" > $GREP
   if [[ -s $GREP ]]; then
      while read -r line
      do
         TIME=`echo $line | awk '{print $3 "-" $2 "-" $1}'`
         USER=`echo $line | awk '{print $9}'`
         FROM=`echo $line | awk '{print $11}'`
         send_mail $USER $FROM $TIME
      done < "$GREP"
   else
      delete_tmp
      exit
   fi
}

# Function delete temp files everytime excute script
delete_tmp () {
   rm -f $TEMP_LOG
   rm -f $GREP
}

# Main function
main () {
   define_log
   define_tmp
   server_info
   check_folder
   get_log
   process_log
   delete_tmp
}
main

exit

You can download the script here.

There are some values that you have to replace with your system informations.

  • system@yourdomain.com: The system email account you use to email the administrator.
  • 192.168.1.10: Your mail server’s IP.
  • yourpassword: Password of the account used to send email.
  • administrator@yourdomain.com: The email account you use to receive a warning email.

Use script

1. Create a folder containing this script (or place it wherever you feel comfortable):

mkdir /opt/scripts
chmod 700 /opt/scripts

2. Create the ssh_alert.sh file and copy the script above into that file.

3. Grant permission to execute script.

chmod 700 /opt/scripts/ssh_alert.sh

4. Set the cron tab to execute scripts every one minute.

crontab -l | { cat; echo "# Check secure log every 1 minute and send an alert email"; } | crontab -
crontab -l | { cat; echo "*/1 * * * * /opt/scripts/ssh_alert.sh"; } | crontab -
script-send-email-to-admin-warning-ssh-login Script send email to admin warning ssh login
Set crontab to alert script

Result of ssh alert script

If you perform the above steps correctly, whenever there is a successful ssh user on your server, there will be an email sent to you as shown below.

script-send-email-to-admin-warning-ssh-login-result Script send email to admin warning ssh login
Email sent to admin

Conclusion

With this simple script, hope it can be helpful to you in the operation of linux servers.

If you liked this article, then please subscribe to our YouTube Channel for more video tutorials. You can also find us on Twitter and Facebook.


Share this post to your friends !
If you appreciate what we share in this blog, you can support us by:
  1. Stay connected to: Facebook | Twitter | Google Plus | YouTube
  2. Subscribe email to recieve new posts from us: Sign up now.
  3. Start your own blog with SSD VPS - Free Let's Encrypt SSL ($2.5/month).
  4. Become a Supporter - Make a contribution via PayPal.
  5. Support us by purchasing Ribbon Lite Child theme being using on this website.

We are thankful for your support.

single post bottom banner
»»

Got something to say? Join the discussion

Please keep in mind that all comments are subject to our Comment Policy. Your email address will not be published.
This site uses Akismet to reduce spam. Learn how your comment data is processed.