Notification email when someone SSH Linux Centos7 workstation (output of the command who)
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
My Linux workstation is part of a shared Network. I would like to receive a notification email every time someone SSH my workstation. For that purpose, I opened the file ~/.bash_profile in gedit (my ~/.bash_profile file is completely empty) and I wrote the following lines:
IP="$(echo $SSH_CONNECTION | awk 'print $1')"
HOST=$(hostname)
TIME_DATE_STAMP=$(date +"%e %b %Y, %a %r")
echo 'The '$IP' logged into '$HOST' on '$ TIME_DATE_STAMP'.' | mail -s 'SSH
Login Notification' MY_EMAIL_ADDRESS
I still don't get a notification email! Please notify me what I am doing wrong?
To get around this issue:
When I use the command "who -H" int terminal. It pulls out a list for all the incoming ssh actions to my workstation. My questions is: How the command "who" generate this information? what is the source of its data, so I can rely on it to get the ssh data that I want?
bash ssh scripting email notifications
asked Aug 31 at 1:01
Goro
4,41452356
add a comment |Â
up vote
0
down vote
favorite
My Linux workstation is part of a shared Network. I would like to receive a notification email every time someone SSH my workstation. For that purpose, I opened the file ~/.bash_profile in gedit (my ~/.bash_profile file is completely empty) and I wrote the following lines:
IP="$(echo $SSH_CONNECTION | awk 'print $1')"
HOST=$(hostname)
TIME_DATE_STAMP=$(date +"%e %b %Y, %a %r")
echo 'The '$IP' logged into '$HOST' on '$ TIME_DATE_STAMP'.' | mail -s 'SSH
Login Notification' MY_EMAIL_ADDRESS
I still don't get a notification email! Please notify me what I am doing wrong?
To get around this issue:
When I use the command "who -H" int terminal. It pulls out a list for all the incoming ssh actions to my workstation. My questions is: How the command "who" generate this information? what is the source of its data, so I can rely on it to get the ssh data that I want?
bash ssh scripting email notifications
asked Aug 31 at 1:01
Goro
4,41452356
2
You have edited your own ~/.bash_profile, which is only executed when you log in; it has no effect on other users! (Commenting as to your attempted direction, as it's not an answer to the possible question of sending an actual notification email for those circumstances)
– Jeff Schaller
Aug 31 at 1:22
Thank you so much Jeff! In this case should I make the code a bash and scheduale it to run periodically (i.e. using crontab -e)?
– Goro
Aug 31 at 1:27
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
My Linux workstation is part of a shared Network. I would like to receive a notification email every time someone SSH my workstation. For that purpose, I opened the file ~/.bash_profile in gedit (my ~/.bash_profile file is completely empty) and I wrote the following lines:
IP="$(echo $SSH_CONNECTION | awk 'print $1')"
HOST=$(hostname)
TIME_DATE_STAMP=$(date +"%e %b %Y, %a %r")
echo 'The '$IP' logged into '$HOST' on '$ TIME_DATE_STAMP'.' | mail -s 'SSH
Login Notification' MY_EMAIL_ADDRESS
I still don't get a notification email! Please notify me what I am doing wrong?
To get around this issue:
When I use the command "who -H" int terminal. It pulls out a list for all the incoming ssh actions to my workstation. My questions is: How the command "who" generate this information? what is the source of its data, so I can rely on it to get the ssh data that I want?
bash ssh scripting email notifications
asked Aug 31 at 1:01
Goro
4,41452356
My Linux workstation is part of a shared Network. I would like to receive a notification email every time someone SSH my workstation. For that purpose, I opened the file ~/.bash_profile in gedit (my ~/.bash_profile file is completely empty) and I wrote the following lines:
IP="$(echo $SSH_CONNECTION | awk 'print $1')"
HOST=$(hostname)
TIME_DATE_STAMP=$(date +"%e %b %Y, %a %r")
echo 'The '$IP' logged into '$HOST' on '$ TIME_DATE_STAMP'.' | mail -s 'SSH
Login Notification' MY_EMAIL_ADDRESS
I still don't get a notification email! Please notify me what I am doing wrong?
To get around this issue:
When I use the command "who -H" int terminal. It pulls out a list for all the incoming ssh actions to my workstation. My questions is: How the command "who" generate this information? what is the source of its data, so I can rely on it to get the ssh data that I want?
bash ssh scripting email notifications
bash ssh scripting email notifications
asked Aug 31 at 1:01
Goro
4,41452356
asked Aug 31 at 1:01
Goro
4,41452356
edited Aug 31 at 8:10
asked Aug 31 at 1:01
Goro
4,41452356
asked Aug 31 at 1:01
Goro
4,41452356
asked Aug 31 at 1:01
Goro
4,41452356
4,41452356
2
You have edited your own ~/.bash_profile, which is only executed when you log in; it has no effect on other users! (Commenting as to your attempted direction, as it's not an answer to the possible question of sending an actual notification email for those circumstances)
– Jeff Schaller
Aug 31 at 1:22
Thank you so much Jeff! In this case should I make the code a bash and scheduale it to run periodically (i.e. using crontab -e)?
– Goro
Aug 31 at 1:27
add a comment |Â
2
You have edited your own ~/.bash_profile, which is only executed when you log in; it has no effect on other users! (Commenting as to your attempted direction, as it's not an answer to the possible question of sending an actual notification email for those circumstances)
– Jeff Schaller
Aug 31 at 1:22
Thank you so much Jeff! In this case should I make the code a bash and scheduale it to run periodically (i.e. using crontab -e)?
– Goro
Aug 31 at 1:27
2
2
You have edited your own ~/.bash_profile, which is only executed when you log in; it has no effect on other users! (Commenting as to your attempted direction, as it's not an answer to the possible question of sending an actual notification email for those circumstances)
– Jeff Schaller
Aug 31 at 1:22
You have edited your own ~/.bash_profile, which is only executed when you log in; it has no effect on other users! (Commenting as to your attempted direction, as it's not an answer to the possible question of sending an actual notification email for those circumstances)
– Jeff Schaller
Aug 31 at 1:22
Thank you so much Jeff! In this case should I make the code a bash and scheduale it to run periodically (i.e. using crontab -e)?
– Goro
Aug 31 at 1:27
Thank you so much Jeff! In this case should I make the code a bash and scheduale it to run periodically (i.e. using crontab -e)?
– Goro
Aug 31 at 1:27
add a comment |Â
3 Answers
3
active
oldest
votes
up vote
2
down vote
accepted
You can pull out the information you want from the command "who", then pipe it to the command mail. An example command:
who | awk 'print $1" "$3" "$4" " $5' | tail -1 | mail -s 'WARNING: SSH Notification' EMAIL_ADDRESS
Save the previous command as a bash, and schedule it in crontab to run every specific minutes (e.g. every 30 minutes).
answered Sep 1 at 10:43
Kasper
14912
add a comment |Â
up vote
2
down vote
you can pipe the output of the command last .
last | head -1 | mail -s 'WARNING:' EMAIL_ADRESS
answered Sep 1 at 14:32
TNT
314112
add a comment |Â
up vote
1
down vote
A couple things:
Your
~/.bash_profileis only kicked off when you login. These other users may not be logging in as you.For observing who is logging into your CentOS machine over ssh, parse the output of
/var/log/secure.
It'd look something like this:
tail -f /var/log/secure | while read LOGLINE
do
[[ "$LOGLINE" == *"logged in"* ]] && mail -s 'SSH Notification' $MY_EMAIL_ADDRESS
done
EDIT: You've edited your question to ask about how the who command works. Look I'm not a C developer but here's the source code of the who command if you really want a peek at how it works. I don't think this is what you're looking for, however - and I know've no other way to assist you. Even if you could create a script to check if someone is logged in leveraging cron & who, there's always a possibility that someone could login & logout between your runs. Logs are the way to go.
answered Aug 31 at 1:26
Rakaim
1265
Thank you Rakaim. Nice solution, but I don't have permissions to read "var/log/secure"!
– Goro
Aug 31 at 1:31
1
@goro Then you do not have the ability to see ssh sessions into your machine.
– Rakaim
Aug 31 at 1:33
add a comment |Â
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
accepted
You can pull out the information you want from the command "who", then pipe it to the command mail. An example command:
who | awk 'print $1" "$3" "$4" " $5' | tail -1 | mail -s 'WARNING: SSH Notification' EMAIL_ADDRESS
Save the previous command as a bash, and schedule it in crontab to run every specific minutes (e.g. every 30 minutes).
answered Sep 1 at 10:43
Kasper
14912
add a comment |Â
up vote
2
down vote
accepted
You can pull out the information you want from the command "who", then pipe it to the command mail. An example command:
who | awk 'print $1" "$3" "$4" " $5' | tail -1 | mail -s 'WARNING: SSH Notification' EMAIL_ADDRESS
Save the previous command as a bash, and schedule it in crontab to run every specific minutes (e.g. every 30 minutes).
answered Sep 1 at 10:43
Kasper
14912
add a comment |Â
up vote
2
down vote
accepted
up vote
2
down vote
accepted
You can pull out the information you want from the command "who", then pipe it to the command mail. An example command:
who | awk 'print $1" "$3" "$4" " $5' | tail -1 | mail -s 'WARNING: SSH Notification' EMAIL_ADDRESS
Save the previous command as a bash, and schedule it in crontab to run every specific minutes (e.g. every 30 minutes).
answered Sep 1 at 10:43
Kasper
14912
You can pull out the information you want from the command "who", then pipe it to the command mail. An example command:
who | awk 'print $1" "$3" "$4" " $5' | tail -1 | mail -s 'WARNING: SSH Notification' EMAIL_ADDRESS
Save the previous command as a bash, and schedule it in crontab to run every specific minutes (e.g. every 30 minutes).
answered Sep 1 at 10:43
Kasper
14912
answered Sep 1 at 10:43
Kasper
14912
answered Sep 1 at 10:43
Kasper
14912
answered Sep 1 at 10:43
Kasper
14912
14912
add a comment |Â
add a comment |Â
up vote
2
down vote
you can pipe the output of the command last .
last | head -1 | mail -s 'WARNING:' EMAIL_ADRESS
answered Sep 1 at 14:32
TNT
314112
add a comment |Â
up vote
2
down vote
you can pipe the output of the command last .
last | head -1 | mail -s 'WARNING:' EMAIL_ADRESS
answered Sep 1 at 14:32
TNT
314112
add a comment |Â
up vote
2
down vote
up vote
2
down vote
you can pipe the output of the command last .
last | head -1 | mail -s 'WARNING:' EMAIL_ADRESS
answered Sep 1 at 14:32
TNT
314112
you can pipe the output of the command last .
last | head -1 | mail -s 'WARNING:' EMAIL_ADRESS
answered Sep 1 at 14:32
TNT
314112
answered Sep 1 at 14:32
TNT
314112
answered Sep 1 at 14:32
TNT
314112
answered Sep 1 at 14:32
TNT
314112
314112
add a comment |Â
add a comment |Â
up vote
1
down vote
A couple things:
Your
~/.bash_profileis only kicked off when you login. These other users may not be logging in as you.For observing who is logging into your CentOS machine over ssh, parse the output of
/var/log/secure.
It'd look something like this:
tail -f /var/log/secure | while read LOGLINE
do
[[ "$LOGLINE" == *"logged in"* ]] && mail -s 'SSH Notification' $MY_EMAIL_ADDRESS
done
EDIT: You've edited your question to ask about how the who command works. Look I'm not a C developer but here's the source code of the who command if you really want a peek at how it works. I don't think this is what you're looking for, however - and I know've no other way to assist you. Even if you could create a script to check if someone is logged in leveraging cron & who, there's always a possibility that someone could login & logout between your runs. Logs are the way to go.
answered Aug 31 at 1:26
Rakaim
1265
Thank you Rakaim. Nice solution, but I don't have permissions to read "var/log/secure"!
– Goro
Aug 31 at 1:31
1
@goro Then you do not have the ability to see ssh sessions into your machine.
– Rakaim
Aug 31 at 1:33
add a comment |Â
up vote
1
down vote
A couple things:
Your
~/.bash_profileis only kicked off when you login. These other users may not be logging in as you.For observing who is logging into your CentOS machine over ssh, parse the output of
/var/log/secure.
It'd look something like this:
tail -f /var/log/secure | while read LOGLINE
do
[[ "$LOGLINE" == *"logged in"* ]] && mail -s 'SSH Notification' $MY_EMAIL_ADDRESS
done
EDIT: You've edited your question to ask about how the who command works. Look I'm not a C developer but here's the source code of the who command if you really want a peek at how it works. I don't think this is what you're looking for, however - and I know've no other way to assist you. Even if you could create a script to check if someone is logged in leveraging cron & who, there's always a possibility that someone could login & logout between your runs. Logs are the way to go.
answered Aug 31 at 1:26
Rakaim
1265
Thank you Rakaim. Nice solution, but I don't have permissions to read "var/log/secure"!
– Goro
Aug 31 at 1:31
1
@goro Then you do not have the ability to see ssh sessions into your machine.
– Rakaim
Aug 31 at 1:33
add a comment |Â
up vote
1
down vote
up vote
1
down vote
A couple things:
Your
~/.bash_profileis only kicked off when you login. These other users may not be logging in as you.For observing who is logging into your CentOS machine over ssh, parse the output of
/var/log/secure.
It'd look something like this:
tail -f /var/log/secure | while read LOGLINE
do
[[ "$LOGLINE" == *"logged in"* ]] && mail -s 'SSH Notification' $MY_EMAIL_ADDRESS
done
EDIT: You've edited your question to ask about how the who command works. Look I'm not a C developer but here's the source code of the who command if you really want a peek at how it works. I don't think this is what you're looking for, however - and I know've no other way to assist you. Even if you could create a script to check if someone is logged in leveraging cron & who, there's always a possibility that someone could login & logout between your runs. Logs are the way to go.
answered Aug 31 at 1:26
Rakaim
1265
A couple things:
Your
~/.bash_profileis only kicked off when you login. These other users may not be logging in as you.For observing who is logging into your CentOS machine over ssh, parse the output of
/var/log/secure.
It'd look something like this:
tail -f /var/log/secure | while read LOGLINE
do
[[ "$LOGLINE" == *"logged in"* ]] && mail -s 'SSH Notification' $MY_EMAIL_ADDRESS
done
EDIT: You've edited your question to ask about how the who command works. Look I'm not a C developer but here's the source code of the who command if you really want a peek at how it works. I don't think this is what you're looking for, however - and I know've no other way to assist you. Even if you could create a script to check if someone is logged in leveraging cron & who, there's always a possibility that someone could login & logout between your runs. Logs are the way to go.
answered Aug 31 at 1:26
Rakaim
1265
edited Aug 31 at 15:05
answered Aug 31 at 1:26
Rakaim
1265
answered Aug 31 at 1:26
Rakaim
1265
answered Aug 31 at 1:26
Rakaim
1265
1265
Thank you Rakaim. Nice solution, but I don't have permissions to read "var/log/secure"!
– Goro
Aug 31 at 1:31
1
@goro Then you do not have the ability to see ssh sessions into your machine.
– Rakaim
Aug 31 at 1:33
add a comment |Â
Thank you Rakaim. Nice solution, but I don't have permissions to read "var/log/secure"!
– Goro
Aug 31 at 1:31
1
@goro Then you do not have the ability to see ssh sessions into your machine.
– Rakaim
Aug 31 at 1:33
Thank you Rakaim. Nice solution, but I don't have permissions to read "var/log/secure"!
– Goro
Aug 31 at 1:31
Thank you Rakaim. Nice solution, but I don't have permissions to read "var/log/secure"!
– Goro
Aug 31 at 1:31
1
1
@goro Then you do not have the ability to see ssh sessions into your machine.
– Rakaim
Aug 31 at 1:33
@goro Then you do not have the ability to see ssh sessions into your machine.
– Rakaim
Aug 31 at 1:33
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f465890%2fnotification-email-when-someone-ssh-linux-centos7-workstation-output-of-the-com%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
2
You have edited your own ~/.bash_profile, which is only executed when you log in; it has no effect on other users! (Commenting as to your attempted direction, as it's not an answer to the possible question of sending an actual notification email for those circumstances)
– Jeff Schaller
Aug 31 at 1:22
Thank you so much Jeff! In this case should I make the code a bash and scheduale it to run periodically (i.e. using crontab -e)?
– Goro
Aug 31 at 1:27