notice on accepted ssh login - howto? - Security

This is a discussion on notice on accepted ssh login - howto? - Security ; I need some help. I run a mandriva linux (2008). I need a notice (popup preferred) whenever a (certified) user logs in to my computer. I need a real-time notice. How do I do it? And I don't intend on ...

+ Reply to Thread
Results 1 to 12 of 12

Thread: notice on accepted ssh login - howto?

  1. notice on accepted ssh login - howto?

    I need some help. I run a mandriva linux (2008). I need a notice
    (popup preferred) whenever a (certified) user logs in to my computer.
    I need a real-time notice. How do I do it?
    And I don't intend on having cron running every 10 seconds.
    thanks

  2. Re: notice on accepted ssh login - howto?

    On Jun 16, 7:10 pm, mousomer wrote:
    > I need some help. I run a mandriva linux (2008). I need a notice
    > (popup preferred) whenever a (certified) user logs in to my computer.
    > I need a real-time notice. How do I do it?
    > And I don't intend on having cron running every 10 seconds.
    > thanks


    Something like....

    #!/bin/bash

    tail -f /var/log/security | awk "
    /whatever a ssh login looks like/ {
    print | `xdialog --title "SSH login" --msgbox "User $4 has logged
    in"
    }"

    Notes
    - not tested - you'll need to change $4 in the above to wherever the
    username appears
    - you'll need to work on Xauth and xhost if the program is to run in a
    seperate session from your X server.

    C.

  3. Re: notice on accepted ssh login - howto?

    On Jun 17, 2:55 pm, "C." wrote:
    > On Jun 16, 7:10 pm, mousomer wrote:
    >
    > > I need some help. I run a mandriva linux (2008). I need a notice
    > > (popup preferred) whenever a (certified) user logs in to my computer.
    > > I need a real-time notice. How do I do it?
    > > And I don't intend on having cron running every 10 seconds.
    > > thanks

    >
    > Something like....
    >
    > #!/bin/bash
    >
    > tail -f /var/log/security | awk "
    > /whatever a ssh login looks like/ {
    > print | `xdialog --title "SSH login" --msgbox "User $4 has logged
    > in"
    >
    > }"
    >
    > Notes
    > - not tested - you'll need to change $4 in the above to wherever the
    > username appears
    > - you'll need to work on Xauth and xhost if the program is to run in a
    > seperate session from your X server.
    >
    > C.


    That's very nice, but I need a notice to pop real-time when another
    user logs in. I already know where to look for the log lost.
    "who -a" does the job best, also there's a nice Mandriva piece of code
    which sends warnings to console 12. But I want an automatic warning to
    popup when someone else logs in - without having to run a script every
    10 minutes.

  4. Re: notice on accepted ssh login - howto?

    On 17.06.2008, mousomer wrote:
    > On Jun 17, 2:55 pm, "C." wrote:
    >> On Jun 16, 7:10 pm, mousomer wrote:
    >>
    >> > I need some help. I run a mandriva linux (2008). I need a notice
    >> > (popup preferred) whenever a (certified) user logs in to my computer.
    >> > I need a real-time notice. How do I do it?
    >> > And I don't intend on having cron running every 10 seconds.
    >> > thanks

    >>
    >> Something like....
    >>
    >> #!/bin/bash
    >>
    >> tail -f /var/log/security | awk "
    >> /whatever a ssh login looks like/ {
    >> print | `xdialog --title "SSH login" --msgbox "User $4 has logged
    >> in"
    >>
    >> }"
    >>
    >> Notes
    >> - not tested - you'll need to change $4 in the above to wherever the
    >> username appears
    >> - you'll need to work on Xauth and xhost if the program is to run in a
    >> seperate session from your X server.
    >>
    >> C.

    >
    > That's very nice, but I need a notice to pop real-time when another
    > user logs in. I already know where to look for the log lost.
    > "who -a" does the job best, also there's a nice Mandriva piece of code
    > which sends warnings to console 12. But I want an automatic warning to
    > popup when someone else logs in - without having to run a script every
    > 10 minutes.


    Have you considered using (or possibly writing) PAM module?

    --
    Secunia non olet.
    Stanislaw Klekot

  5. Re: notice on accepted ssh login - howto?

    mousomer wrote:
    > On Jun 17, 2:55 pm, "C." wrote:
    >> On Jun 16, 7:10 pm, mousomer wrote:
    >>
    >> > I need some help. I run a mandriva linux (2008). I need a notice
    >> > (popup preferred) whenever a (certified) user logs in to my computer.
    >> > I need a real-time notice. How do I do it?
    >> > And I don't intend on having cron running every 10 seconds.
    >> > thanks

    >>
    >> Something like....
    >>
    >> #!/bin/bash
    >>
    >> tail -f /var/log/security | awk "
    >> /whatever a ssh login looks like/ {
    >> print | `xdialog --title "SSH login" --msgbox "User $4 has logged
    >> in"
    >>
    >> }"
    >>
    >> Notes
    >> - not tested - you'll need to change $4 in the above to wherever the
    >> username appears
    >> - you'll need to work on Xauth and xhost if the program is to run in a
    >> seperate session from your X server.
    >>
    >> C.

    >
    > That's very nice, but I need a notice to pop real-time when another
    > user logs in. I already know where to look for the log lost.
    > "who -a" does the job best, also there's a nice Mandriva piece of code
    > which sends warnings to console 12. But I want an automatic warning to
    > popup when someone else logs in - without having to run a script every
    > 10 minutes.


    I haven't tried it, but this should do what you want! The "tail -f"
    specifies *continous* following of the log file. Whenever a line comes
    up that matches the ssh login (containing the username), you get a match
    -- of course ONLY when the file is actually written, and the "tail -f"
    reads it and passes it along. That, in turn, pops up your GUI dialog.

    Seems simple enough.

    An alternate would be to replace the user's shell (or startup profile).
    You could simply change the ownership of .bashrc to "root" and disallow
    local writes. The last line of .bashrc can then test for (say)
    ..bashrc_local and run that.

    Within the .bashrc, put the xdialog (or whatever popup notification you
    want).




  6. Re: notice on accepted ssh login - howto?

    mousomer schreef:
    > On Jun 17, 2:55 pm, "C." wrote:
    >> On Jun 16, 7:10 pm, mousomer wrote:
    >>
    >>> I need some help. I run a mandriva linux (2008). I need a notice
    >>> (popup preferred) whenever a (certified) user logs in to my computer.
    >>> I need a real-time notice. How do I do it?
    >>> And I don't intend on having cron running every 10 seconds.
    >>> thanks

    >> Something like....
    >>
    >> #!/bin/bash
    >>
    >> tail -f /var/log/security | awk "
    >> /whatever a ssh login looks like/ {
    >> print | `xdialog --title "SSH login" --msgbox "User $4 has logged
    >> in"
    >>
    >> }"
    >>
    >> Notes
    >> - not tested - you'll need to change $4 in the above to wherever the
    >> username appears
    >> - you'll need to work on Xauth and xhost if the program is to run in a
    >> seperate session from your X server.
    >>
    >> C.

    >
    > That's very nice, but I need a notice to pop real-time when another
    > user logs in. I already know where to look for the log lost.
    > "who -a" does the job best, also there's a nice Mandriva piece of code
    > which sends warnings to console 12. But I want an automatic warning to
    > popup when someone else logs in - without having to run a script every
    > 10 minutes.


    You can also try to write a simple script that will create a pop-up
    window on your screen every time it called and add it on their .profile
    or .bashrc

  7. Re: notice on accepted ssh login - howto?

    On Tue, 17 Jun 2008 06:32:07 -0700 (PDT), mousomer wrote:

    > That's very nice, but I need a notice to pop real-time when another
    > user logs in.


    #!/bin/bash
    #************************************************* ***********
    #*
    #* login_popup - pop up for login notification
    #*
    #* Normally called from /etc/profile
    #*
    #* Assumes someone has already logged in and is using
    #* display :0.0 and xmessage has been installed.
    #*
    #* Note: not all shells/desktops use /etc/profile
    #*
    #************************************************* ***********

    tty -s
    if [ $? -eq 0 ] ; then
    nohup xmessage -display :0.0 "$USER logged in $(date)" &
    /bin/rm -f $HOME/nohup.out
    fi

    #**************** end login_popup *****************************

  8. Re: notice on accepted ssh login - howto?

    On Jun 17, 8:44 pm, Bit Twister wrote:
    > On Tue, 17 Jun 2008 06:32:07 -0700 (PDT), mousomer wrote:
    > > That's very nice, but I need a notice to pop real-time when another
    > > user logs in.

    >
    > #!/bin/bash
    > #************************************************* ***********
    > #*
    > #* login_popup - pop up for login notification
    > #*
    > #* Normally called from /etc/profile
    > #*
    > #* Assumes someone has already logged in and is using
    > #* display :0.0 and xmessage has been installed.
    > #*
    > #* Note: not all shells/desktops use /etc/profile
    > #*
    > #************************************************* ***********
    >
    > tty -s
    > if [ $? -eq 0 ] ; then
    > nohup xmessage -display :0.0 "$USER logged in $(date)" &
    > /bin/rm -f $HOME/nohup.out
    > fi
    >
    > #**************** end login_popup *****************************


    We are impressed.
    (thanks!)

  9. Re: notice on accepted ssh login - howto?

    Canned wrote:
    > mousomer schreef:
    >> On Jun 17, 2:55 pm, "C." wrote:
    >>> On Jun 16, 7:10 pm, mousomer wrote:
    >>>
    >>>> I need some help. I run a mandriva linux (2008). I need a notice
    >>>> (popup preferred) whenever a (certified) user logs in to my computer.
    >>>> I need a real-time notice. How do I do it?
    >>>> And I don't intend on having cron running every 10 seconds.
    >>>> thanks
    >>> Something like....
    >>>
    >>> #!/bin/bash
    >>>
    >>> tail -f /var/log/security | awk "
    >>> /whatever a ssh login looks like/ {
    >>> print | `xdialog --title "SSH login" --msgbox "User $4 has logged
    >>> in"
    >>>
    >>> }"
    >>>
    >>> Notes
    >>> - not tested - you'll need to change $4 in the above to wherever the
    >>> username appears
    >>> - you'll need to work on Xauth and xhost if the program is to run in a
    >>> seperate session from your X server.
    >>>
    >>> C.

    >>
    >> That's very nice, but I need a notice to pop real-time when another
    >> user logs in. I already know where to look for the log lost.
    >> "who -a" does the job best, also there's a nice Mandriva piece of code
    >> which sends warnings to console 12. But I want an automatic warning to
    >> popup when someone else logs in - without having to run a script every
    >> 10 minutes.

    >
    > You can also try to write a simple script that will create a pop-up
    > window on your screen every time it called and add it on their .profile
    > or .bashrc


    It needs to be restarted when the logs are rotated, with a very short gap in
    the process.

  10. Re: notice on accepted ssh login - howto?

    On Jun 17, 8:44 pm, Bit Twister wrote:
    > On Tue, 17 Jun 2008 06:32:07 -0700 (PDT), mousomer wrote:
    > > That's very nice, but I need a notice to pop real-time when another
    > > user logs in.

    >
    > #!/bin/bash
    > #************************************************* ***********
    > #*
    > #* login_popup - pop up for login notification
    > #*
    > #* Normally called from /etc/profile
    > #*
    > #* Assumes someone has already logged in and is using
    > #* display :0.0 and xmessage has been installed.
    > #*
    > #* Note: not all shells/desktops use /etc/profile
    > #*
    > #************************************************* ***********
    >
    > tty -s
    > if [ $? -eq 0 ] ; then
    > nohup xmessage -display :0.0 "$USER logged in $(date)" &
    > /bin/rm -f $HOME/nohup.out
    > fi
    >
    > #**************** end login_popup *****************************


    Now here's a nice catch: what do I do if I need the notice to appear
    on a specific machine, regardless of the user who logged?

  11. Re: notice on accepted ssh login - howto?

    On Sun, 22 Jun 2008 01:57:14 -0700 (PDT), mousomer wrote:
    >
    > Now here's a nice catch: what do I do if I need the notice to appear
    > on a specific machine,


    You add the machine name or ip addy to the -display value.

    > regardless of the user who logged?


    Do not understand whom you are talking about. The -display value
    indicates the display which is to get the screen contents.
    You do not get to pick the person, you pick a display number.


    For extra points, and assuming / will search for a term:

    man X

    /-display


  12. Re: notice on accepted ssh login - howto?

    On Jun 17, 12:55*pm, "C." wrote:
    > On Jun 16, 7:10 pm, mousomer wrote:
    >
    > > I need some help. I run a mandriva linux (2008). I need a notice
    > > (popup preferred) whenever a (certified) user logs in to my computer.
    > > I need a real-time notice. How do I do it?
    > > And I don't intend on having cron *running every 10 seconds.
    > > thanks

    >
    > Something like....
    >
    > #!/bin/bash
    >
    > tail -f /var/log/security | awk "
    > /whatever a ssh login looks like/ {
    > * *print | `xdialog *--title "SSH login" --msgbox "User $4 has logged
    > in"
    >
    > }"
    >
    > Notes
    > - not tested - you'll need to change $4 in the above to wherever the
    > username appears
    > - you'll need to work on Xauth and xhost if the program is to run in a
    > seperate session from your X server.
    >



    Great idea, Colin. Based on your script I made my version (tested only
    in foreground):


    tail -f /var/log/auth.log | while read LINE
    do
    if [[ $LINE =~ "session opened" ]]
    then
    NEWUSER=`echo $LINE | awk '{ print $11; }'`
    zenity zenity --error --text="$NEWUSER logged in"
    fi
    done



    Regards,
    Artur

+ Reply to Thread