HPE Community
Operating System - Linux
1833759 Members
2358 Online
110063 Solutions
New Discussion

Email Sys Admin every login

 
SOLVED
Go to solution
Lisa Mauer
Regular Advisor

‎09-17-2004 02:57 AM

‎09-17-2004 02:57 AM

Email Sys Admin every login

Is there a way in Linux to email me user and computer name (which shows up in the /var/log/messages file) anytime someone successfully logs in to the server? We have some Linux servers that don't really need to be logged into, the HP-UX server loads everything for them so I don't want anyone logging into them without notifying me. If they do I would like to know so I can ask what they are doing. This is a development org not production so they may need to login for different purposes but I just want to know.... I could write a script to run in cron and gather all the suyccessful logins every minute along with their computer name, but thought if there was a better way, you Linux gurus would know....
0 Kudos
Reply
9 REPLIES 9
Rick Garland
Honored Contributor

‎09-17-2004 03:01 AM

‎09-17-2004 03:01 AM

Re: Email Sys Admin every login

The who -um command can provide the info you are looking for. Will have parse the output to get the specific info. You script could keep a pointer record and alert you if any new entries appear.
0 Kudos
Reply
Rick Garland
Honored Contributor

‎09-17-2004 03:10 AM

‎09-17-2004 03:10 AM

Re: Email Sys Admin every login

Doing some experimenting (RH 3.0 ES) shows that the last will do it as well. Will provide their terminal, date/time of login, from where they are, etc.

Still some scripting is gong to be needed to parse the info.

0 Kudos
Reply
John Poff
Honored Contributor

‎09-17-2004 08:49 AM

‎09-17-2004 08:49 AM

Solution

Re: Email Sys Admin every login

Hi,

What if you just put something like this somewhere in /etc/profile?

echo "User $USER just logged onto $HOSTNAME" | mail -s "Login notice" root

JP
Reply
Lisa Mauer
Regular Advisor

‎09-17-2004 09:07 AM

‎09-17-2004 09:07 AM

Re: Email Sys Admin every login

John - brilliant! Thanks for all the answers, but John's idea is what I needed :)
0 Kudos
Reply
Ross Minkov
Esteemed Contributor

‎09-19-2004 03:39 AM

‎09-19-2004 03:39 AM

Re: Email Sys Admin every login

Lisa,

Just a quick note... Not all users run /etc/profile. For example if you have any csh or tcsh users (check /etc/passwd to see if you have any) they will run /etc/csh.login instead of /etc/profile.

Also not every access to the system is a login. For example:
rsh -l user host command
or
ssh -l user host command
will not be considered logins and would not go through /etc/profile

Regards,
Ross
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎09-19-2004 01:47 PM

‎09-19-2004 01:47 PM

Re: Email Sys Admin every login

While this method id pretty slick:

echo "User $USER just logged onto $HOSTNAME" | mail -s "Login notice" root

You might want to actually route the email to an account that pops up on your screen. Perhaps your exchange account.

root gets an email in Linux every time a cron job is run if you are using the mail -s methodology.

Since its logins you are concerned with you might want to know immediately.

If you have no exchange server you can add an account for this purpose.

Since root gets so many emails it may be a good idea to segment this output.

I take it login volume is low and you're wondering why anyone would log in to the system. If login volume is high all you're doing is filling up the mailbox in the /var filesystem.

Do see that there is enough space in /var to accomodate the load.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Lisa Mauer
Regular Advisor

‎09-20-2004 12:51 AM

‎09-20-2004 12:51 AM

Re: Email Sys Admin every login

Thanks for the information, I never thought of ssh. I did change the root email to be my exchange email, figured since I don't even log in much I wouldn't see any logins.
Thanks again!
0 Kudos
Reply
John Poff
Honored Contributor

‎09-20-2004 01:37 AM

‎09-20-2004 01:37 AM

Re: Email Sys Admin every login

Ross has an interesting point, but I got curious and decided to test it out. I setup my Linux box with the e-mail line in /etc/profile, and I connected using the 'rsh' and 'ssh' examples Ross gave. My box sent me e-mail messages for both attempts, so it looks like they do go through /etc/profile, which kind of makes sense if you are getting a shell prompt.

JP
0 Kudos
Reply
John Poff
Honored Contributor

‎09-20-2004 01:41 AM

‎09-20-2004 01:41 AM

Re: Email Sys Admin every login

Oops. I shouldn't post on Monday morning before I've had my coffee! :)

Ross is correct. His example just executes a command as a user, which does not execute the /etc/profile command. Those connections are logged in /var/log/messages. I was trying a straight login via rsh and ssh, which were getting a shell and running /etc/profile.

Sorry Ross. ;)

JP
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.