filter for private IP added

2026-04-02 11:01:29 +02:00 · 2026-03-20 20:47:26 +01:00
parent 363ed88731
commit 320cc2009b
1 changed files with 12 additions and 1 deletions
--- a/script/host/pam/ssh-notify-root-login.sh
+++ b/script/host/pam/ssh-notify-root-login.sh
@@ -73,10 +73,21 @@ function setup() {
    return 0
 }

-if [ "$PAM_TYPE" != "close_session" ] && ! setup && [ "${PAM_USER}" != "" ] && [ "${PAM_USER}" == "root" ]; then
+if [ "$PAM_TYPE" != "close_session" ] && ! setup && [ "${PAM_USER}" != "" ]; then
+
+    # Log root logins only
+    [ "${PAM_USER}" != "root" ] \
+        && exit 0
+
+    # Skip logins from private IPs
+    echo "${PAM_RHOST}" | grep -Eq "^192\.168\..*$" \
+        && exit 0
+
    _MESSAGE="[$(date --rfc-3339=seconds)] - Login from IP: '${PAM_RHOST}' as user 'root@$(hostname)'"

    log "${_MESSAGE}"
    sendEMail "${_MESSAGE}"
    sendSlackMessage "${_MESSAGE}"
 fi
+
+exit 0