From 320cc2009b5101464811d7f37e49794ddffa00ad Mon Sep 17 00:00:00 2001
From: m8in <m8in@gmx.de>
Date: Fri, 20 Mar 2026 20:47:26 +0100
Subject: [PATCH] filter for private IP added

---
 script/host/pam/ssh-notify-root-login.sh | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/script/host/pam/ssh-notify-root-login.sh b/script/host/pam/ssh-notify-root-login.sh
index 84ce2eb..521bbc0 100755
--- a/script/host/pam/ssh-notify-root-login.sh
+++ b/script/host/pam/ssh-notify-root-login.sh
@@ -73,10 +73,21 @@ function setup() {
     return 0
 }
 
-if [ "$PAM_TYPE" != "close_session" ] && ! setup && [ "${PAM_USER}" != "" ] && [ "${PAM_USER}" == "root" ]; then
+if [ "$PAM_TYPE" != "close_session" ] && ! setup && [ "${PAM_USER}" != "" ]; then
+
+    # Log root logins only
+    [ "${PAM_USER}" != "root" ] \
+        && exit 0
+
+    # Skip logins from private IPs
+    echo "${PAM_RHOST}" | grep -Eq "^192\.168\..*$" \
+        && exit 0
+
     _MESSAGE="[$(date --rfc-3339=seconds)] - Login from IP: '${PAM_RHOST}' as user 'root@$(hostname)'"
 
     log "${_MESSAGE}"
     sendEMail "${_MESSAGE}"
     sendSlackMessage "${_MESSAGE}"
 fi
+
+exit 0