Everbrent/cis
8
0
Fork 0
mirror of https://github.com/m8tin/cis.git synced 2026-04-02 19:01:30 +02:00
Code Issues Packages Projects Releases Wiki Activity

filter for private IP added

Browse Source
This commit is contained in:
m8in
2026-03-20 20:47:26 +01:00
parent 363ed88731
commit 320cc2009b
1 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
script/host/pam/ssh-notify-root-login.sh
View File

@@ -73,10 +73,21 @@ function setup() {
return 0 return 0
} }
if [ "$PAM_TYPE" != "close_session" ] && ! setup && [ "${PAM_USER}" != "" ] && [ "${PAM_USER}" == "root" ]; then if [ "$PAM_TYPE" != "close_session" ] && ! setup && [ "${PAM_USER}" != "" ]; then
# Log root logins only
[ "${PAM_USER}" != "root" ] \
&& exit 0
# Skip logins from private IPs
echo "${PAM_RHOST}" | grep -Eq "^192\.168\..*$" \
&& exit 0
_MESSAGE="[$(date --rfc-3339=seconds)] - Login from IP: '${PAM_RHOST}' as user 'root@$(hostname)'" _MESSAGE="[$(date --rfc-3339=seconds)] - Login from IP: '${PAM_RHOST}' as user 'root@$(hostname)'"
log "${_MESSAGE}" log "${_MESSAGE}"
sendEMail "${_MESSAGE}" sendEMail "${_MESSAGE}"
sendSlackMessage "${_MESSAGE}" sendSlackMessage "${_MESSAGE}"
fi fi
exit 0