notify each login of root via ssh

2026-04-02 19:01:30 +02:00 · 2026-03-19 23:05:18 +01:00
parent 6854a1f101
commit ee87921da4
2 changed files with 112 additions and 0 deletions
--- a/script/host/pam/README.md
+++ b/script/host/pam/README.md
@@ -0,0 +1,30 @@
+How to use
+==========
+
+You can use this script `ssh-notify-root-login.sh` in two different ways.
+
+1.) Use it as is
+----------------
+
+In this use case you just have to call this script once.
+
+It will register itself to the file `/etc/pam.d/sshd` and because there is just a logfile defined you will get that functionality.
+
+Each ssh login of user root will be logged into this file:  
+ - `/var/log/ssh-notify-root-login.sh.log`
+
+2.) Use your own configuration
+------------------------------
+
+In this case copy the script to a custom location or put it into your definitions, e.g.:
+ - `/cis/definitions/your.domain.net/script/host/pam/ssh-notify-root-login.sh`
+  
+There you can modify the following variables:
+ - _LOGFILE 
+ - _EMAIL_ADDRESS
+ - _SLACK_WEBHOOK_URL
+
+Setting these variables to "" will disable the feature.
+
+If you set a varaible to a valid value, e.g. a webhook-url of slack, you will get a slack-message on each login.
+