Everbrent/cis
8
0
Fork 0
mirror of https://github.com/m8tin/cis.git synced 2026-04-02 19:01:30 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
5c9953e455e16aaf7a8c51a5f2982f3964189782
cis/script/host/pam
History
m8in 320cc2009b filter for private IP added
2026-03-20 20:47:26 +01:00
..
README.md
notify each login of root via ssh
2026-03-19 23:05:18 +01:00
ssh-notify-root-login.sh
filter for private IP added
2026-03-20 20:47:26 +01:00

README.md

How to use

You can use this script ssh-notify-root-login.sh in two different ways.

1.) Use it as is

In this use case you just have to call this script once.

It will register itself to the file /etc/pam.d/sshd and because there is just a logfile defined you will get that functionality.

Each ssh login of user root will be logged into this file:

  • /var/log/ssh-notify-root-login.sh.log

2.) Use your own configuration

In this case copy the script to a custom location or put it into your definitions, e.g.:

  • /cis/definitions/your.domain.net/script/host/pam/ssh-notify-root-login.sh

There you can modify the following variables:

  • _LOGFILE
  • _EMAIL_ADDRESS
  • _SLACK_WEBHOOK_URL

Setting these variables to "" will disable the feature.

If you set a varaible to a valid value, e.g. a webhook-url of slack, you will get a slack-message on each login.

Reference in New Issue View Git Blame Copy Permalink