Linux安全 Root SSH登录通知脚本

2012年4月16日 admin

Linux安全, Root SSH登录通知脚本

建立

vi /root/.bashexec

1	vi /root/.bashexec

内容

#!/bin/bash
tmpout=tmpout.txt
stringz="$(tail -n 1 /var/log/secure | grep root | grep opened | sed 's/.*by\(.*\)(.*/\1/' | awk '{print $1""$2}')"
echo -e "The local root account has been accessed by user $stringz" > $tmpout
echo -e "\nThe system last updated on: $(sed -n '/Updated:/h;${;g;p;}' < /var/log/yum.log | cut -dU -f1)" >> $tmpout
echo -e "\nThe last five users to access the system (including active):" >> $tmpout
echo -e "$(last -n 5 | sed '/^wtmp/d')" >> $tmpout
echo -e "\nUptime Report: $(uptime)" >> $tmpout
/bin/mail -s "$(hostname) root account accesssed by $stringz" admin@135100.net < $tmpout
rm -f $tmpout

#!/bin/bash

tmpout=tmpout.txt

stringz="$(tail -n 1 /var/log/secure | grep root | grep opened | sed 's/.*by$.*$(.*/\1/' | awk '{print $1""$2}')"

echo -e "The local root account has been accessed by user $stringz" > $tmpout

echo -e "\nThe system last updated on: $(sed -n '/Updated:/h;${;g;p;}' < /var/log/yum.log | cut -dU -f1)" >> $tmpout

echo -e "\nThe last five users to access the system (including active):" >> $tmpout

echo -e "$(last -n 5 | sed '/^wtmp/d')" >> $tmpout

echo -e "\nUptime Report: $(uptime)" >> $tmpout

/bin/mail -s "$(hostname) root account accesssed by $stringz" admin@135100.net < $tmpout

rm -f $tmpout

注意windows下保存的时候为unix文本格式
执行文件

vi /root/.bashrc

1	vi /root/.bashrc

添加执行

sh /root/.bashexec

1	sh /root/.bashexec

就是登录的时候调用脚本发送通知email
如果收到email 你没登录那么就需要检查服务器安全了

声明: 本文采用 BY-NC-SA 协议进行授权. 转载请注明转自: Linux安全 Root SSH登录通知脚本

CentOS 6.0 安装 OpenVZ 教程 (v1版本) (亲测)搭建自用VPS服务器基于CentOS 5.6 32Bit+OpenVZ+Vtonf(汉化包)

本文的评论功能被关闭了.