From owner-freebsd-questions@FreeBSD.ORG Tue Feb 12 13:46:23 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id E8E2F975 for ; Tue, 12 Feb 2013 13:46:23 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx02.qsc.de (mx02.qsc.de [213.148.130.14]) by mx1.freebsd.org (Postfix) with ESMTP id B2C1E320 for ; Tue, 12 Feb 2013 13:46:23 +0000 (UTC) Received: from r56.edvax.de (port-92-195-74-250.dynamic.qsc.de [92.195.74.250]) by mx02.qsc.de (Postfix) with ESMTP id E22ED279E7; Tue, 12 Feb 2013 14:46:15 +0100 (CET) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id r1CDkILC002150; Tue, 12 Feb 2013 14:46:18 +0100 (CET) (envelope-from freebsd@edvax.de) Date: Tue, 12 Feb 2013 14:46:18 +0100 From: Polytropon To: Matthias Petermann Subject: Re: How to achieve E-Mail Notification on root login? Message-Id: <20130212144618.82ed5353.freebsd@edvax.de> In-Reply-To: <20130212132452.Horde.EO28CfwdHQDobBCC5akbvA7@d2ux.org> References: <20130212132452.Horde.EO28CfwdHQDobBCC5akbvA7@d2ux.org> Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Polytropon List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Feb 2013 13:46:24 -0000 On Tue, 12 Feb 2013 13:24:52 +0100, Matthias Petermann wrote: > > Hello, > > given there is a FreeBSD system with users in the wheel group, what is > the best practise > to send out a notification via E-Mail if one of them becomes root via > su? In an ideal > case the E-Mail would contain the user name and the time. > > I thought about using sudo but this is not in the base system which I > would prefer. I'm not sure if there already is a solution (provided in the base system) that offers this functionality, but the fact of a user having used "su" to "su root" is logged by the system. The line is appended to /var/log/messages: Feb 12 14:40:57 r56 su: poly to root on /dev/pts/2 The information you want is in there, and you could either use the whole line, or apply some sed, awk or even perl to form a message with less information (only date and user). A scripted solution could monitor /var/log/messages for changes and use the system's builtin mailer to deliver the message. Tools like "tail -f", "grep" and "| mail" could be involved. It should be quite trivial to implement this and add a custom rc.d-style script (or even few lines in ye olde /etc/rc.local). -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...