Date: Tue, 12 Feb 2013 16:41:40 +0200 From: "Zyumbilev, Peter" <peter@aboutsupport.com> To: Robert Huff <roberthuff@rcn.com> Cc: Polytropon <freebsd@edvax.de>, Matthias Petermann <matthias@d2ux.org>, freebsd-questions@freebsd.org Subject: Re: How to achieve E-Mail Notification on root login? Message-ID: <511A54A4.2090100@aboutsupport.com> In-Reply-To: <20762.21059.118777.31186@jerusalem.litteratus.org> References: <20130212132452.Horde.EO28CfwdHQDobBCC5akbvA7@d2ux.org> <20130212144618.82ed5353.freebsd@edvax.de> <20762.21059.118777.31186@jerusalem.litteratus.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Allow "sudo bash" only. Modify .bashrc to mail last entry from the log http://tldp.org/LDP/abs/html/sample-bashrc.html So you will get alert instantly :-) Peter On 12/02/2013 16:31, Robert Huff wrote: > > Polytropon writes: > >> > given there is a FreeBSD system with users in the wheel group, >> > what is the best practise to send out a notification >> > via E-Mail if one of them becomes root via su? In an ideal >> > case the E-Mail would contain the user name and the time. >> >> I'm not sure if there already is a solution (provided in the >> base system) that offers this functionality, but the fact of >> a user having used "su" to "su root" is logged by the system. >> The line is appended to /var/log/messages: >> >> Feb 12 14:40:57 r56 su: poly to root on /dev/pts/2 >> >> The information you want is in there, and you could either use >> the whole line, or apply some sed, awk or even perl to form a >> message with less information (only date and user). >> >> A scripted solution could monitor /var/log/messages for changes >> and use the system's builtin mailer to deliver the message. Tools >> like "tail -f", "grep" and "| mail" could be involved. It should >> be quite trivial to implement this and add a custom rc.d-style >> script (or even few lines in ye olde /etc/rc.local). > > Take a look at the "-p" option of "split". > The bigger question is how quickly do you need to know - > instantly? once an hour? once a day? > > > Robert Huff > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?511A54A4.2090100>