Use mail monitoring ssh to log on to the User shell script

Wget http://caspian.dotconf.net/menu/Software/SendEmail/sendEmail-v1.56.tar.gz

Tar xvf sendEmail-v1.56.tar.gz
Music sendEmail-v1.56 sendEmail

Vi/etc/ssh/sshrc
#! /Bin/sh
User = $ USER
Ip =$ {SSH_CLIENT % *}
If ["$ user "! = "Root"] | ["$ ip "! = "192.168.2.88"]
Then

/Home/shell/sendEmail-f XXX @ XXX-t XXX @ XXX-s smtp. XXX-u "view who logged on ### 192.168.2.4 ###"-xu USER-xp PASSWD-m "### time: 'date + % Y-% m-% d '###. ### user: $ USER @ 'hostname '###. ### ClientIP: $ {SSH_CLIENT % *}###"
Fi

Chmod + x/etc/ssh/sshrc

####################

$ USER: Get the username used for system login through ssh

$ {SSH_CLIENT % *} obtains the IP address of the username used to log on to the system through ssh.

If ["$ user "! = "Root"] | ["$ ip "! = "192.168.2.88"] use or to determine the source and whether to send an alarm by email

######################################## ###

Test:

1. Use root and IP address 192.168.2.88 to check whether an alarm is sent by email.

The test result is: no email alert is reported.

2. Use root and IP address 192.168.2.87 to check whether an alarm is triggered.

The test result is: email sending alarm

View Email:

This script is very useful for ssh security monitoring. You can always know the situation when the system logs in illegally, so as to protect server security in a timely manner.

Address: http://youzao.blog.51cto.com/3946111/740707