OSX, security apple script that detects, logs, and emails all remote login instances

prophyt
prophyt used Ask the Experts™
on
I need some help writing a short script that detects, logs, and emails all remote login instances; showing who remotely logs in, IP address if possible, and what files or applications were accessed. This log file will then be emailed to me.  There could be two emails. One when they first log in (showing who login and the time they login); a second email would be generated when they log out (showing files and applications that were accessed). Apple script or some shell script would be best... something real simple, if possible. No off-the-shelf logger appz.   I am fairly new to Unix/Mac
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
some questions:
  1) the script should run on the server where to check?
  2) the serveis OSX?
  3) to monitor "what files or applications were accessed" you have enabled some kind of monitor software, which one?

Author

Commented:
Hello,
The script should be on the same computer.  The computer runs OSX.  I'm not using any software.
> .. emails all remote login instances; showing who remotely logs in, IP address ... login ... log out
    grep ssh /var/log/secure.log | mail -s "remote login" you@some.tld

> .. what files or applications were accessed
for that you need to enable accounting, I'm not sure if this can be done in the GUI (System Control) for each user, in a shell you (as root) usualy do like:

   touch var/account/acct
   /System/Library/StartupItems/Accounting/Accounting start

then (as root) you can use:

   lastcomm user-to-be-shown

Example to check user foo

  lastcomm foo|mail -s "access foo" you@some.tld

Author

Commented:
ahoffmann sorry for the delay....

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial