Link to home
Start Free TrialLog in
Avatar of hankknight
hankknightFlag for Canada

asked on

Linux: Send email every time there is a failed login

I would like an email in this format to be automatically sent everytime there is a failed loging attempt. 
echo "Nov 15 11:54:02 root 21.21.21.21"| mail -s "Bad Login" email@example.com

Open in new window

Avatar of David Beveridge
David Beveridge
Flag of Australia image
Check out the login failure daemon which is a part of
http://configserver.com/cp/csf.html
Avatar of arnold
arnold
Flag of United States of America image
Which syslog us in use on your system?  Changing to rsyslog would enable you to configure it when an event such as a failed login is received, it will send out an email.  

I would advise against using an email client such as mail, etc.  a simple shell script that directly injects the message into the nail server queue.
Avatar of hankknight
hankknight
Flag of Canada image

ASKER

How can I find out what syslog is in use?
Avatar of arnold
arnold
Flag of United States of America image
Which Linux is running?
ps -ef | grep syslog

ls -l /usr/sbin/syslogd
Avatar of hankknight
hankknight
Flag of Canada image

ASKER

I use CentOS. 
[root@server]ps -ef | grep syslog
root      1050 15809  0 16:56 pts/4    00:00:00 grep syslog
root      2303     1  0 Nov15 ?        00:00:19 syslogd -m 0

[root@server]ls -l /usr/sbin/syslogd
ls: /usr/sbin/syslogd: No such file or directory

Open in new window

I understand your point about mail being a bad idea.  Is there a way to configure syslog to just write it to a log file?  "lastb" is unreliable.  It shows no new entries since Monday.
ASKER CERTIFIED SOLUTION
Avatar of arnold
arnold
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial