Solved

Linux: Send email every time there is a failed login

Posted on 2013-11-21
6
503 Views
Last Modified: 2013-11-21
I would like an email in this format to be automatically sent everytime there is a failed loging attempt.
echo "Nov 15 11:54:02 root 21.21.21.21"| mail -s "Bad Login" email@example.com

Open in new window

0
Comment
Question by:hankknight
  • 3
  • 2
6 Comments
 
LVL 19

Expert Comment

by:bevhost
ID: 39667313
Check out the login failure daemon which is a part of
http://configserver.com/cp/csf.html
0
 
LVL 77

Expert Comment

by:arnold
ID: 39667444
Which syslog us in use on your system?  Changing to rsyslog would enable you to configure it when an event such as a failed login is received, it will send out an email.  

I would advise against using an email client such as mail, etc.  a simple shell script that directly injects the message into the nail server queue.
0
 
LVL 16

Author Comment

by:hankknight
ID: 39667467
How can I find out what syslog is in use?
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 77

Expert Comment

by:arnold
ID: 39667482
Which Linux is running?
ps -ef | grep syslog

ls -l /usr/sbin/syslogd
0
 
LVL 16

Author Comment

by:hankknight
ID: 39667632
I use CentOS.
[root@server]ps -ef | grep syslog
root      1050 15809  0 16:56 pts/4    00:00:00 grep syslog
root      2303     1  0 Nov15 ?        00:00:19 syslogd -m 0

[root@server]ls -l /usr/sbin/syslogd
ls: /usr/sbin/syslogd: No such file or directory

Open in new window

I understand your point about mail being a bad idea.  Is there a way to configure syslog to just write it to a log file?  "lastb" is unreliable.  It shows no new entries since Monday.
0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 39667683
You can use yum install rsyslog
Then removing syslog.
Before proceeding with the above, look at rsyslog configuration and options.

You may want to reconfigure/configure ssh /etc/ssh/sshd_config
Facility/level to help liit the processing on rsyslog's side such that it will evaluate only events of interest.

I usually configure sshd to log to a separate log facility and store the data in its own /var/log/sshd
(Make sure to add log rotation handling /etc/logrotate.d/


A simple shell script that uses /usr/sbin/sendmail to pipe a preformated message.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Choosing CentOS 16 82
Delete a folder on a linux computer on a regular basis 10 37
Red Hat 7 Linux on Azure cannot run a command as root 22 43
cannot rename datastore 3 48
Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question