Solved

Linux: Send email every time there is a failed login

Posted on 2013-11-21
6
511 Views
Last Modified: 2013-11-21
I would like an email in this format to be automatically sent everytime there is a failed loging attempt.
echo "Nov 15 11:54:02 root 21.21.21.21"| mail -s "Bad Login" email@example.com

Open in new window

0
Comment
Question by:hankknight
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 19

Expert Comment

by:bevhost
ID: 39667313
Check out the login failure daemon which is a part of
http://configserver.com/cp/csf.html
0
 
LVL 78

Expert Comment

by:arnold
ID: 39667444
Which syslog us in use on your system?  Changing to rsyslog would enable you to configure it when an event such as a failed login is received, it will send out an email.  

I would advise against using an email client such as mail, etc.  a simple shell script that directly injects the message into the nail server queue.
0
 
LVL 16

Author Comment

by:hankknight
ID: 39667467
How can I find out what syslog is in use?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 78

Expert Comment

by:arnold
ID: 39667482
Which Linux is running?
ps -ef | grep syslog

ls -l /usr/sbin/syslogd
0
 
LVL 16

Author Comment

by:hankknight
ID: 39667632
I use CentOS.
[root@server]ps -ef | grep syslog
root      1050 15809  0 16:56 pts/4    00:00:00 grep syslog
root      2303     1  0 Nov15 ?        00:00:19 syslogd -m 0

[root@server]ls -l /usr/sbin/syslogd
ls: /usr/sbin/syslogd: No such file or directory

Open in new window

I understand your point about mail being a bad idea.  Is there a way to configure syslog to just write it to a log file?  "lastb" is unreliable.  It shows no new entries since Monday.
0
 
LVL 78

Accepted Solution

by:
arnold earned 500 total points
ID: 39667683
You can use yum install rsyslog
Then removing syslog.
Before proceeding with the above, look at rsyslog configuration and options.

You may want to reconfigure/configure ssh /etc/ssh/sshd_config
Facility/level to help liit the processing on rsyslog's side such that it will evaluate only events of interest.

I usually configure sshd to log to a separate log facility and store the data in its own /var/log/sshd
(Make sure to add log rotation handling /etc/logrotate.d/


A simple shell script that uses /usr/sbin/sendmail to pipe a preformated message.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VMware Tools Install On Linux Problem 3 102
PHP website on Linux - server DNS address could not be found. 18 83
Migrating a Linux server to VMware 3 109
Linux MD5 Hash 7 62
Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question