[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 534
  • Last Modified:

Linux: Send email every time there is a failed login

I would like an email in this format to be automatically sent everytime there is a failed loging attempt.
echo "Nov 15 11:54:02 root 21.21.21.21"| mail -s "Bad Login" email@example.com

Open in new window

0
hankknight
Asked:
hankknight
  • 3
  • 2
1 Solution
 
bevhostCommented:
Check out the login failure daemon which is a part of
http://configserver.com/cp/csf.html
0
 
arnoldCommented:
Which syslog us in use on your system?  Changing to rsyslog would enable you to configure it when an event such as a failed login is received, it will send out an email.  

I would advise against using an email client such as mail, etc.  a simple shell script that directly injects the message into the nail server queue.
0
 
hankknightAuthor Commented:
How can I find out what syslog is in use?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
arnoldCommented:
Which Linux is running?
ps -ef | grep syslog

ls -l /usr/sbin/syslogd
0
 
hankknightAuthor Commented:
I use CentOS.
[root@server]ps -ef | grep syslog
root      1050 15809  0 16:56 pts/4    00:00:00 grep syslog
root      2303     1  0 Nov15 ?        00:00:19 syslogd -m 0

[root@server]ls -l /usr/sbin/syslogd
ls: /usr/sbin/syslogd: No such file or directory

Open in new window

I understand your point about mail being a bad idea.  Is there a way to configure syslog to just write it to a log file?  "lastb" is unreliable.  It shows no new entries since Monday.
0
 
arnoldCommented:
You can use yum install rsyslog
Then removing syslog.
Before proceeding with the above, look at rsyslog configuration and options.

You may want to reconfigure/configure ssh /etc/ssh/sshd_config
Facility/level to help liit the processing on rsyslog's side such that it will evaluate only events of interest.

I usually configure sshd to log to a separate log facility and store the data in its own /var/log/sshd
(Make sure to add log rotation handling /etc/logrotate.d/


A simple shell script that uses /usr/sbin/sendmail to pipe a preformated message.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now