Solved

Linux: Send email every time there is a failed login

Posted on 2013-11-21
6
499 Views
Last Modified: 2013-11-21
I would like an email in this format to be automatically sent everytime there is a failed loging attempt.
echo "Nov 15 11:54:02 root 21.21.21.21"| mail -s "Bad Login" email@example.com

Open in new window

0
Comment
Question by:hankknight
  • 3
  • 2
6 Comments
 
LVL 19

Expert Comment

by:bevhost
ID: 39667313
Check out the login failure daemon which is a part of
http://configserver.com/cp/csf.html
0
 
LVL 77

Expert Comment

by:arnold
ID: 39667444
Which syslog us in use on your system?  Changing to rsyslog would enable you to configure it when an event such as a failed login is received, it will send out an email.  

I would advise against using an email client such as mail, etc.  a simple shell script that directly injects the message into the nail server queue.
0
 
LVL 16

Author Comment

by:hankknight
ID: 39667467
How can I find out what syslog is in use?
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 77

Expert Comment

by:arnold
ID: 39667482
Which Linux is running?
ps -ef | grep syslog

ls -l /usr/sbin/syslogd
0
 
LVL 16

Author Comment

by:hankknight
ID: 39667632
I use CentOS.
[root@server]ps -ef | grep syslog
root      1050 15809  0 16:56 pts/4    00:00:00 grep syslog
root      2303     1  0 Nov15 ?        00:00:19 syslogd -m 0

[root@server]ls -l /usr/sbin/syslogd
ls: /usr/sbin/syslogd: No such file or directory

Open in new window

I understand your point about mail being a bad idea.  Is there a way to configure syslog to just write it to a log file?  "lastb" is unreliable.  It shows no new entries since Monday.
0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 39667683
You can use yum install rsyslog
Then removing syslog.
Before proceeding with the above, look at rsyslog configuration and options.

You may want to reconfigure/configure ssh /etc/ssh/sshd_config
Facility/level to help liit the processing on rsyslog's side such that it will evaluate only events of interest.

I usually configure sshd to log to a separate log facility and store the data in its own /var/log/sshd
(Make sure to add log rotation handling /etc/logrotate.d/


A simple shell script that uses /usr/sbin/sendmail to pipe a preformated message.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now