Solved

Linux: Send email every time there is a failed login

Posted on 2013-11-21
6
514 Views
Last Modified: 2013-11-21
I would like an email in this format to be automatically sent everytime there is a failed loging attempt.
echo "Nov 15 11:54:02 root 21.21.21.21"| mail -s "Bad Login" email@example.com

Open in new window

0
Comment
Question by:hankknight
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 19

Expert Comment

by:bevhost
ID: 39667313
Check out the login failure daemon which is a part of
http://configserver.com/cp/csf.html
0
 
LVL 78

Expert Comment

by:arnold
ID: 39667444
Which syslog us in use on your system?  Changing to rsyslog would enable you to configure it when an event such as a failed login is received, it will send out an email.  

I would advise against using an email client such as mail, etc.  a simple shell script that directly injects the message into the nail server queue.
0
 
LVL 16

Author Comment

by:hankknight
ID: 39667467
How can I find out what syslog is in use?
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 78

Expert Comment

by:arnold
ID: 39667482
Which Linux is running?
ps -ef | grep syslog

ls -l /usr/sbin/syslogd
0
 
LVL 16

Author Comment

by:hankknight
ID: 39667632
I use CentOS.
[root@server]ps -ef | grep syslog
root      1050 15809  0 16:56 pts/4    00:00:00 grep syslog
root      2303     1  0 Nov15 ?        00:00:19 syslogd -m 0

[root@server]ls -l /usr/sbin/syslogd
ls: /usr/sbin/syslogd: No such file or directory

Open in new window

I understand your point about mail being a bad idea.  Is there a way to configure syslog to just write it to a log file?  "lastb" is unreliable.  It shows no new entries since Monday.
0
 
LVL 78

Accepted Solution

by:
arnold earned 500 total points
ID: 39667683
You can use yum install rsyslog
Then removing syslog.
Before proceeding with the above, look at rsyslog configuration and options.

You may want to reconfigure/configure ssh /etc/ssh/sshd_config
Facility/level to help liit the processing on rsyslog's side such that it will evaluate only events of interest.

I usually configure sshd to log to a separate log facility and store the data in its own /var/log/sshd
(Make sure to add log rotation handling /etc/logrotate.d/


A simple shell script that uses /usr/sbin/sendmail to pipe a preformated message.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Apache LDAP Authentication 20 71
LINUX Field Separators 7 78
SSSD - Automatic kerberos ticket initialization 1 39
How many users could squid support? 21 57
I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question