#CENTOS: yum -y install mailx
#UBUNTU: apt-get install mailutils
#Sending Test Email
echo "Message Body" | mail -s "Message Subject" xxx@gmail.com
mkdir -p /opt/script/
cd /opt/script/
echo "">/opt/script/ssh-alert-via-email.sh
nano /opt/script/ssh-alert-via-email.sh
#UBUNTU:
echo "##################################" >>/root/.bashrc
echo "/opt/script/ssh-alert-via-email.sh" >>/root/.bashrc
#CENTOS:
echo "##################################" >>/root/.bash_profile
echo "/opt/script/ssh-alert-via-email.sh" >>/root/.bash_profile
#END
###################################
#/opt/script/ssh-alert-via-email.sh
#13:55 08/09/2015###################################
NOW="$(date +'%Y.%m.%d-%H.%M.%S.%6N')"
IP="$(echo $SSH_CONNECTION | cut -d " " -f 1)"
HOSTNAME=$(hostname)
USER_NAME=$(whoami)
#NOTE: CURRENT SERVER SSH PORT
SSH_PORT=65113
echo -e "################################" > /var/log/mail.log
echo -e "THOI GIAN BAT DAU GUI EMAIL | "$NOW >>/var/log/mail.log
echo -e "################################" >> /var/log/mail.log
echo -e "SSH REMOTE LOGIN NOTIFICATION: " > /tmp/ps-ssh-$NOW.log
echo -e "DATE......:"$NOW >>/tmp/ps-ssh-$NOW.log
echo -e "IP........:"$IP >>/tmp/ps-ssh-$NOW.log
echo -e "HOSTNAME..:"$HOSTNAME >>/tmp/ps-ssh-$NOW.log
echo -e "USERNAME..:"$USER_NAME >>/tmp/ps-ssh-$NOW.log
echo -e "#####################" >>/tmp/ps-ssh-$NOW.log
w >>/tmp/ps-ssh-$NOW.log
echo -e "#####################" >>/tmp/ps-ssh-$NOW.log
ps aux | egrep "USER|sshd" >>/tmp/ps-ssh-$NOW.log
echo -e "#####################" >>/tmp/ps-ssh-$NOW.log
netstat -n | egrep "Send-Q|$SSH_PORT" >>/tmp/ps-ssh-$NOW.log
echo -e "#####################" >>/tmp/ps-ssh-$NOW.log
echo -e "ps aux | egrep \"USER|sshd\" | awk '{print \$2}' | xargs kill -9" >>/tmp/ps-ssh-$NOW.log
mail -s "SSH WARNING [$HOSTNAME|$IP|$NOW]" a@mail.com b@mail.com </tmp/ps-ssh-$NOW.log
cat /tmp/ps-ssh-$NOW.log
echo "__________________________________________________________________________"
sleep 5
cat /var/log/mail.log
No comments:
Post a Comment