From ac4f4c04058ec261da9f1e20faa8ae468d377c77 Mon Sep 17 00:00:00 2001
From: bms8197 <bogdan@898.ro>
Date: Fri, 18 Mar 2022 16:30:29 +0200
Subject: [PATCH] saving uncommitted changes in /etc prior to dnf run

---
 .etckeeper             |  1 +
 logrotate.d/ssh-logins | 10 ++++++++++
 resolv.conf            |  2 +-
 ssh/sshrc              |  5 +++++
 4 files changed, 17 insertions(+), 1 deletion(-)
 create mode 100644 logrotate.d/ssh-logins

diff --git a/.etckeeper b/.etckeeper
index a3b7a1b..838c8db 100755
--- a/.etckeeper
+++ b/.etckeeper
@@ -2650,6 +2650,7 @@ maybe chmod 0644 'logrotate.d/rkhunter'
 maybe chmod 0644 'logrotate.d/rspamd'
 maybe chmod 0644 'logrotate.d/sa-update'
 maybe chmod 0644 'logrotate.d/squid'
+maybe chmod 0640 'logrotate.d/ssh-logins'
 maybe chmod 0644 'logrotate.d/sssd'
 maybe chmod 0644 'logrotate.d/subscription-manager'
 maybe chmod 0644 'logrotate.d/syslog'
diff --git a/logrotate.d/ssh-logins b/logrotate.d/ssh-logins
new file mode 100644
index 0000000..6e99328
--- /dev/null
+++ b/logrotate.d/ssh-logins
@@ -0,0 +1,10 @@
+/var/log/ssh-logins.log {
+        weekly
+        missingok
+        rotate 4
+		dateext
+        compress
+        delaycompress
+        notifempty
+}
+
diff --git a/resolv.conf b/resolv.conf
index adc2b0d..1ea217a 100644
--- a/resolv.conf
+++ b/resolv.conf
@@ -1 +1 @@
-nameserver 192.168.1.2
+nameserver 192.168.1.1
diff --git a/ssh/sshrc b/ssh/sshrc
index 481c263..e896c44 100755
--- a/ssh/sshrc
+++ b/ssh/sshrc
@@ -2,11 +2,16 @@
 
 export PATH="/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin:$PATH"
 
+DATE="$(date)"
 HOSTNAME="$(hostname)"
+USERIP="$(echo "$SSH_CONNECTION" | cut -d " " -f 1)"
+RDNS="$(dig -x "$USERIP" +short)"
 
 if [[ "$USER" == "laser" ]]
 then
 	curl -s -X POST -H "content-type: application/json" -d '{"routing_key":"1969ec3d30b74608d0135d6321275bb7","event_action":"trigger","payload":{"summary":"User '"$USER"' has logged in via SSH!!","source":"/etc/ssh/sshrc","severity":"critical","component":"exploratory-stats","group":"prod-d  atapipe","class":"deploy"}}' https://events.pagerduty.com/v2/enqueue
+	#echo "User $USER logged in via SSH using ip address: $USERIP (dns: $RDNS) at $DATE" >> /var/log/ssh-logins.log
 else
+	#echo "User $USER logged in via SSH using ip address: $USERIP (dns: $RDNS) at $DATE" >> /var/log/ssh-logins.log
 	exit 0
 fi