bogdan/zira-etc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
1286f18d7dca77a331b367c8a7b3defd2209cd81
zira-etc/ssh/sshrc
bms8197 1286f18d7d committing changes in /etc made by "-bash" 
Package changes:
2023-05-14 11:40:59 +03:00

30 lines
952 B
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
export PATH="/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/bin:$PATH"
SSH_LOG_FILE="/var/log/ssh-logins.log"
DATE="$(date)"
HOSTNAME="$(hostname)"
USERIP="$(echo "$SSH_CONNECTION" | cut -d " " -f 1)"
#RDNS="$(dig -x "$USERIP" +short)"
PAGERDUTY_URL="https://events.pagerduty.com/v2/enqueue"
log_ssh_login() {
echo "$DATE - User $USER logged in via SSH using ip address of $USERIP" >> "$SSH_LOG_FILE"
}
pagerduty() {
/usr/bin/curl -s -X POST -H "content-type: application/json" -d '{"routing_key":"1969ec3d30b74608d0135d6321275bb7","event_action":"trigger","payload":{"summary":"User '"$USER"' has logged in via SSH!!","source":"/etc/ssh/sshrc","severity":"critical","component":"exploratory-stats","group":"prod-datapipe","class":"deploy"}}' "$PAGERDUTY_URL" >/dev/null 2>&1
}
if [[ "$USER" == "laser" || "$USER" == "madalin" || "$USER" == "smiti" ]]
then
#pagerduty
log_ssh_login
else
log_ssh_login
exit 0
fi
Reference in New Issue View Git Blame Copy Permalink