I am using the below command in my .bash_profile to get email alerts on ssh user logins
I get the email alerts, the only problem is format of whois
command output - its wrapped.
Output of whois
in command line is neat. Even after using sed -r G
it doesn't work.
echo -e 'ALERT - Shell Access on:' `date` `who` '\n\n' `whois $(who | cut -d'(' -f2 | cut -d')' -f1)` | sed -r G | mail -s "Alert: SSH Access from `who | cut -d'(' -f2 | cut -d')' -f1`" user@example.com
SOLUTION:
Paste the following in .bash_profile in the user/root directory to get email alerts
# Send email on user login - manually added
SSHLOGINIP=`who | cut -d'(' -f2 | cut -d')' -f1 | tail -n 1`
echo -e "ALERT - Shell Access on: `date` \n\n Active Sessions:\n `who` \n\n `whois $SSHLOGINIP`" | sed -r G | mail -s "Alert: SSH Access from $SSHLOGINIP" user@example.com
unset SSHLOGINIP
For whois
to work on RHEL based systems like CentOS you would need to install jwhois
You need to double-quote the echo statement in its entirety:
echo -e "ALERT - Shell Access on:' `date` `who` '\n\n' `whois $(who | cut -d'(' -f2 | cut -d')' -f1)`"
That will prevent wrapping of the whois
output before it is passed to sed -- preserving all the linebreaks. The remainder of your mailx line should be fine. One other thought. Why not just write all of the output to a tmp file following | sed -r G > tmpfile. Then just add the tmpfile as an attachment to mailx?
mail -s "Alert: SSH Access from `who | cut -d'(' -f2 | cut -d')' -f1`" -a tmpfile user@example.com
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.