Email whois details on user login using mailx - whois output format not working using sed

Question

I am using the below command in my .bash_profile to get email alerts on ssh user logins

I get the email alerts, the only problem is format of whois command output - its wrapped.

Output of whois in command line is neat. Even after using sed -r G it doesn't work.

echo -e 'ALERT - Shell Access on:' `date` `who` '\n\n' `whois $(who | cut -d'(' -f2 | cut -d')' -f1)` | sed -r G | mail -s "Alert: SSH Access from `who | cut -d'(' -f2 | cut -d')' -f1`" user@example.com

SOLUTION:

Paste the following in .bash_profile in the user/root directory to get email alerts

# Send email on user login - manually added
SSHLOGINIP=`who | cut -d'(' -f2 | cut -d')' -f1 | tail -n 1`
echo -e "ALERT - Shell Access on: `date` \n\n Active Sessions:\n `who` \n\n `whois $SSHLOGINIP`" | sed -r G | mail -s "Alert: SSH Access from $SSHLOGINIP" user@example.com
unset SSHLOGINIP

For whois to work on RHEL based systems like CentOS you would need to install jwhois

Answer 1

You need to double-quote the echo statement in its entirety:

echo -e "ALERT - Shell Access on:' `date` `who` '\n\n' `whois $(who | cut -d'(' -f2 | cut -d')' -f1)`"

That will prevent wrapping of the whois output before it is passed to sed -- preserving all the linebreaks. The remainder of your mailx line should be fine. One other thought. Why not just write all of the output to a tmp file following | sed -r G > tmpfile. Then just add the tmpfile as an attachment to mailx?

mail -s "Alert: SSH Access from `who | cut -d'(' -f2 | cut -d')' -f1`" -a tmpfile user@example.com