LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

Get Notified via Email Whenever Someone Logs In To Your VPS

Email AlertIn this tutorial we’ll show you how to configure your VPS so that every time someone logs in, you receive an email alerting you to this fact. This is kind of a “lowend intrusion detection system” though it may have other uses. For example, if you need to audit what staff are doing or if you’ve got third parties accessing your system.

Configuring Email

We don’t need to be able to receive mail, but we do need to be able to send it. For this purpose, we will use postfix.

apt-get install postfix

This will ask you various configuration questions.  Set your server up as an Internet site and specify the fully-qualified domain name:

Postfix Postfix

We will also need mailx:

apt-get install mailutils

Make sure that reverse DNS is set for your VPS. You can do this in your provider’s panel. This will help ensure that email from your VPS does not go to spam.

If you are not using ipv6, be sure to disable it in Postfix:

postconf "inet_protocols = ipv4"
systemctl restart postfix

Now you should be able to send a test email to ensure mail is working:

echo "test email from $(hostname)" | mailx -s "$(hostname) email works" raindog308@raindog308.com

Check your email:

Login Mail

Configuring Alerts

We’re going to use Linux’s Pluggable Authentication Modules system to notify us when someone logs in. First, we need to create a script for this purpose. Place the following in /usr/local/bin/login_notification.sh

#!/bin/sh

FROM="root@$(hostname)"
TO="you@somewhere.com"
if [ "$PAM_TYPE" != "close_session" ]; then
  SUBJECT="SSH Login: $PAM_USER from $PAM_RHOST on $(hostname)"
  # You can put anything you want for the body of the email.
  # Here I'll send the environment.
  env | /usr/bin/mailx -r "$FROM" -s "$SUBJECT" "$TO"
fi

Make the file executable

chmod 755 /usr/local/bin/login_notification.sh

Make sure that the following line exists in /etc/ssh/sshd_config and is not commented out.

UsePAM yes

Now place the following line in /etc/pam.d/sshd:

session optional pam_exec.so seteuid /usr/local/bin/login_notification.sh

Now login, and you should receive an email:

Login Mail

raindog308

No Comments

    Leave a Reply

    Some notes on commenting on LowEndBox:

    • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
    • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
    • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

    Your email address will not be published. Required fields are marked *