Date: Tue, 12 Feb 2013 14:46:18 +0100 From: Polytropon <freebsd@edvax.de> To: Matthias Petermann <matthias@d2ux.org> Cc: freebsd-questions@freebsd.org Subject: Re: How to achieve E-Mail Notification on root login? Message-ID: <20130212144618.82ed5353.freebsd@edvax.de> In-Reply-To: <20130212132452.Horde.EO28CfwdHQDobBCC5akbvA7@d2ux.org> References: <20130212132452.Horde.EO28CfwdHQDobBCC5akbvA7@d2ux.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 12 Feb 2013 13:24:52 +0100, Matthias Petermann wrote: > > Hello, > > given there is a FreeBSD system with users in the wheel group, what is > the best practise > to send out a notification via E-Mail if one of them becomes root via > su? In an ideal > case the E-Mail would contain the user name and the time. > > I thought about using sudo but this is not in the base system which I > would prefer. I'm not sure if there already is a solution (provided in the base system) that offers this functionality, but the fact of a user having used "su" to "su root" is logged by the system. The line is appended to /var/log/messages: Feb 12 14:40:57 r56 su: poly to root on /dev/pts/2 The information you want is in there, and you could either use the whole line, or apply some sed, awk or even perl to form a message with less information (only date and user). A scripted solution could monitor /var/log/messages for changes and use the system's builtin mailer to deliver the message. Tools like "tail -f", "grep" and "| mail" could be involved. It should be quite trivial to implement this and add a custom rc.d-style script (or even few lines in ye olde /etc/rc.local). -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130212144618.82ed5353.freebsd>