From owner-freebsd-questions@FreeBSD.ORG Tue Feb 12 14:31:33 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 6F919532 for ; Tue, 12 Feb 2013 14:31:33 +0000 (UTC) (envelope-from roberthuff@rcn.com) Received: from smtp02.lnh.mail.rcn.net (smtp02.lnh.mail.rcn.net [207.172.157.102]) by mx1.freebsd.org (Postfix) with ESMTP id 2B98A7FF for ; Tue, 12 Feb 2013 14:31:32 +0000 (UTC) Received: from mr16.lnh.mail.rcn.net ([207.172.157.36]) by smtp02.lnh.mail.rcn.net with ESMTP; 12 Feb 2013 09:31:31 -0500 Received: from smtp01.lnh.mail.rcn.net (smtp01.lnh.mail.rcn.net [207.172.4.11]) by mr16.lnh.mail.rcn.net (MOS 4.3.4-GA) with ESMTP id CFW16525; Tue, 12 Feb 2013 09:31:31 -0500 Received-SPF: None identity=pra; client-ip=209.6.84.183; receiver=smtp01.lnh.mail.rcn.net; envelope-from="roberthuff@rcn.com"; x-sender="roberthuff@rcn.com"; x-conformance=sidf_compatible Received-SPF: Neutral identity=mailfrom; client-ip=209.6.84.183; receiver=smtp01.lnh.mail.rcn.net; envelope-from="roberthuff@rcn.com"; x-sender="roberthuff@rcn.com"; x-conformance=sidf_compatible; x-record-type="v=spf1" Received-SPF: None identity=helo; client-ip=209.6.84.183; receiver=smtp01.lnh.mail.rcn.net; envelope-from="roberthuff@rcn.com"; x-sender="postmaster@jerusalem.litteratus.org.litteratus.org"; x-conformance=sidf_compatible Received: from 209-6-84-183.c3-0.smr-ubr2.sbo-smr.ma.cable.rcn.com (HELO jerusalem.litteratus.org.litteratus.org) ([209.6.84.183]) by smtp01.lnh.mail.rcn.net with ESMTP; 12 Feb 2013 09:31:31 -0500 From: Robert Huff MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <20762.21059.118777.31186@jerusalem.litteratus.org> Date: Tue, 12 Feb 2013 09:31:31 -0500 To: Polytropon Subject: Re: How to achieve E-Mail Notification on root login? In-Reply-To: <20130212144618.82ed5353.freebsd@edvax.de> References: <20130212132452.Horde.EO28CfwdHQDobBCC5akbvA7@d2ux.org> <20130212144618.82ed5353.freebsd@edvax.de> X-Mailer: VM 7.17 under 21.4 (patch 22) "Instant Classic" XEmacs Lucid X-Junkmail-Whitelist: YES (by domain whitelist at mr16.lnh.mail.rcn.net) Cc: Matthias Petermann , freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Feb 2013 14:31:33 -0000 Polytropon writes: > > given there is a FreeBSD system with users in the wheel group, > > what is the best practise to send out a notification > > via E-Mail if one of them becomes root via su? In an ideal > > case the E-Mail would contain the user name and the time. > > I'm not sure if there already is a solution (provided in the > base system) that offers this functionality, but the fact of > a user having used "su" to "su root" is logged by the system. > The line is appended to /var/log/messages: > > Feb 12 14:40:57 r56 su: poly to root on /dev/pts/2 > > The information you want is in there, and you could either use > the whole line, or apply some sed, awk or even perl to form a > message with less information (only date and user). > > A scripted solution could monitor /var/log/messages for changes > and use the system's builtin mailer to deliver the message. Tools > like "tail -f", "grep" and "| mail" could be involved. It should > be quite trivial to implement this and add a custom rc.d-style > script (or even few lines in ye olde /etc/rc.local). Take a look at the "-p" option of "split". The bigger question is how quickly do you need to know - instantly? once an hour? once a day? Robert Huff