I was wondering if it is possible to set it up in such a way that on a failed SSH login centos will send me an email? And of course if the computer is not connected to the internet when the attempt occurs, then it should send me the email once there is an internet connection again rather than just attempting, failing, and then never alerting me to that login. The email should contain the date and time (day/month/year - hour:minute:second) of the failed login attempt, and also (though optionally - in other words, an answer which doesn't explain how to do this is acceptable as it may be a big ask) any action taken, so for instance if I have it setup to lock the person out for 30 minutes or something then it should alert me to the fact that it has taken that action. I am running CentOS 7, is something like this possible?
1
-
fail2ban can send mails as part of its actions…Ulrich Schwarz– Ulrich Schwarz2019-06-13 04:34:12 +00:00Commented Jun 13, 2019 at 4:34
Add a comment
|
2 Answers
There is a linux tool swatch that might help you. You configure it to monitor a log file, and take action when ever it see a certain pattern.
The failed login attempts will get logged onto the log file /var/log/secure,
The below command should work,
grep -i "not authenticated: bad password" /var/log/secure > $(date '+%Y-%m-%d').failed_login ; mailx -a *.failed_login -s "failed login attempt - Please check" [email protected]< /dev/null ; > *.failed_login
