Design an Email Notification on User Login via SSH

30 minutes
  • 4 Learning Objectives

About this Hands-on Lab

The topic of this lab is notifications. The goal is to design a notification system that will send a notification by email every time a user logs in via SSH. This is a good way to notify us of malicious activity.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Install EPEL Repos, sendemail, python36, python36-devel
sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
sudo yum install python36 python36-devel
sudo yum install sendemail
Test Sending out an Email
sendemail -f [FROM_EMAIL] -u 'AUTH_NOTIFICATION' -t [TO_EMAIL] -s smtp.gmail.com:587 -o tls=yes -xu [USER_NAME] -xp [PASSWORD] -m "[YOUR MESSAGE]"
Write a Script to Send an Email with the Time Stamp and Username upon SSH Login
vim /home/cloud_user/onLogin.py
#!/bin/python3.6

import subprocess
from datetime import datetime
import time
import getpass

msg = "#########################nTIME: " + datetime.now().strftime('%Y-%m-%d %H:%M:%S') + "nUSER: " + getpass.getuser() + "nWAS AUTHENTICATEDn#########################n"

subprocess.check_output(['sendemail', '-f', '[FROM_EMAIL]', '-u', 'SCAN_NOTIFICATION', '-t', '[TO_EMAIL]', '-s', 'smtp.gmail.com:587', '-o', 'tls=yes', '-xu', '[USER_NAME]', '-xp', '[PASSWORD]', '-m', msg], stdin=None, stderr=None, shell=False, universal_newlines=False)
ESC
:wq
ENTER
chmod +x /home/cloud_user/onLogin.py
sudo cp /home/cloud_user/onLogin.py /bin/
Configure SSH to Make Use of the Script
sudo vim /etc/pam.d/sshd
session optional pam_exec.so seteuid /bin/onSSHLoginHook.py
ESC
:wq
ENTER

Additional Resources

Lab Conditions

  • sshd server is running
  • sendemail is not installed
  • EPEL repos are not enabled
  • Python3.6 is not installed nor is python3.6-devel

Additional Lab Requirments

  • Personal Gmail account
  • Enabled less secure app access
  • EPEL repo link: https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

Lab Overall Objectives

  • Install EPEL repos, sendemail, python36, python36-devel
  • Test sending out an email
  • Write a script to send an email with the time stamp and username of the user that logged in via ssh
  • Configure SSH to make use of your script

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Get Started
Who’s going to be learning?

How many seats do you need?

  • $499 USD per seat per year
  • Billed Annually
  • Renews in 12 months

Ready to accelerate learning?

For over 25 licenses, a member of our sales team will walk you through a custom tailored solution for your business.


$2,495.00

Checkout
Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!