Monitorer son serveur
Sources
Logiciels
Modifier le texte d'acceuil au login shell
vim /etc/motd
Envoi de mail sur connexion utilisateur (root et autres si besoin)
Ajouter la ligne suivante dans le fichier
~/.bash_profile de l'utilisateur :
echo "`whoami` login on `date` : `who`" | mail -s "[Login] `hostname` - `whoami` access from `who | awk '{print $5}'`" external-mail@domain.tld
NB : le destinataire du mail doit d'après ce que j'ai lu être externe (non testé en interne)
Variante : demande de renseignement (raison de la connexion) au prompt
echo "Veuillez SVP saisir la raison de la connexion (une ligne): "
read reason
echo -e "`whoami` login on `date`\n\nReason given on prompt :\n$reason\n\nActive connexions :\n`who`\n\n" | mail -s "[Login] `hostname` - `whoami` access from `who | awk '{print $5}'`" external-mail@domain.tld
Recevoir l'historique des commandes utilisées à la déconnexion
Ajouter dans le
~/.bash_logout
history | uuencode commandlog.txt | mail -s “Alert: Root Access command log” your@email.com && clear
NB : à condition que l'utilisateur n'ait pas fait de clear lui-même avant !
NB : possibles problèmes de formatage à la lecture en fonction des clients email.
Personnellement je préfère l'utilisation de la commande
script qui permet de sauvegarder l'intégralité des commandes de la session courante :
script -f ~/mylogs/session_$(date +"mHS").log
Création d'un 'screen' automatiquement sur login distant
Manuellement
Insérer la ligne suivante à la fin du
.bash_profile :
@todo
Automatiquement
Copie de http://taint.org/wk/RemoteLoginAutoScreen (ci-dessous)
If you routinely log into one or more remote systems using SSH, and have a flaky internet connection or an incompetent ISP, you probably already know about screen's ability to detach and reattach sessions.
However, you still have to manually type screen -r to resume a detached session, each time -- and sometimes you'll forget, start working in an SSH session, get logged out, and lose your state.
Here's the next step -- automatic screen-sessions for any remote logins.
Bonus features in the
screenrc :
- color terminal-window support
- logging of the entire session, to a datestamped logfile under $HOME/lib/screen-logs
Add these lines at the top of ~/.bashrc on the target host:
# Auto-screen invocation. see: http://taint.org/wk/RemoteLoginAutoScreen
# if we're coming from a remote SSH connection, in an interactive session
# then automatically put us into a screen(1) session. Only try once
# -- if $STARTED_SCREEN is set, don't try it again, to avoid looping
# if screen fails for some reason.
if [ "$PS1" != "" -a "${STARTED_SCREEN:-x}" = x -a "${SSH_TTY:-x}" != x ]
then
STARTED_SCREEN=1 ; export STARTED_SCREEN
[ -d $HOME/lib/screen-logs ] || mkdir -p $HOME/lib/screen-logs
sleep 1
screen -RR && exit 0
# normally, execution of this rc script ends here...
echo "Screen failed! continuing with normal bash startup"
fi
# [end of auto-screen snippet]
Create ~/.screenrc on the target host, containing:
# see http://www4.informatik.uni-erlangen.de/~jnweiger/screen-faq.html
# support color X terminals
termcap xterm 'XT:AF=\E[3%dm:AB=\E[4%dm:AX'
terminfo xterm 'XT:AF=\E[3%p1%dm:AB=\E[4%p1%dm:AX'
termcapinfo xterm 'XT:AF=\E[3%p1%dm:AB=\E[4%p1%dm:AX:hs:ts=\E]2;:fs=\007:ds=\E]2;screen\007'
termcap xtermc 'XT:AF=\E[3%dm:AB=\E[4%dm:AX'
terminfo xtermc 'XT:AF=\E[3%p1%dm:AB=\E[4%p1%dm:AX'
termcapinfo xtermc 'XT:AF=\E[3%p1%dm:AB=\E[4%p1%dm:AX:hs:ts=\E]2;:fs=\007:ds=\E]2;screen\007'
# auto-screen support; see http://taint.org/wk/RemoteLoginAutoScreen
# detach on hangup
autodetach on
# no startup msg
startup_message off
# always use a login shell
shell -$SHELL
# auto-log
logfile $HOME/lib/screen-logs/%Y%m%d-%n.log
deflog on
Note: if you just want the auto-screen feature, the middle 7 lines are the important bit; you can probably omit the "color X terminals" and "auto-log" stanzas if you like.