From 74e3f9c6773b075b4fb23577687cf7d9633c6305 Mon Sep 17 00:00:00 2001
From: Dennis Potter <dennis@dennispotter.eu>
Date: Thu, 18 May 2023 22:47:21 -0700
Subject: [PATCH] Add script that sends email if user successfully logs in over
 SSH

---
 mail_on_ssh/.gitignore               |  1 +
 mail_on_ssh/README.md                |  8 ++++
 mail_on_ssh/mail_on_ssh.conf.example |  4 ++
 mail_on_ssh/mail_on_ssh.sh           | 55 ++++++++++++++++++++++++++++
 4 files changed, 68 insertions(+)
 create mode 100644 mail_on_ssh/.gitignore
 create mode 100644 mail_on_ssh/README.md
 create mode 100644 mail_on_ssh/mail_on_ssh.conf.example
 create mode 100755 mail_on_ssh/mail_on_ssh.sh

diff --git a/mail_on_ssh/.gitignore b/mail_on_ssh/.gitignore
new file mode 100644
index 0000000..07ab4e5
--- /dev/null
+++ b/mail_on_ssh/.gitignore
@@ -0,0 +1 @@
+mail_on_ssh.conf
diff --git a/mail_on_ssh/README.md b/mail_on_ssh/README.md
new file mode 100644
index 0000000..eee6c68
--- /dev/null
+++ b/mail_on_ssh/README.md
@@ -0,0 +1,8 @@
+# Installation
+
+After setting up mail_on_ssh.conf, add the following configuration to `/etc/pam.d/sshd`
+
+```
+# Send an email if somebody logs in successfully over SSH
+session    optional     pam_exec.so seteuid $PATH2SERVER_SCRIPTS/mail_on_ssh/mail_on_ssh.sh -c $PATH2SERVER_SCRIPTS/mail_on_ssh/mail_on_ssh.conf
+```
diff --git a/mail_on_ssh/mail_on_ssh.conf.example b/mail_on_ssh/mail_on_ssh.conf.example
new file mode 100644
index 0000000..84de857
--- /dev/null
+++ b/mail_on_ssh/mail_on_ssh.conf.example
@@ -0,0 +1,4 @@
+#################################################################
+# Config
+#################################################################
+RECEPIENT='' # Send email to this address
diff --git a/mail_on_ssh/mail_on_ssh.sh b/mail_on_ssh/mail_on_ssh.sh
new file mode 100755
index 0000000..4c6301d
--- /dev/null
+++ b/mail_on_ssh/mail_on_ssh.sh
@@ -0,0 +1,55 @@
+#!/bin/bash
+#################################################################
+# Check availability of software
+#################################################################
+function availability {
+    if [[ ! $(command -v $1) ]]; then
+        echo Error: '$1' is not available but required. Please install it!
+        exit 1
+    fi
+}
+
+availability mail
+
+#################################################################
+# Get arguments
+#################################################################
+missingArg()
+{
+   echo "Error: Please define the configuration to be used!"
+   echo "       Usage: $0 -c <configuration_file>"
+   exit 1
+}
+
+while getopts "c:" opt
+do
+   case "$opt" in
+      c ) CONFIG_FILE="$OPTARG" ;;
+      ? ) missingArg ;; 
+   esac
+done
+
+# Check if config was empty
+if [ -z "$CONFIG_FILE" ]
+then
+   missingArg
+fi
+
+# Check if config file exists
+if [ ! -f $CONFIG_FILE ]
+then
+    echo "$CONFIG_FILE does not exist!"
+    exit 1
+fi
+
+source $CONFIG_FILE
+
+#################################################################
+# Send email
+#################################################################
+if [ "$PAM_TYPE" != "close_session" ]; then
+    host="`hostname`"
+    subject="SSH Login: $PAM_USER from $PAM_RHOST on $host"
+    message=$(env)
+    echo "$message" | mail -s "$subject" "$RECEPIENT"
+fi