TL;DR - Instructions
- Install pam_python module. This can be done in ubuntu by "
sudo apt-get install libpam-python".
- Download the following script (https://gist.github.com/2380454), to a convenient location. I saved it to
- In the file pam_notify.py, modify the variables
- Add the following line to
session optional pam_python.so /lib/security/pam_notify.py
- Done. SSH into your server, and see if you get an email. Check your spam filter, too.
For security reasons, you might want to be notified whenever someone logs into your server. I've asked the following question - http://serverfault.com/questions/375558/how-to-email-notify-admin-when-users-log-in-to-the-linux-server, and I was referred to a C PAM module to do the job. I couldn't get the module to work for some reason. I wasn't feeling to happy to debug C code to figure out what's going on under the scene, so I re-wrote it as a python script.
We're using the following technologies
- Pluggable Authentication Module (PAM)
- PAM gives you fine-grained control over the authentication system in an *nix environment. For our use, we're adding the logic to send email whenever a ssh session is created.
- PAM modules need to be compiled into *.so, native shared library object. Which is annoying for debugging and development, because it means that the PAM modules need to be written in C, and need to be compiled. However, the library pam_python provides a bridge between PAM modules and python scripts, allowing you to write them in Python.
- pam_notify.py is our little nifty script to send email notifications.
- Finally, the PAM module needs to be configured into the machine. All the PAM configuration files are stored in the directory
/etc/pam.d/. The line "
session optional pam_python.so /lib/security/pam_notify.py" in /etc/pam.d/sshd configures PAM to call the python script whenever a ssh session is created.