tdussa · July 4, 2024 10:00
diff --git a/notify_new_login.sh b/notify_new_login.sh
 #! /usr/bin/env bash
 ## 
 ## New IP login notification script
 ## 2009-11-20 00:28 Samuele ~redShadow~ Santi
 ## 2018-06-04 12:53 ElliotNB
 ## 2018-10-17 17:55 ElliotNB - bug fixes for non-interactive sessions and `sudo su` commands
 ## 2019-08-27 16:15 mbest - update geoip lookup awk syntax, add mktemp for temporary directory,
 ##                        - add delete TMP_DIR function and trap to delete it for assurance, 
 ##                        - change emails to example.com, add xargs to trim output
 ## 2024-06-10T08:25Z tdussa - Removed GeoIP lookup
 ## 2024-06-10T12:45Z tdussa - Fixed `last` call so IPv6 addresses are not truncated
 ## 2024-06-10T13:10Z tdussa - Removed `mutt` dependency
 ## 2024-06-10T13:30Z tdussa - Removed absolute path from `mail` call, made bang line more general
 ## 2024-06-10T13:40Z tdussa - Moved attachments into mail text for compatibility
 ## 2024-07-03T07:40Z tdussa - Made mail subject more concise
 ## 2024-07-03T07:45Z tdussa - Set default mail recipient to `root`
 ## 2024-07-04T08:40Z tdussa - Made netstat silent if run by regular user
 ## 2024-07-04T10:00Z tdussa - Added possibility for external recipient definition
 ##
 ## Licensed under GPL
 ##
 ## This script will email the contact specified below whenever
 ## a user logs into the system from a new IP address. The email will contain the
 ## username and IP address for the login as well as current system
 ## stats (running processes, other logged in users, network connections, etc).
 ## 
 ## Installation:
 ##     - Copy and paste this script into /etc/profile.d/notify_new_login.sh
 ##     - Put desired recipient address in /etc/default/notify_new_login in the
 ##       format as below or edit the variable below directly
 ##
 ## Configuration:
 NOTIFY_ADDR="root"
 [[ -e /etc/default/notify_new_login ]] && source /etc/default/notify_new_login

 LOG_USER="$( whoami )"
 LOG_DATE="$( date "+%Y-%m-%dT%H:%M:%S%:::z" )"
 LOG_IP="$( echo ${SSH_CLIENT} | awk '{ print $1 }' )"

 # if this is an interactive shell and we were able to capture an IP address, then proceed
 if ! [ -z "$PS1" ] && ! [ -z "$LOG_IP" ]; then
 	# if this user and IP address combination is not present in our logs
 	if ! [[ $(last $LOG_USER -ai |grep -v still |grep $LOG_IP) ]]; then
 		mail -s "[NEW LOGIN] ${LOG_USER}@$(hostname) from ${LOG_IP}" "${NOTIFY_ADDR}" <<EOF
 ----------------------
 NEW LOGIN NOTIFICATION
 ----------------------

 Host:   $(hostname)
 User:   ${LOG_USER}
 IP:	${LOG_IP}
 Date:   ${LOG_DATE}
        $(date)
 Uptime: $(uptime)

 --- Logged-in users ----------------------------------------------------
 $(who)

 --- Netstat ------------------------------------------------------------
 $(netstat -n)

 --- Netstat listening --------------------------------------------------
 $(netstat -tulpen 2> /dev/null)

 --- Processes ----------------------------------------------------------
 $(ps fauxw)

 EOF
 	fi
 fi
	#! /usr/bin/env bash
	##
	## New IP login notification script
	## 2009-11-20 00:28 Samuele ~redShadow~ Santi
	## 2018-06-04 12:53 ElliotNB
	## 2018-10-17 17:55 ElliotNB - bug fixes for non-interactive sessions and `sudo su` commands
	## 2019-08-27 16:15 mbest - update geoip lookup awk syntax, add mktemp for temporary directory,
	## - add delete TMP_DIR function and trap to delete it for assurance,
	## - change emails to example.com, add xargs to trim output
	## 2024-06-10T08:25Z tdussa - Removed GeoIP lookup
	## 2024-06-10T12:45Z tdussa - Fixed `last` call so IPv6 addresses are not truncated
	## 2024-06-10T13:10Z tdussa - Removed `mutt` dependency
	## 2024-06-10T13:30Z tdussa - Removed absolute path from `mail` call, made bang line more general
	## 2024-06-10T13:40Z tdussa - Moved attachments into mail text for compatibility
	## 2024-07-03T07:40Z tdussa - Made mail subject more concise
	## 2024-07-03T07:45Z tdussa - Set default mail recipient to `root`
	## 2024-07-04T08:40Z tdussa - Made netstat silent if run by regular user
	## 2024-07-04T10:00Z tdussa - Added possibility for external recipient definition
	##
	## Licensed under GPL
	##
	## This script will email the contact specified below whenever
	## a user logs into the system from a new IP address. The email will contain the
	## username and IP address for the login as well as current system
	## stats (running processes, other logged in users, network connections, etc).
	##
	## Installation:
	## - Copy and paste this script into /etc/profile.d/notify_new_login.sh
	## - Put desired recipient address in /etc/default/notify_new_login in the
	## format as below or edit the variable below directly
	##
	## Configuration:
	NOTIFY_ADDR="root"
	[[ -e /etc/default/notify_new_login ]] && source /etc/default/notify_new_login

	LOG_USER="$( whoami )"
	LOG_DATE="$( date "+%Y-%m-%dT%H:%M:%S%:::z" )"
	LOG_IP="$( echo ${SSH_CLIENT} \| awk '{ print $1 }' )"

	# if this is an interactive shell and we were able to capture an IP address, then proceed
	if ! [ -z "$PS1" ] && ! [ -z "$LOG_IP" ]; then
	# if this user and IP address combination is not present in our logs
	if ! [[ $(last $LOG_USER -ai \|grep -v still \|grep $LOG_IP) ]]; then
	mail -s "[NEW LOGIN] ${LOG_USER}@$(hostname) from ${LOG_IP}" "${NOTIFY_ADDR}" <<EOF
	----------------------
	NEW LOGIN NOTIFICATION
	----------------------

	Host: $(hostname)
	User: ${LOG_USER}
	IP: ${LOG_IP}
	Date: ${LOG_DATE}
	$(date)
	Uptime: $(uptime)

	--- Logged-in users ----------------------------------------------------
	$(who)

	--- Netstat ------------------------------------------------------------
	$(netstat -n)

	--- Netstat listening --------------------------------------------------
	$(netstat -tulpen 2> /dev/null)

	--- Processes ----------------------------------------------------------
	$(ps fauxw)

	EOF
	fi
	fi