vi /root/.bashrc
# which mail addres to send?
email='xxx@xxx.com.tw,root_check@xxx.com.tw'
#get user information
ipaddr=`who am i | awk '{print $6}' | cut -d '(' -f2 | cut -d ')' -f1`
tty=`who am i | awk '{print $2}'`
username=`ps aux | grep "$tty" | grep sshd | awk '{print $12}' | head -n1 | cut -d '@' -f1`
#check macaddr
ping "$ipaddr" -c1 &> /dev/null
macaddr=`arp -a $ipaddr | awk '{print $4}'`
#input from whitch interface
interface=`arp -a $ipaddr | awk '{print $7}'`
#check if can't receive macadr
if [ "$macaddr" == 'entries' ]; then
macaddr="can't find macaddr in arp"
fi
if [ "$interface" == 'found.' ]; then
interface="can't find interface in arp"
fi
#send mail now
echo -e "
Somebody changing identity to [ root ] on `hostname`!! \n
username: $username \r
ipaddr: $ipaddr \r
macaddr: $macaddr \r
interface: $interface \r
console: $tty \r
date: `date` \n" | mail -s "Somebody changing identity to SUPERUSER on `hostname`!!" $email
shopt -s histappend
PROMPT_COMMAND="history -a; $PROMPT_COMMAND"
沒有留言:
張貼留言