Monitor user logins

4982db41 · Bob Mottram · 2bd379a0 · 4982db41 · 4982db41
Commit 4982db41 authored 5 years ago by Bob Mottram
--- a/src/freedombone
+++ b/src/freedombone
@@ -400,8 +400,8 @@ fi
 function_check hostname_check
 hostname_check

-function_check notify_root_logins
-notify_root_logins
+function_check notify_logins
+notify_logins

 function_check setup_final
 setup_final

--- a/src/freedombone-utils-ssh
+++ b/src/freedombone-utils-ssh
@@ -212,10 +212,73 @@ function get_ssh_server_key {
    fi
 }

-function notify_root_logins {
+function notify_logins {
+    # monitor root logins
+
    if ! grep -q "${PROJECT_NAME}-notification" /root/.bashrc; then
-        echo "/usr/local/bin/${PROJECT_NAME}-notification -s \"root login\" -m \"root login \$(date)\"" >> /root/.bashrc
+        echo "/usr/local/bin/${PROJECT_NAME}-notification -s \"ssh root login\" -m \"ssh root login \$(date)\"" >> /root/.bashrc
    fi
+
+    # script which monitors user logins
+
+    { echo '#!/bin/bash';
+      echo 'while true';
+      echo 'do';
+      echo '    # clear existing list of logins';
+      echo '    if [ -f /tmp/.logins ]; then';
+      echo '        rm /tmp/.logins';
+      echo '    fi';
+      echo '';
+      echo '    # For each user account';
+      echo '    for d in /home/*/ ; do';
+      echo "        USERNAME=$(echo \"\$d\" | awk -F '/' '{print \$3}')";
+      echo '';
+      echo '        # ensure that logins get reported';
+      echo "        if ! grep \"touch /tmp/.login_\$USERNAME\" \"/home/\$USERNAME/.bashrc\"; then";
+      echo "            sed -i \"/.login_\$USERNAME/d\" \"/home/\$USERNAME/.bashrc\"";
+      echo "            echo \"touch /tmp/.login_\$USERNAME\" >> \"/home/\$USERNAME/.bashrc\"";
+      echo '        fi';
+      echo '';
+      echo '        # detect login for this user';
+      echo "        # Note that we don't trust the file contents or creation date to be accurate";
+      echo "        if [ -f \"/tmp/.login_\$USERNAME\" ]; then";
+      echo '            # append to the list of logins';
+      echo "            echo \"\$USERNAME logged in \$(date)\" >> /tmp/.logins";
+      echo "            rm \"/tmp/.login_\$USERNAME\"";
+      echo '        fi';
+      echo '    done';
+      echo '';
+      echo '    # notify if there were logins';
+      echo '    if [ -f /tmp/.logins ]; then';
+      echo '        # shellcheck disable=SC2086';
+      echo "        /usr/local/bin/\${PROJECT_NAME}-notification -s \"ssh user login\" -m \"ssh user login \$(cat /tmp/.logins)\"";
+      echo '        rm /tmp/.logins';
+      echo '    fi';
+      echo '';
+      echo '    sleep 2';
+      echo 'done'; } > /usr/bin/check-user-logins
+    chmod +x /usr/bin/check-user-logins
+
+    # daemon to monitor user logins
+
+    { echo '[Unit]';
+      echo 'Description=Check for user logins';
+      echo 'After=network.target';
+      echo '';
+      echo '[Service]';
+      echo 'User=root';
+      echo "ExecStart=/usr/bin/check-user-logins";
+      echo "ExecReload=/bin/kill \$MAINPID";
+      echo 'KillMode=process';
+      echo 'Restart=always';
+      echo 'RestartSec=2';
+      echo '';
+      echo '[Install]';
+      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/userlogins.service
+
+    systemctl enable userlogins
+    systemctl daemon-reload
+    systemctl restart userlogins
 }

 # NOTE: deliberately no exit 0