Execute script on login

A

awado

Well-Known Member
Mar 2, 2020
36
7
48
54
For security reasons I implemented an rsyslog config script to send a push notification on every ssh login attempt. Can this be done for the web login too?
 
You could also use a rsyslog config script similar to the SSH one. Each authentication is logged in daemon.log as

Code: 
Mar 25 10:45:55 proxmox pvedaemon[3117373]: <root@pam> successful openid auth for user 'lnxbil@keycloak'
 
Thanks LnxBil. Somehow it should be obvious, if I'd have watched the syslog closely enough. Works like a charm. If anyone wants to do the same, here's my solution:

Add the script to "/etc/rsyslog.d".

Code: 
nano /etc/rsyslog.d/pushover-web.conf

module(load="omprog")
template(name="webloginmsg" type="string" string="%msg%")
if ($programname == "pvedaemon") and ($msg contains "successful auth") then {
    action(type="omprog"
           binary="/usr/sbin/pushover.sh"
           output="/var/log/pushover.log"
           template="webloginmsg")
}

Everytime someone successfully logs in via web, it triggers this script:

Code: 
nano /usr/sbin/pushover.sh

#!/bin/bash

read log
curl -s --form-string "token=your-token" --form-string "user=your-user" --form-string "message=$log"  https://api.pushover.net/1/messages.json

Make the script executable and restart the service.

Code: 
chmod +x /usr/sbin/pushover.sh
systemctl restart rsyslog.service
 
The only downside is: the log entry repeats every 5 minutes and triggers the push notification.
 
You must log in or register to reply here.
Top Bottom