Execute script on login

[awado]

For security reasons I implemented an rsyslog config script to send a push notification on every ssh login attempt. Can this be done for the web login too?

 

[LnxBil]

You could also use a rsyslog config script similar to the SSH one. Each authentication is logged in daemon.log as

Mar 25 10:45:55 proxmox pvedaemon[3117373]: <root@pam> successful openid auth for user 'lnxbil@keycloak'

 

[awado]

Thanks LnxBil. Somehow it should be obvious, if I'd have watched the syslog closely enough. Works like a charm. If anyone wants to do the same, here's my solution:

Add the script to "/etc/rsyslog.d".

nano /etc/rsyslog.d/pushover-web.conf

module(load="omprog")
template(name="webloginmsg" type="string" string="%msg%")
if ($programname == "pvedaemon") and ($msg contains "successful auth") then {
    action(type="omprog"
           binary="/usr/sbin/pushover.sh"
           output="/var/log/pushover.log"
           template="webloginmsg")
}

Everytime someone successfully logs in via web, it triggers this script:

nano /usr/sbin/pushover.sh

#!/bin/bash

read log
curl -s --form-string "token=your-token" --form-string "user=your-user" --form-string "message=$log"  https://api.pushover.net/1/messages.json

Make the script executable and restart the service.

chmod +x /usr/sbin/pushover.sh
systemctl restart rsyslog.service

 

[awado]

The only downside is: the log entry repeats every 5 minutes and triggers the push notification.