Bonjour,

Je suis sur debian Wheezy 3.0.4

Afin d’être alerté par mail de toutes les connexions ssh établies sur mon serveur , j’ai fait ceci avec Pam :

Fichier : /usr/local/bin/pam-notify-login

#!/bin/sh [ "$PAM_TYPE" = "open_session" ] || exit 0 { echo "User: $PAM_USER" echo "Ruser: $PAM_RUSER" echo "Rhost: $PAM_RHOST" echo "Service: $PAM_SERVICE" echo "TTY: $PAM_TTY" echo "Server: `uname -a`" echo "Date: `date`" echo "Console: `who -a -H --ips`" } |mail -s "`hostname -s` $PAM_SERVICE login: $PAM_USER" mon-mail@fai.fr ' > /usr/local/bin/pam-notify-login

Puis j’ai chmodé le fichier :

Pour le fichier ‘/etc/pam.d/common-session’ j’ai fait :

echo '' >> /etc/pam.d/common-session echo '# Pour email alerte des connexions ssh' >> /etc/pam.d/common-session echo 'session optional pam_exec.so /usr/local/bin/pam-notify-login' >> /etc/pam.d/common-session

Pour le fichier ‘/etc/pam.d/sudo’ j’ai fait :

echo '' >> /etc/pam.d/sudo echo '# Pour email alerte des connexions ssh' >> /etc/pam.d/sudo echo 'session optional pam_exec.so /usr/local/bin/pam-notify-login' >> /etc/pam.d/sudo

Pour le fichier ‘/etc/aliases’ j’ai fait :

Mais ça marche pas ?

Quand je fait un reboot, j’ai ce message :

[code]serveur@debian:~$ sudo reboot
[sudo] password for serveur:
/usr/local/bin/pam-notify-login échec : code de sortie 8

Broadcast message from root@debian (pts/0) (Tue Jul 8 00:15:05 2014):

The system is going down for reboot NOW!
/usr/local/bin/pam-notify-login failed: exit code 8
serveur@debian:~$ Connection to 192.168.0.1 closed by remote host.
Connection to 192.168.0.1 closed.
laurent@laurent-Bureau:~$ [/code]

Quand je me logue sur le login de mon serveur, j’ai le même message d’erreur :

[code]laurent@laurent-Bureau:~$ ssh serveur@192.168.0.1
serveur@192.168.0.1’s password:
/usr/local/bin/pam-notify-login failed: exit code 8
Linux debian 3.0.4 #1 PREEMPT Tue Aug 30 19:56:02 MDT 2011 armv5tel

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
You have new mail.
Last login: Tue Jul 8 00:17:25 2014 from 192.168.0.6
serveur@debian:~$
[/code]

Comment faire ?

Merci.

Salut,

[quote=“xunil2003”] j’ai fait ceci avec Pam :

Fichier : /usr/local/bin/pam-notify-login

[mono]#!/bin/sh
[ “$PAM_TYPE” = “open_session” ] || exit 0
{
echo "User: $PAM_USER"
echo "Ruser: $PAM_RUSER"
echo "Rhost: $PAM_RHOST"
echo "Service: $PAM_SERVICE"
echo "TTY: $PAM_TTY"
echo "Server: uname -a"
echo "Date: date"
echo "Console: who -a -H --ips“
} |mail -s "hostname -s $PAM_SERVICE login: $PAM_USER” mon-mail@fai.fr
[strike]’ > /usr/local/bin/pam-notify-login[/strike][/quote][/mono]

Remplaces [mono]mon-mail@fai.fr[/mono] par [mono]root[/mono].

Supprimes la ligne : [mono][strike]’ > /usr/local/bin/pam-notify-login[/strike][/mono]

Au final, tu obtiens :

[code][07:45:21][root@facteur] ~ # cat /usr/local/bin/pam-notify-login
#!/bin/sh
[ “$PAM_TYPE” = “open_session” ] || exit 0
{
echo "User: $PAM_USER"
echo "Ruser: $PAM_RUSER"
echo "Rhost: $PAM_RHOST"
echo "Service: $PAM_SERVICE"
echo "TTY: $PAM_TTY"
echo "Server: uname -a"
echo "Date: date"
echo "Console: who -a -H --ips“
} | mail -s "hostname -s $PAM_SERVICE login: $PAM_USER” root

[07:45:28][root@facteur] ~ # [/code]

[quote=“xunil2003”]Pour le fichier ‘/etc/aliases’ j’ai fait :

[/quote]

[mono]$ cat /etc/aliases

[…]

root: mon-mail@fai.fr[/mono]

Ok.

Ne touches plus à rien et fais un test.

Bonjour,

BelZéButh,
A l’époque quand mon serveur était sur Debian Squeeze c’était vous-même qui m’aviez communiqué le script /usr/local/bin/pam-notify-login et expliquer la démarche à effectuer que j’ai refait pour Wheezy. Y doit y avoir une incompabilité avec Wheezy ?
Voir ici mon ancien poste :
help-mon-serveur-deban-semble-etre-compromis-attaque-t42389.html

Mon fichier et bien comme vous le dites :

[code]serveur@debian:~$ cat /usr/local/bin/pam-notify-login
#!/bin/sh
[ “$PAM_TYPE” = “open_session” ] || exit 0
{
echo "User: $PAM_USER"
echo "Ruser: $PAM_RUSER"
echo "Rhost: $PAM_RHOST"
echo "Service: $PAM_SERVICE"
echo "TTY: $PAM_TTY"
echo "Server: uname -a"
echo "Date: date"
echo "Console: who -a -H --ips“
} |mail -s "hostname -s $PAM_SERVICE login: $PAM_USER” mon-mail@fai.fr

serveur@debian:~$
[/code]

En faite je me suis fait un script bash d’auto-installation et configuration :

[code]#!/bin/sh

echo
echo "
------------------------------------------------------------------------------+
| Installer un alerte par mail de toutes les connexions ssh établies avec Pam |
------------------------------------------------------------------------------+
"
echo
echo "touch /usr/local/bin/pam-notify-login"
touch /usr/local/bin/pam-notify-login
echo
echo ‘
#!/bin/sh
[ “$PAM_TYPE” = “open_session” ] || exit 0
{
echo "User: $PAM_USER"
echo "Ruser: $PAM_RUSER"
echo "Rhost: $PAM_RHOST"
echo "Service: $PAM_SERVICE"
echo "TTY: $PAM_TTY"
echo "Server: uname -a"
echo "Date: date"
echo "Console: who -a -H --ips“
} |mail -s "hostname -s $PAM_SERVICE login: $PAM_USER” mon-mail@fai.fr
’ > /usr/local/bin/pam-notify-login
echo "/usr/local/bin/pam-notify-login [OK]"
echo
echo “chmod +x /usr/local/bin/pam-notify-login”
#chmod +x /usr/local/bin/pam-notify-login
echo
cp -v /etc/pam.d/common-session /etc/pam.d/common-session.bak
echo ‘’ >> /etc/pam.d/common-session
echo ‘# Pour email alerte des connexions ssh’ >> /etc/pam.d/common-session
echo ‘session optional pam_exec.so /usr/local/bin/pam-notify-login’ >> /etc/pam.d/common-session
echo "/etc/pam.d/common-session [OK]"
echo
cp -v /etc/pam.d/sudo /etc/pam.d/sudo.bak
echo ‘’ >> /etc/pam.d/sudo
echo ‘# Pour email alerte des connexions ssh’ >> /etc/pam.d/sudo
echo ‘session optional pam_exec.so /usr/local/bin/pam-notify-login’ >> /etc/pam.d/sudo
echo "/etc/pam.d/sudo [OK]"
echo
cp -v /etc/aliases /etc/aliases.bak
echo ‘root: mon-mail@fai.fr’ >> /etc/aliases
echo "/etc/aliases [OK]"
exit 0[/code]

Que j’ai oublié de retirer

quand j’ai fait le copier coller pour poster mon poste, il était tard.

Fichier aliases :

[code]serveur@debian:~$ cat /etc/aliases

/etc/aliases

mailer-daemon: postmaster
postmaster: root
nobody: root
hostmaster: root
usenet: root
news: root
webmaster: root
www: root
ftp: root
abuse: root
noc: root
security: root
root: mon-mail@fai.fr
serveur@debian:~$ [/code]

Malgré tout ce message d’erreur :

indique qu’il y a un problème avec le fichier /usr/local/bin/pam-notify-login, mais à quoi correspond le code 8 ?

Droit du fichier /usr/local/bin/pam-notify-login :

serveur@debian:~$ ls -al /usr/local/bin/pam-notify-login -rwxr-xr-x 1 root staff 415 juil. 8 01:28 /usr/local/bin/pam-notify-login serveur@debian:~$

Je ne trouve pas d’où vient le problème ?

Merci.

Re,

Absolument pas, je l’utilise encore sur des serveurs distants tournant sous Wheezy.

Je ne sais pas.

Serait-ce encore lié à ton problème ssh ?

[mono]$ ssh -v serveur@192.168.0.1[/mono] ?

* edit *

Quel est le retour suivant ?

Bonjour,

Ma connexion ssh marche bien, je n’ai pas eu de problème particulier avec.

Voila le retour :

[code]laurent@laurent-Bureau:~$ ssh -v serveur@192.168.0.1
OpenSSH_5.9p1 Debian-5ubuntu1.4, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.0.1 [192.168.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/laurent/.ssh/id_rsa type -1
debug1: identity file /home/laurent/.ssh/id_rsa-cert type -1
debug1: identity file /home/laurent/.ssh/id_dsa type -1
debug1: identity file /home/laurent/.ssh/id_dsa-cert type -1
debug1: identity file /home/laurent/.ssh/id_ecdsa type -1
debug1: identity file /home/laurent/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4+deb7u1
debug1: match: OpenSSH_6.0p1 Debian-4+deb7u1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA c9:b7:d6:c2:b9:a1:fd:cd:8a:dc:4d:e3:2e:d9:4a:3c
debug1: Host ‘192.168.0.1’ is known and matches the ECDSA host key.
debug1: Found key in /home/laurent/.ssh/known_hosts:3
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/laurent/.ssh/id_rsa
debug1: Trying private key: /home/laurent/.ssh/id_dsa
debug1: Trying private key: /home/laurent/.ssh/id_ecdsa
debug1: Next authentication method: password
serveur@192.168.0.1’s password:
debug1: Authentication succeeded (password).
Authenticated to 192.168.0.1 ([192.168.0.1]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = fr_FR.UTF-8
/usr/local/bin/pam-notify-login failed: exit code 8
Linux debian 3.0.4 #1 PREEMPT Tue Aug 30 19:56:02 MDT 2011 armv5tel

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
You have new mail.
Last login: Tue Jul 8 10:06:38 2014 from 192.168.0.6
serveur@debian:~$[/code]

[code]serveur@debian:~$ sudo faillog -a
[sudo] password for serveur:
/usr/local/bin/pam-notify-login échec : code de sortie 8
Identifiant Échecs Maximum Dernier Sur

root 0 0 01/01/70 01:00:00 +0100
daemon 0 0 01/01/70 01:00:00 +0100
bin 0 0 01/01/70 01:00:00 +0100
sys 0 0 01/01/70 01:00:00 +0100
sync 0 0 01/01/70 01:00:00 +0100
games 0 0 01/01/70 01:00:00 +0100
man 0 0 01/01/70 01:00:00 +0100
lp 0 0 01/01/70 01:00:00 +0100
mail 0 0 01/01/70 01:00:00 +0100
news 0 0 01/01/70 01:00:00 +0100
uucp 0 0 01/01/70 01:00:00 +0100
proxy 0 0 01/01/70 01:00:00 +0100
www-data 0 0 01/01/70 01:00:00 +0100
backup 0 0 01/01/70 01:00:00 +0100
list 0 0 01/01/70 01:00:00 +0100
irc 0 0 01/01/70 01:00:00 +0100
gnats 0 0 01/01/70 01:00:00 +0100
nobody 0 0 01/01/70 01:00:00 +0100
libuuid 0 0 01/01/70 01:00:00 +0100
ntp 0 0 01/01/70 01:00:00 +0100
sshd 0 0 01/01/70 01:00:00 +0100
serveur 0 0 01/01/70 01:00:00 +0100
mysql 0 0 01/01/70 01:00:00 +0100
Debian-exim 0 0 01/01/70 01:00:00 +0100
postfix 0 0 01/01/70 01:00:00 +0100
messagebus 0 0 01/01/70 01:00:00 +0100
mpd 0 0 01/01/70 01:00:00 +0100
/usr/local/bin/pam-notify-login failed: exit code 8
serveur@debian:~$ [/code]

Merci.

[quote=“xunil2003”]serveur@debian:~$ sudo faillog -a
[sudo] password for serveur:
[mono]/usr/local/bin/pam-notify-login échec : code de sortie 8
Identifiant Échecs Maximum Dernier Sur

root 0 0 01/01/70 01:00:00 +0100
daemon 0 0 01/01/70 01:00:00 +0100
bin 0 0 01/01/70 01:00:00 +0100
sys 0 0 01/01/70 01:00:00 +0100
sync 0 0 01/01/70 01:00:00 +0100
games 0 0 01/01/70 01:00:00 +0100
man 0 0 01/01/70 01:00:00 +0100
lp 0 0 01/01/70 01:00:00 +0100
mail 0 0 01/01/70 01:00:00 +0100
news 0 0 01/01/70 01:00:00 +0100
uucp 0 0 01/01/70 01:00:00 +0100
proxy 0 0 01/01/70 01:00:00 +0100
www-data 0 0 01/01/70 01:00:00 +0100
backup 0 0 01/01/70 01:00:00 +0100
list 0 0 01/01/70 01:00:00 +0100
irc 0 0 01/01/70 01:00:00 +0100
gnats 0 0 01/01/70 01:00:00 +0100
nobody 0 0 01/01/70 01:00:00 +0100
libuuid 0 0 01/01/70 01:00:00 +0100
ntp 0 0 01/01/70 01:00:00 +0100
sshd 0 0 01/01/70 01:00:00 +0100
serveur 0 0 01/01/70 01:00:00 +0100
mysql 0 0 01/01/70 01:00:00 +0100
Debian-exim 0 0 01/01/70 01:00:00 +0100
postfix 0 0 01/01/70 01:00:00 +0100
messagebus 0 0 01/01/70 01:00:00 +0100
mpd 0 0 01/01/70 01:00:00 +0100
/usr/local/bin/pam-notify-login failed: exit code 8[/mono]
serveur@debian:~$ [/quote]

Remets les compteurs à zéro comme suit :

Établis une nouvelle connexion ssh, passes en root et relances [mono]# faillog -a[/mono] ?

Re,

Voilà le résulta étape par étapes :

root@debian:~# faillog -r root@debian:~# root@debian:~# exit déconnexion debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0 debug1: channel 0: free: client-session, nchannels 1 Connection to 192.168.0.1 closed. Transferred: sent 2392, received 2560 bytes, in 13.3 seconds Bytes per second: sent 180.4, received 193.0 debug1: Exit status 0 laurent@laurent-Bureau:~$

[code]laurent@laurent-Bureau:~$
laurent@laurent-Bureau:~$ ssh -v serveur@192.168.0.1
OpenSSH_5.9p1 Debian-5ubuntu1.4, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.0.1 [192.168.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/laurent/.ssh/id_rsa type -1
debug1: identity file /home/laurent/.ssh/id_rsa-cert type -1
debug1: identity file /home/laurent/.ssh/id_dsa type -1
debug1: identity file /home/laurent/.ssh/id_dsa-cert type -1
debug1: identity file /home/laurent/.ssh/id_ecdsa type -1
debug1: identity file /home/laurent/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4+deb7u1
debug1: match: OpenSSH_6.0p1 Debian-4+deb7u1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA c9:b7:d6:c2:b9:a1:fd:cd:8a:dc:4d:e3:2e:d9:4a:3c
debug1: Host ‘192.168.0.1’ is known and matches the ECDSA host key.
debug1: Found key in /home/laurent/.ssh/known_hosts:3
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/laurent/.ssh/id_rsa
debug1: Trying private key: /home/laurent/.ssh/id_dsa
debug1: Trying private key: /home/laurent/.ssh/id_ecdsa
debug1: Next authentication method: password
serveur@192.168.0.1’s password:
debug1: Authentication succeeded (password).
Authenticated to 192.168.0.1 ([192.168.0.1]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = fr_FR.UTF-8
/usr/local/bin/pam-notify-login failed: exit code 8
Linux debian 3.0.4 #1 PREEMPT Tue Aug 30 19:56:02 MDT 2011 armv5tel

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
You have new mail.
Last login: Tue Jul 8 11:53:26 2014 from 192.168.0.6
serveur@debian:~$ su
Mot de passe :
/usr/local/bin/pam-notify-login échec : code de sortie 8
root@debian:/home/serveur#[/code]

[code]root@debian:/home/serveur# faillog -a
Identifiant Échecs Maximum Dernier Sur

root 0 0 01/01/70 01:00:00 +0100
daemon 0 0 01/01/70 01:00:00 +0100
bin 0 0 01/01/70 01:00:00 +0100
sys 0 0 01/01/70 01:00:00 +0100
sync 0 0 01/01/70 01:00:00 +0100
games 0 0 01/01/70 01:00:00 +0100
man 0 0 01/01/70 01:00:00 +0100
lp 0 0 01/01/70 01:00:00 +0100
mail 0 0 01/01/70 01:00:00 +0100
news 0 0 01/01/70 01:00:00 +0100
uucp 0 0 01/01/70 01:00:00 +0100
proxy 0 0 01/01/70 01:00:00 +0100
www-data 0 0 01/01/70 01:00:00 +0100
backup 0 0 01/01/70 01:00:00 +0100
list 0 0 01/01/70 01:00:00 +0100
irc 0 0 01/01/70 01:00:00 +0100
gnats 0 0 01/01/70 01:00:00 +0100
nobody 0 0 01/01/70 01:00:00 +0100
libuuid 0 0 01/01/70 01:00:00 +0100
ntp 0 0 01/01/70 01:00:00 +0100
sshd 0 0 01/01/70 01:00:00 +0100
serveur 0 0 01/01/70 01:00:00 +0100
mysql 0 0 01/01/70 01:00:00 +0100
Debian-exim 0 0 01/01/70 01:00:00 +0100
postfix 0 0 01/01/70 01:00:00 +0100
messagebus 0 0 01/01/70 01:00:00 +0100
mpd 0 0 01/01/70 01:00:00 +0100
root@debian:/home/serveur# [/code]

Merci.

?

Recherches en [mono]/var/log/auth.log[/mono] les erreurs liées à PAM.

?

Recherches en [mono]/var/log/auth.log[/mono] les erreurs liées à PAM.

Je dis peut-être une bêtise, mais je me demande,
si le fait que le répertoire “/usr/local/bin/” soit “sgid” et appartienne au groupe “staff” n’y est pas pour quelque chose…

michel@debG53SW:~$ ls -la /usr/local/bin/ total 8 drwxrwsr-x 2 root staff 4096 mars 3 10:01 . drwxrwsr-x 10 root staff 4096 mars 3 10:01 .. michel@debG53SW:~$

Non.

[code][12:39:36][root@facteur] ~ # ls -la /usr/local/bin/
total 48
drwxrwsr-x 2 root staff 4096 oct. 8 2013 .
drwxrwsr-x 11 root staff 4096 janv. 18 2013 …
-rwxr-xr-x 1 root staff 256 févr. 1 2013 antidos.sh
-rwxr-xr-x 1 root staff 1504 oct. 4 2013 change_ip.sh
-rwxr-xr-x 1 root staff 202 janv. 18 2013 complet

[…]

-rwxr-xr-x 1 root staff 1421 oct. 23 2013 nettoyage.sh
-rwxr-xr-x 1 root staff 392 juil. 8 11:17 pam-notify-login
-rwxr-xr-x 1 root staff 429 sept. 9 2013 surveillance_espace_disque.sh
[12:39:38][root@facteur] ~ #
[/code]

Bonjour,

[quote]
si le fait que le répertoire “/usr/local/bin/” soit “sgid” et appartienne au groupe “staff” n’y est pas pour quelque chose…[/quote]
Pour moi oui.

root@debian:/home/serveur# ls -la /usr/local/bin/ total 112 drwxrwsr-x 2 root staff 4096 juil. 7 23:13 . drwxrwsr-x 10 root staff 4096 sept. 1 2011 .. -rwxr-xr-x 1 root staff 97205 juin 16 19:13 mochad -rwxr-xr-x 1 root staff 415 juil. 8 01:28 pam-notify-login root@debian:/home/serveur#

Je dit peut être une bêtise, mais il n’y a pas staff dans /etc/aliases

[code]root@debian:/home/serveur# cat /etc/aliases

/etc/aliases

mailer-daemon: postmaster
postmaster: root
nobody: root
hostmaster: root
usenet: root
news: root
webmaster: root
www: root
ftp: root
abuse: root
noc: root
security: root
root: mon-mail@fai.fr
root@debian:/home/serveur# [/code]

Extrait de /var/log/auth.log

root@debian:/home/serveur# cat /var/log/auth.log Jul 8 11:53:26 debian sshd[3554]: pam_exec(sshd:session): /usr/local/bin/pam-notify-login failed: exit code 8 Jul 8 11:54:52 debian sudo: serveur : TTY=pts/0 ; PWD=/home/serveur ; USER=root ; COMMAND=/usr/bin/faillog -a Jul 8 11:54:52 debian sudo: pam_unix(sudo:session): session opened for user root by serveur(uid=0) Jul 8 11:54:52 debian sudo: pam_exec(sudo:session): execve(/usr/local/bin/pam-notify-login,...) failed: Erreur de format pour exec() Jul 8 11:54:52 debian sudo: pam_exec(sudo:session): /usr/local/bin/pam-notify-login failed: exit code 8 Jul 8 11:54:52 debian sudo: pam_unix(sudo:session): session closed for user root Jul 8 11:54:52 debian sudo: pam_exec(sudo:session): execve(/usr/local/bin/pam-notify-login,...) failed: Exec format error Jul 8 11:54:52 debian sudo: pam_exec(sudo:session): /usr/local/bin/pam-notify-login failed: exit code 8 Jul 8 12:09:01 debian CRON[3574]: pam_unix(cron:session): session opened for user root by (uid=0) Jul 8 12:09:01 debian CRON[3574]: pam_unix(cron:session): session closed for user root Jul 8 12:17:01 debian CRON[3587]: pam_unix(cron:session): session opened for user root by (uid=0) Jul 8 12:17:01 debian CRON[3587]: pam_unix(cron:session): session closed for user root Jul 8 12:18:54 debian sshd[3557]: Received disconnect from 192.168.0.6: 11: disconnected by user Jul 8 12:18:54 debian sshd[3554]: pam_unix(sshd:session): session closed for user serveur Jul 8 12:18:55 debian sshd[3590]: pam_exec(sshd:session): execve(/usr/local/bin/pam-notify-login,...) failed: Exec format error Jul 8 12:18:55 debian sshd[3554]: pam_exec(sshd:session): /usr/local/bin/pam-notify-login failed: exit code 8 Jul 8 12:18:55 debian sshd[3554]: pam_exec(sshd:session): conversation failed Jul 8 12:19:10 debian sshd[3591]: Accepted password for root from 192.168.0.6 port 35926 ssh2 Jul 8 12:19:10 debian sshd[3591]: pam_unix(sshd:session): session opened for user root by (uid=0) Jul 8 12:19:10 debian sshd[3593]: pam_exec(sshd:session): execve(/usr/local/bin/pam-notify-login,...) failed: Exec format error Jul 8 12:19:10 debian sshd[3591]: pam_exec(sshd:session): /usr/local/bin/pam-notify-login failed: exit code 8 Jul 8 12:19:23 debian sshd[3591]: Received disconnect from 192.168.0.6: 11: disconnected by user Jul 8 12:19:23 debian sshd[3591]: pam_unix(sshd:session): session closed for user root Jul 8 12:19:23 debian sshd[3599]: pam_exec(sshd:session): execve(/usr/local/bin/pam-notify-login,...) failed: Exec format error Jul 8 12:19:23 debian sshd[3591]: pam_exec(sshd:session): /usr/local/bin/pam-notify-login failed: exit code 8 Jul 8 12:19:23 debian sshd[3591]: pam_exec(sshd:session): conversation failed Jul 8 12:19:34 debian sshd[3600]: Accepted password for serveur from 192.168.0.6 port 35928 ssh2 Jul 8 12:19:34 debian sshd[3600]: pam_unix(sshd:session): session opened for user serveur by (uid=0) Jul 8 12:19:34 debian sshd[3602]: pam_exec(sshd:session): execve(/usr/local/bin/pam-notify-login,...) failed: Exec format error Jul 8 12:19:34 debian sshd[3600]: pam_exec(sshd:session): /usr/local/bin/pam-notify-login failed: exit code 8 Jul 8 12:19:42 debian su[3607]: Successful su for root by serveur Jul 8 12:19:42 debian su[3607]: + /dev/pts/0 serveur:root Jul 8 12:19:42 debian su[3607]: pam_unix(su:session): session opened for user root by serveur(uid=1000) Jul 8 12:19:42 debian su[3608]: pam_exec(su:session): execve(/usr/local/bin/pam-notify-login,...) failed: Erreur de format pour exec() Jul 8 12:19:42 debian su[3607]: pam_exec(su:session): /usr/local/bin/pam-notify-login failed: exit code 8 Jul 8 12:39:01 debian CRON[3623]: pam_unix(cron:session): session opened for user root by (uid=0) Jul 8 12:39:02 debian CRON[3623]: pam_unix(cron:session): session closed for user root root@debian:/home/serveur#

Merci

Non.

[quote=“BelZéButh”]$ cat /usr/local/bin/pam-notify-login

?

Recherches en [mono]/var/log/auth.log[/mono] les erreurs liées à PAM.[/quote]

[quote]pam_exec(sshd:session): execve(/usr/local/bin/pam-notify-login,…) failed: Exec format error

…

pam_exec(su:session): execve(/usr/local/bin/pam-notify-login,…) failed: Erreur de format pour exec()[/quote]

Je réitère …

Re,

J’ai fait un :

cat /var/log/auth.log | grep pam mais la liste est trop grande , je l’ai mis sur un hébergeur de texte.
textup.fr/97947eR
PS : Y a plein d’adresse ip que je ne connais pas !

fichier /usr/local/bin/pam-notify-login

root@debian:/home/serveur# cat /usr/local/bin/pam-notify-login #!/bin/sh [ "$PAM_TYPE" = "open_session" ] || exit 0 { echo "User: $PAM_USER" echo "Ruser: $PAM_RUSER" echo "Rhost: $PAM_RHOST" echo "Service: $PAM_SERVICE" echo "TTY: $PAM_TTY" echo "Server: `uname -a`" echo "Date: `date`" echo "Console: `who -a -H --ips`" } |mail -s "`hostname -s` $PAM_SERVICE login: $PAM_USER" mon-mail@fai.fr root@debian:/home/serveur#

Merci.

Copies/colles à l’identique, ce qui suit.

#!/bin/sh -x [ "$PAM_TYPE" = "open_session" ] || exit 0 { echo "User: $PAM_USER" echo "Ruser: $PAM_RUSER" echo "Rhost: $PAM_RHOST" echo "Service: $PAM_SERVICE" echo "TTY: $PAM_TTY" echo "Server: `uname -a`" echo "Date: `date`" echo "Console: `who -a -H --ips`" } | mail -s "`hostname -s` $PAM_SERVICE login: $PAM_USER" root

*** Veilles à ne laisser aucun espace, tabulation superflu dans ce script.

Lances le script et donnes le retour.

?

De même, vérifies scrupuleusement les fichiers retouchés/modifiés en [mono]/etc/pam.d/…[/mono].

Bonjhour,

étape par étape

[code]root@debian:/home/serveur# rm -i /usr/local/bin/pam-notify-login
rm : supprimer fichier « /usr/local/bin/pam-notify-login » ? o
root@debian:/home/serveur# nano -c /usr/local/bin/pam-notify-login
root@debian:/home/serveur# chmod a+x /usr/local/bin/pam-notify-login
root@debian:/home/serveur# /usr/local/bin/pam-notify-login

• [ = open_session ]
• exit 0
  root@debian:/home/serveur#
  [/code]

Maintenant je n’ai plus de message d’erreur :

[code]laurent@laurent-Bureau:~$ ssh -v serveur@192.168.0.1
OpenSSH_5.9p1 Debian-5ubuntu1.4, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.0.1 [192.168.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/laurent/.ssh/id_rsa type -1
debug1: identity file /home/laurent/.ssh/id_rsa-cert type -1
debug1: identity file /home/laurent/.ssh/id_dsa type -1
debug1: identity file /home/laurent/.ssh/id_dsa-cert type -1
debug1: identity file /home/laurent/.ssh/id_ecdsa type -1
debug1: identity file /home/laurent/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4+deb7u1
debug1: match: OpenSSH_6.0p1 Debian-4+deb7u1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA c9:b7:d6:c2:b9:a1:fd:cd:8a:dc:4d:e3:2e:d9:4a:3c
debug1: Host ‘192.168.0.1’ is known and matches the ECDSA host key.
debug1: Found key in /home/laurent/.ssh/known_hosts:3
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/laurent/.ssh/id_rsa
debug1: Trying private key: /home/laurent/.ssh/id_dsa
debug1: Trying private key: /home/laurent/.ssh/id_ecdsa
debug1: Next authentication method: password
serveur@192.168.0.1’s password:
debug1: Authentication succeeded (password).
Authenticated to 192.168.0.1 ([192.168.0.1]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = fr_FR.UTF-8
Linux debian 3.0.4 #1 PREEMPT Tue Aug 30 19:56:02 MDT 2011 armv5tel

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
You have new mail.
Last login: Tue Jul 8 14:11:44 2014 from 192.168.0.6
serveur@debian:~$
serveur@debian:~$ su
Mot de passe :
root@debian:/home/serveur#
root@debian:/home/serveur# exit
exit
serveur@debian:~$ exit
déconnexion
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug1: channel 0: free: client-session, nchannels 1
Connection to 192.168.0.1 closed.
Transferred: sent 3032, received 3264 bytes, in 30.9 seconds
Bytes per second: sent 98.0, received 105.5
debug1: Exit status 0
laurent@laurent-Bureau:~$
[/code]

Mais je ne reçois aucun message d’une connexion ssh établie dans ma boite mail ?

Merci.

Oui, c’est réglé.

Recherches la présence des logs d’informations/erreurs/avertissements en [mono]/var/log/mail …[/mono]

Il te faut une connexion (user lambda) établit. Premier mail. ?

Passes en root. Deuxième réception mail. ?

Quel est le MTA (Mail Transfer Agent) mise en place et configurer pour ce faire ?

Re,

postfix

J’ai remplacer root par mon adresse mail dans le fichier “/usr/local/bin/pam-notify-login” à la ligne suivant :

} | mail -s "`hostname -s` $PAM_SERVICE login: $PAM_USER" root par mail } | mail -s "`hostname -s` $PAM_SERVICE login: $PAM_USER" mon-adresse-mail@fai.fr et maintenant je reçois les alertes dans ma boite mail, que ce soit root, avec le login serveur ou sudo.

Mail 1 :

User: serveur Ruser: Rhost: 192.168.0.6 Service: sshd TTY: ssh Server: Linux debian 3.0.4 #1 PREEMPT Tue Aug 30 19:56:02 MDT 2011 armv5tel GNU/Linux Date: mardi 8 juillet 2014, 20:38:59 (UTC+0200) Console: NOM LIGNE HEURE PID COMMENTAIRE EXIT 2014-07-08 14:05 613 id=si term=0 sortie=0 démarrage système 2014-07-08 14:05 niveau d'exécution 2 2014-07-08 14:05 dernier=S 2014-07-08 14:06 2190 id=l2 term=0 sortie=0 IDENTIFIANT ttyS0 2014-07-08 14:06 3245 id=T0 pts/0 2014-07-08 20:38 4958 id=ts/0 term=0 sortie=0

Mail 2 :

User: root Ruser: serveur Rhost: Service: su TTY: /dev/pts/0 Server: Linux debian 3.0.4 #1 PREEMPT Tue Aug 30 19:56:02 MDT 2011 armv5tel GNU/Linux Date: mardi 8 juillet 2014, 20:39:08 (UTC+0200) Console: NOM LIGNE HEURE PID COMMENTAIRE EXIT 2014-07-08 14:05 613 id=si term=0 sortie=0 démarrage système 2014-07-08 14:05 niveau d'exécution 2 2014-07-08 14:05 dernier=S 2014-07-08 14:06 2190 id=l2 term=0 sortie=0 IDENTIFIANT ttyS0 2014-07-08 14:06 3245 id=T0 serveur + pts/0 2014-07-08 20:38 . 5005 192.168.0.6

Mail 3 :

User: root Ruser: serveur Rhost: Service: sudo TTY: /dev/pts/0 Server: Linux debian 3.0.4 #1 PREEMPT Tue Aug 30 19:56:02 MDT 2011 armv5tel GNU/Linux Date: Tue Jul 8 21:15:05 CEST 2014 Console: NAME LINE TIME IDLE PID COMMENT EXIT Jul 8 14:05 613 id=si term=0 exit=0 system boot Jul 8 14:05 run-level 2 Jul 8 14:05 last=S Jul 8 14:06 2190 id=l2 term=0 exit=0 LOGIN ttyS0 Jul 8 14:06 3245 id=T0 serveur + pts/0 Jul 8 21:14 . 5069 192.168.0.6

Merci.

[quote=“xunil2003”]J’ai remplacer root par mon adresse mail dans le fichier “/usr/local/bin/pam-notify-login” à la ligne suivant :

[…]

Dans la mesure ou j’ignore ce que tu trifouilles/tripatouilles avec les divers modules PAM …

Et, cette situation/configuration te paraissant recevable, alors ok.

Résolu …

Au plaisir …