If you want to receive a notification over XMPP everytime someone logs in to your machine, follow these steps:
- Install sendxmpp and libpam-script
- Create /usr/local/sbin/pam_script_ses_open with the following content:
#! /bin/sh
/usr/local/sbin/notify-login-over-xmpp.sh
exit 0 - Execute chmod 755 /usr/local/sbin/pam_script_ses_open as pam-script checks the permissions to ensure all processes can execute this script. We will restrict the access on the following file as the sshd process has root privileges.
- Create /usr/local/sbin/notify-login-over-xmpp.sh with the following content:
#! /bin/sh
echo "Login of user \"${PAM_USER}@$(hostname)\" from ${PAM_RHOST} over $PAM_SERVICE tty $PAM_TTY" | sendxmpp -t <Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein. > --tls-ca-path=/etc/ssl/certs/ -u <userlogin> -j <server> -p <password> -f /dev/null - Execute chmod 700 /usr/local/sbin/notify-login-over-xmpp.sh to protect your password
- If you use apparmor, add the following to /etc/apparmor.d/usr.sbin.sshd to enable the sshd to execute these scripts:
/usr/local/sbin/pam_script_ses_open rUx,
/usr/local/sbin/notify-login-over-xmpp.sh rUx, - Add the following at the end of
/etc/pam.d/sshd
:
session required pam_script.so dir=/usr/local/sbin/ onerr=success
- Check if you can still login without closing the current session as misconfiguring PAM can lock you out of your machine.