current community

your communities

more stack exchange communities

Stack Exchange
tour help
Take the 2-minute tour ×
Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un*x-like operating systems.. It's 100% free, no registration required.
up vote 1 down vote favorite

Hi I have been trying to follow the information about pam_exec from here: Ssh login hook?

When a user log's in they get:

/etc/pam.d/email-alert.sh failed: exit code 8

My sshd file has this at the end:

session optional pam_exec.so debug seteuid /etc/pam.d/email-alert.sh

My email-alert.sh script has this,

echo 'ALERT - Remote SSH Shell Access (SERVERNAME) on:' `date` `who` | 
mail -s "Alert: Remote SSH Access from `who | 
cut -d'(' -f2 | cut -d')' -f1`" [email protected]

I have tested the script on its own and it emails me no problem.

If anyone could point me in the right direction it would be much appreciated as I've been scratching me brain's out trying to figure it out.

share|improve this question

1 Answer 1

up vote 0 down vote

First, shell scripts will return the exit status of the last command. One of the commands you're using is exiting with status 8. Second, pam_exec won't have the same environment as you do. So when run manually won't necessarily act the way it would when run as part of the pam stack (which you're experiencing).

pam_exec has several built in environment variables that will help you here. I would rewrite the script like this:

#!/bin/bash

PATH=/bin:/usr/bin
SUBJ="Alert - Remote SSH access from ${PAM_USER}"

mail -s $SUBJ << __MESSAGE__
ALERT - Remote SSH Shell Access (${HOSTNAME}) on $(date)

User ${PAM_USER} logged in from ${PAM_RHOST}

$(who)
__MESSAGE__
share|improve this answer
    
Thanks for your time and input, I tried doing as you suggested and the error did disappear, but I do not get an email. I also do not get a email if I manually run the script. Does it matter that I have been using ssmtp? I checked and mail is installed by default. Thanks. –  user175200 Apr 26 at 23:35
    
You should probably check your syslog to see what the error is. –  bahamat Apr 27 at 2:37

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.