[Wylug-help] Unstoppable script
Chris Davies
chris at roaima.co.uk
Sun Dec 19 21:41:01 UTC 2010
On 29/11/2010 11:28, Anne Wilson wrote:
> In a recent Linux Magazine, Charly Kühnast talked about a script that would
> email the sysadmin the moment someone logged in to the server, so quickly that
> it would be impossible to stop it. Since I've seen some attacks (thankfully
> unsuccessful so far) I'd like to try this. Two questions, then,
The place I would do this is from PAM, using the "run a script on login"
module. This doesn't require a process to run continually, as the
trigger is the login session itself.
(I do something very similar already, but in my particular case the
script is more concerned with ensuring that the user's home directory is
either created locally or NFS mounted remotely, depending on the account.)
Debian: "pam_script" goes into /etc/pam.d/common-session (and maybe into
/etc/pam.d/sudo, too):
session required pam_limits.so
session required pam_unix.so
session optional pam_script.so onerr=success
The pam_script calls /usr/share/libpam-script/pam_script_ses_open with a
number of useful environment variables.
Chris
More information about the Wylug-help
mailing list