How to send an alert when a user logs in via .htaccess?

1

0

We have vendors working remotely on our server and would like to know when they are accessing the development. It is accessible behind a username/password provided by .htaccess.

How could I detect when they logged in? Is there a way to execute a shell script to e-mail their IP address to root? Or would it be better to have a CRON job which scans the log files (access_log?) to see if an IP address outside of our LAN has logged in? Thanks!

Edward

Posted 2013-09-26T04:35:58.563

Reputation: 329

Answers

0

Install ngrep, and do something like

#!/bin/bash
while [ 1 -eq 1 ]; do
    ngrep -p -q -n 1 -W none -d eth0 "Authorization: Basic [^ ]+" port 80 | \
        while read line; do
            X=$(echo $line| sed -rn 's/.*Authorization: Basic ([^\.\[]+).*/\1/p')
            if [ ! -z "${X}" ]; then
                U=$(echo $DATA |base64 -d 2>/dev/null| cut -d: -f1)
                case "${U}" in
                    john)
                    tom)
                    dick)
                    harry) 
                        echo "Vendor ${U} login " | YOUR_ALERT_OR_MAIL_APP
                        ;;
                    *)
                        # do nothing
                        ;;
                 esac
            fi
        done
done

You could externalise the user names, or combine with AuthGroupFile or similar to only alert for users in a specific group. You can get the remote IP from the $line variable.

ngrep is at: http://ngrep.sourceforge.net/

Obviously it won't work for https, but it has the advantage of working across all vhosts regardless of logging configurations etc

Edit: improved

Nanzikambe

Posted 2013-09-26T04:35:58.563

Reputation: 627

Asked: 2013-09-26T04:35:58.563

Viewed: 331 times

Active: 2013-09-26T11:58:56.667