Friday, October 31, 2008

SMS Alerts on root logins

Last week I met Anuradha at Kandy and we talked about various stuff. At one time, Anuradha mentioned about this sms alerting method and how we can use that tools in our working environment. So I thought of trying it out (not in an operational server but in a testing server).

There are several ways to get an alert on your mobile phone when there has being a root login in your server. This is not for a critical server set up. There are other better alert systems for those kind of systems. But, for a small business server, home network this is a very cheep and cool solution.


Your server is a GNU/Linux (I used debian/Ubuntu distribution)

What you need :

  • A Mobile Phone with USB cable.
  • smstools package.
  • Your time.
Let's start.

Install smstools.

# apt-get install smstools

Plug in the phone with the USB cable. And get the device name.

# dmesg |grep usb

eg: You should see some thing like /dev/ttyACM0 or similar. If your phone is not detected then you have to troubleshoot that. ;-)

Now you can edit the configuration file and set up the device and baudrate.

# vim /etc/smsd.conf

#init =
device = /dev/ttyACM0
incoming = yes
#pin =
baudrate = 460800

Most of the time you don't have give modem init commands, cos modern phones have their own init commands.

Start the smstools

# /etc/init.d/smstools start

The location where your messages handled is;

$ /var/spool/sms/

There you have several directories.

checked - Messages cued for various checking, and ready to send after checking.
failed - Messages which being failed to send, and the reason for the failure is stated inside the sms
incoming - This is the place where the system stores incoming messages.
outgoing - This is where the message to be sent is stored as a text file.
sent - Messages which sent successfully.

To test your configuration, create a simple text file and put it in the outgoing directory. It should be sent in seconds to the mobile phone number specified in the text file.

Format of the message.

From : Foo
To : 9471XXXXXXX
This is the message, Testing...

If the number specified in the file gets the sms, you are ready to do the real thing. :-) Else you can always manually edit the /etc/smsd.conf or run dpkg-reconfigure smstools and set the values.

Now you want to be alerted via a sms when some one loged in as root to your server locally or remotely.

What I did was very simple. I created the text file in somewhere (/home/user/alert.txt).

From: Server1
To: xxxxxxxxx
A Root Login Detected.

Edit the bashrc file (expecting your default shell is bin/bash) and put the line showed below to get my job done.

# vim /root/.bashrc

And put the following at the end of the file.

cp /home/user/alert.txt /var/spool/sms/outgoing/


What it does is each time some one loged in as root, the text file which I created will be copied to the smstool's outgoing directory and cued. smsd will send it to the phone number I specified in the text file. And a copy of the sent message will stored in the sent directory too. If you want you can clean it later (manually or by using cron with a rm /var/spool/sms/sent/alert.txt).

You have to keep a phone attached to the server and the phone should have credit to send out going messages!!:D

Hope this help.!

1 comment:

Anonymous said...

Nice post you got here. It would be great to read more concerning that topic. Thnx for sharing this data.