Digital Journal » Network http://digitaljournal.sg/wp My Digital Journal Mon, 20 Oct 2014 00:32:27 +0000 en-US hourly 1 http://wordpress.org/?v=3.4.2 Send email notification on successful ssh login using ssmtp http://digitaljournal.sg/wp/?p=133 http://digitaljournal.sg/wp/?p=133#comments Thu, 15 Nov 2012 01:33:06 +0000 admin http://digitaljournal.sg/wp/?p=133 Sometime i wants to know who is login and when user login to my server  but i don’t want to setup and run my own mail server, this can be done easily by using tcpwrapper and ssmtp , first make sure ssmtp is installed

# dpkg -l|grep ssmtp
iF  ssmtp                                  2.64-4fakesync1                                 extremely simple MTA to get mail off the sys

 

if ssmtp is not installed yet, install it by using

# apt-get install ssmtp

 

If you are using Gmail account , change the root, authuser, and authpass options to the email address, username, and password of your email account. If you’re using another mail service you’ll need to change mailhub to the relevant SMTP server.

edit /etc/ssmtp/ssmtp.conf and add these lines

--------------------------------------------
root=alert@example.com
mailhub=smtp.example.com:587
rewriteDomain=
hostname=smtp.example.com:587
UseSTARTTLS=YES
UseTLS=YES
AuthUser=alert@example.com
AuthPass=password
AuthMethod=LOGIN
FromLineOverride=YES # optional
--------------------------------------------

 

Change the ‘From’ text by editing /etc/passwd to receive mail from ‘root@server1.example.com’ instead of just ‘root’.
# chfn -f root@server1.example.com root

edit /etc/ssmtp/revaliases and add this line or add more line for another user
--------------------------------------------
# sSMTP aliases
#
# Format:    local_account:outgoing_address:mailhub
#
# Example: root:your_login@your.domain:mailhub.your.domain[:port]
# where [:port] is an optional port number that defaults to 25.
root:alert@example.com:smtp.example.com:587
--------------------------------------------

to test it

# echo “test send email using ssmtp|mail -s “TEST” alert@example.com

 

once you are able to receive that test message, proceed to edit /etc/hosts.allow and add these 2 lines, so you will be notified if someone login to your sever

--------------------------------------------
SSHD: ALL: spawn (/bin/echo "SSH connection to %H from %h[%a]" | \
/usr/bin/mail -s "SSH Login Alert [server1.example.com]" alert@example.com)
--------------------------------------------

 

 

]]> http://digitaljournal.sg/wp/?feed=rss2&p=133 0 ip_conntrack: table full, dropping packet http://digitaljournal.sg/wp/?p=119 http://digitaljournal.sg/wp/?p=119#comments Thu, 25 Oct 2012 09:31:39 +0000 admin http://digitaljournal.sg/wp/?p=119 Today i found this message in one of my server, although the server’s load is quite low. using dmesg , i kept getting this, and it kept coming
ip_conntrack: table full, dropping packet

I’d seen this message before, but I headed over to Red Hat’s site for more details. Generally, the ip_conntrack_max is set to the total MB of RAM installed multiplied by 16. However, this server had 4GB of RAM, but ip_conntrack_max was set to 65536:

# cat /proc/sys/net/ipv4/ip_conntrack_max
65536

 

If you want to check your server’s current tracked connections, just run the following:

# cat /proc/sys/net/ipv4/netfilter/ip_conntrack_count

 

If you want to adjust it, just run the following as root:
# echo 131072 > /proc/sys/net/ipv4/ip_conntrack_max

 

If you want to find out how many sessions are open right now:
# wc -l /proc/net/ip_conntrack

]]> http://digitaljournal.sg/wp/?feed=rss2&p=119 0