How to get the NAS to email you everytime someone logs into the CLI

From wiki
Revision as of 16:41, 31 January 2015 by imported>Johayek
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

As a very basic check on whether your admin (root) password has been compromised (or another users password) this routine will email you everytime anyone (i.e. any user) logs in to the CLI.

When someone logs in to the Command Line Interface (CLI) the synology NAS runs a file /etc/profile. We add a line to this file to run a script to send you an email everytime it is run (e.g. when someone logs in to the CLI). If you are the only one that should be logging in to your NAS at the CLI level, then if you get an email and you hadn't logged in you know something is wrong!

The scripts runs as a background shell job and therefore is hidden, hence the logged in user doesn't know it is running.

The mod[edit]

  1. Login to the CLI as root
  2. If you don't already have an email client you will need to install one. I recomend nail, see nail in A short list of the more useful 900+ ipkg packages. To install nail you will need ipkg. If you don't already have ipkg installed see ipkg in Overview on modifying the Synology Server, bootstrap, ipkg etc. After installing nail test it to make sure it is working.
  3. Create a directory on the NAS to hold your email script, e.g. "mkdir /volume1/my_scripts"
  4. Create the login.sh script, i.e. "vi login.sh" and then paste the contents of the script given below into it. Make any change and then save and exit vi.
  5. Set access rights, e.g. "chmod 755 login.sh"
  6. Edit the /etc/profile file (e.g. "vi /etc/profile") and add the line given in the example below. Save the file and close vi
  7. Finished, now test it and use the "ps" command to see when it is running

login.sh script[edit]

Below is the /volume1/my_scripts/login.sh script. This script assumes you use nail as your email client. You will need to modify it if you dont. You will also need to set your email address appropriately


#!/bin/sh

#This sub routine sends an email to say someone just logged in to the Command Line Interface

# To turn echo off so the logged in user doesn't know the script is running
# redirect stdout(1) and stderr(2) to null:
exec 1>/dev/null 2>/dev/null

#set the subject of the email
var_subject="NAS1 - A user has logged in to the CLI"

#send the email
echo "NAS1 - A user has logged in to the CLI" | /opt/bin/nail -s "$var_subject" you@youremail.com

#if the email fails nail will create a file dead.letter, test to see if it exists and if so wait 1minute and then resend

while ls "/root/dead.letter"
    do
#     echo email failed - waiting 1 minute and then re-sending
      sleep 60
      rm "/root/dead.letter"
      echo "CubeStation1 - A user has logged in to the CLI" | /opt/bin/nail -s "$var_subject" you@youremail.com
      sleep 60
done

sleep 60
exit

/etc/profile entry[edit]

Below is the line to add to the end of your /etc/profile file. by placing the sh command in brackets it forces it to run as a background task (hidding it from the person just logged in). The "&" at the end tells ash to open a foreground shell for the loged in user.


(sh /volume1/my_scripts/login.sh) &