23 lines
651 B
Bash
Executable File
23 lines
651 B
Bash
Executable File
#!/bin/bash
|
|
|
|
doas tail -fn0 /var/log/audit/audit.log | while read -r line; do
|
|
|
|
key=$(echo "$line" | grep -oP '(?<=key=").*?(?=")')
|
|
exe=$(echo "$line" | grep -oP '(?<=exe=").*?(?=")')
|
|
pid=$(echo "$line" | awk -F'ppid=[0-9]+ pid=' '{print $2}' | awk -F' ' '{print $1}')
|
|
username=$(echo "$line" | grep -oP '(?<=EUID=").+?(?=")')
|
|
|
|
if [ "$key" = "ssh-key-read" ]
|
|
then
|
|
SUBJECT="SSH Key accessed!"
|
|
MESSAGE="exec=$exe\nuser=$username\npid=$pid"
|
|
|
|
if [ "$exe" = "/usr/bin/scp" ] || [ "$exe" = "/usr/bin/ssh" ]
|
|
then
|
|
notify-send "$SUBJECT" "$MESSAGE"
|
|
else
|
|
notify-send -u critical "$SUBJECT" "$MESSAGE"
|
|
fi
|
|
fi
|
|
done
|