shwatchr is a small Perl script that audits logins to shell accounts on Linux/*NIX machines that originate from arbitrary hosts on the Internet. When a successful login occurs and a shell is spawned, shwatchr is executed from the shell rc file and compares the host from which the login originates against a list of known/allowed hosts. If a match is not found then shwatchr can be configured to either send an email to a separate alert email address that contains the time and host from which the login took place or issue a warning and proceed to kill all user shells. shwatchr does not require root to execute and hence users can have some measure of knowledge and security over who is logging into their accounts even if they can't modify firewall or tcpwrapper rulesets, or look at system logs.
|Operating Systems||POSIX Linux|
No changes have been submitted for this release.