mail alert on SSH login

create /etc/ssh/login-notify.sh:

#!/bin/sh
# me: rwxr-xr-x root root /etc/ssh/login-notify.sh

sender="root@$(hostname)"
recepient="root"

[ "$PAM_TYPE" = "open_session" ] || exit 0
{
	echo "SSH login auf $(hostname)"
	echo "User: $PAM_USER"
	echo "Ruser: $PAM_RUSER"
	echo "Rhost: $PAM_RHOST"
	echo "Service: $PAM_SERVICE"
	echo "TTY: $PAM_TTY"
	echo "Date: $(date)"
	echo "Server: $(uname -a)"
	echo "finger:"
	echo "$(finger)"
	echo "----------------------"
} | tee -a /var/log/my_logins.log | mail -r "$sender" -s "SSH login auf $(hostname)" "$recepient"

add at the end of /etc/pam.d/sshd:

session optional pam_exec.so seteuid /etc/ssh/login-notify.sh

OSX Install USB-Stick: rename the label

For better overview on osx service sticks with multiple boot partitions

Changing the OSX Boot Stick Labels shown on boot on holding ALT:

  1. rename partition label to something like „osx 10.10 install“
  2. sudo bless -folder „/Volumes/osx 10.11 install“ -label „osx 10.11 install“

info: bless — set volume bootability and startup disk options

let’s encrypt: the https redirect problem [nginx]

let’s encrypt make HTTP requests to a domain for check the ownership.

But, if you have already HTTPS enabled and make a redirect for all HTTP requests like

if ($scheme = 'http') {
	rewrite ^ https://$server_name$request_uri? permanent;
}

then you run into a problem:

Sat Mar 5 16:31:07 CET 2016 Failed authorization procedure. blog.mameso.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://blog.mameso.com/.well-known/acme-challenge/rmKLoxxxxD7h4rxxxxF2wHexxxxLWAPGaxxxxI [213.111.221.123]: 403

So you need to exclude the HTTP reqests to „/.well-known/acme-challenge/*“:

location '/.well-known/acme-challenge' {
	break;
}
location '/' {
	if ($scheme = 'http') {
		rewrite        ^ https://$server_name$request_uri? permanent;
	}
	try_files $uri $uri/ /index.php?$args;
}

The try_files is for WordPress readable URIs.

Thats it – the next let’s crypt ssl-cert updates are running fine.

Anyone with the same problem or you have a better solution? leave a comment!