Had an interesting request for/from a customer tonight – he wants to audit every time someone logs on as root to the Service Console. There are many ways of doing this, but he wanted a way that would leave no ability to erase past records. Email would seem to be the answer.
Download sendEmail – download it to your Service Console, extract it and copy the executable file of the same name to /usr/bin. Then run vi /root/.bash_profile
After the last line, input the following:
/usr/sbin/esxcfg-firewall -o 25,tcp,out,SMTPTemp && /usr/bin/sendEmail -f yourname.somedomain.tld -t alertsinbox.somedomain.tld -u "`hostname` login - `date -I`" -sSMTPServerIP&&/usr/sbin/esxcfg-firewall -c 25,tcp,out,SMTPTemp
Replace all the above bolded and italicised quotes for variables in your environment and open up the SMTP mail relay to accept SMTP traffic from the ESX hosts
All done
Leo
[...] Posted an item on Leo’s Ramblings. Auditing ESX root logins with email… [...]
[...] Third Brigade offers free security for up to 100 virtual machines Version 4 of the PowerVDI tool Go Daddy Wildcard Certificate with VI3 New VMware VI network port diagram request for comments Auditing ESX root logins with email… [...]