학습자료(~2017)/리눅스

[리눅스] HOWTO : Creating a Dynamic MOTD in Linux (로그인시 설정 화면 출력)

단세포소년 2012. 10. 22. 14:36
반응형

출처 : http://parkersamp.com/2010/10/howto-creating-a-dynamic-motd-in-linux/


An MOTD is a great way to display relevant messages to users when they connect. But what if you wish to have the MOTD display messages relevant to the specific user or system? What if you want a dynamic MOTD that you can copy to multiple servers with little to no editing of the script?

Solution

Create a custom shell script that will run once a user successfully logs into the system. There are multiple ways to create dynamic MOTDs.

The Ubuntu team had the right idea behind their update-motd service, which reads instructions from /etc/update-motd.d in a specific order (much like the rc.d script order) and then updates /etc/motd with fresh information at a regular interval. As cool as that is, it cannot feed specific information that is relevant to each user, because it is an MOTD that is shown to everyone.

I will show you the steps required to create a basic MOTD script that will completely replace the /etc/motd file.

This part is about the hardest this project will get. You must decide what information you wish to include in the new MOTD, how to present the MOTD, and what commands / code is required to deliver the final product to the screen.

Included Information

For this project, let's pretend that you are the sysadmin of a major shell provider who has multiple servers and uses limits.conf to keep users within an agreed upon process limit. Logical information to include might be the hostname, main IP address, kernel version, uptime, hardware information, and most importantly, the user's account information (proc count, session count, etc).

You must be sensitive to the fact that any commands the user isn't allowed to run from their shell cannot be used in the MOTD script. This is especially true for RBAC systems like SELinux and Grsecurity. If the user cannot run "uptime", the script cannot run "uptime".

MOTD Presentation

Having a presentable MOTD is important. You should design a look that isn't cramped, is easy to read, and has relevant information such as maintenance notifications or frequently used commands.

A good method to use for the design creation is to create a temporary file on the system using an editor such as nano that you can dump information into. Most people like to create boxes, which hold the information, with symbols such as + or =.

Another thing to consider is a logo made from ASCII. Some people, such as myself, choose to use the system hostname while others might choose a company name. Network Science has one of the most commonly used ASCII generators.

The presentation is up to you and there is no right or wrong way to do it. You may find a real world sample of my dynamic MOTD later in this guide.

Writing the MOTD Script

Once you have the design ready to go, you may login as root and edit /usr/local/bin/dynmotd .

At the top of the file, include the following lines:

Edit: /usr/local/bin/dynmotd
1
2
3
#!/bin/bash
 
echo -e "

After the echo statement, paste your MOTD design template that you have created earlier in this guide. If you have incorporated ASCII art into the MOTD, be careful of any ` (grave, U+0060) characters, as these will need to be escaped with a backslash. Example: `

You may now go back and edit all of the necessary areas and fill the commands in. You may tell the script to run outside commands by inserting a command between two grave characters. Example: `uptime`

Any special scripts or calculations that need to be done before the MOTD file is displayed may be placed on new lines between "#!/bin/bash" and "echo -e".

You should run "chmod +x /usr/local/bin/dynmotd" and test the script out multiple times before deploying it.

The script I created for my server is below:

**NOTE: I have stripped all color codes from this example in order to make it readable. If you wish to add color codes, consult the "Colorization" section of this Funtoo guide.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#!/bin/bash
 
PROCCOUNT=`ps -l | wc -l`
PROCCOUNT=`expr $PROCCOUNT - 4`
 
if [[ $(groups) == *irc* ]]; then
ENDPROC=`cat /etc/security/limits.conf | grep "@irc" | grep nproc | awk {'print $4'}`
ENDSESSION=`cat /etc/security/limits.conf | grep "@irc" | grep maxlogins | awk {'print $4'}`
PRIVLAGED="IRC Account"
else
ENDPROC=`cat /etc/security/limits.conf | grep "*" | grep nproc | awk {'print $4'}`
ENDSESSION="Unlimited"
PRIVLAGED="Regular User"
fi
 
echo -e " _ _
| (_)
| |_ _ __  _   ___  ____      ____ _ _ __ ____
| | | '_ | | |  / /  / / / _` | '__|_  /
| | | | | | |_| |>  <   V  V / (_| | |   / /
|_|_|_| |_|__,_/_/_  _/_/ __,_|_|  /___| .com
 
+++++++++++++++++: System Data :+++++++++++++++++++
+ Hostname = `hostname`
+ Address = 204.93.192.11
+ Kernel = `uname -r`
+ Uptime = `uptime | sed 's/.*up ([^,]*), .*/1/'`
+ CPU = 4x Intel(R) Xeon(R) E5620 @ 2.40GHz
+ Memory = `cat /proc/meminfo | grep MemTotal | awk {'print $2'}` kB
++++++++++++++++++: User Data :++++++++++++++++++++
+ Username = `whoami`
+ Privlages = $PRIVLAGED
+ Sessions = `who | grep $USER | wc -l` of $ENDSESSION MAX
+ Processes = $PROCCOUNT of $ENDPROC MAX
+++++++++++++: Helpful Information :+++++++++++++++
+ vhosts = List valid RDNS on IPv6 subnet
+ irssi = IRC client, -h to use vhosts
+ Box Admin = Linuxwarz @ EFnet
+++++++++++: Maintenance Information :+++++++++++++
+ `cat /etc/motd-maint`
+++++++++++++++++++++++++++++++++++++++++++++++++++
"

A couple people have asked me to post the colored version. You'll see why I didn't:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#!/bin/bash
 
PROCCOUNT=`ps -Afl | wc -l`
PROCCOUNT=`expr $PROCCOUNT - 5`
GROUPZ=`groups`
 
if [[ $GROUPZ == *irc* ]]; then
ENDSESSION=`cat /etc/security/limits.conf | grep "@irc" | grep maxlogins | awk {'print $4'}`
PRIVLAGED="IRC Account"
else
ENDSESSION="Unlimited"
PRIVLAGED="Regular User"
fi
 
echo -e "\033[1;32m _ _
| (_)
| |_ _ __  _   ___  ____      ____ _ _ __ ____
| | | '_ | | |  / /  / / / _` | '__|_  /
| | | | | | |_| |>  <   V  V / (_| | |   / /
|_|_|_| |_|__,_/_/_  _/_/ __,_|_|  /___| .com
 
\033[0;35m+++++++++++++++++: \033[0;37mSystem Data\033[0;35m :+++++++++++++++++++
+  \033[0;37mHostname \033[0;35m= \033[1;32m`hostname`
\033[0;35m+   \033[0;37mAddress \033[0;35m= \033[1;32m204.93.222.167
\033[0;35m+    \033[0;37mKernel \033[0;35m= \033[1;32m`uname -r`
\033[0;35m+    \033[0;37mUptime \033[0;35m= \033[1;32m`uptime | sed 's/.*up ([^,]*), .*/1/'`
\033[0;35m+       \033[0;37mCPU \033[0;35m= \033[1;32m4x Intel(R) Xeon(R) E5620 @ 2.40GHz
\033[0;35m+    \033[0;37mMemory \033[0;35m= \033[1;32m`cat /proc/meminfo | grep MemTotal | awk {'print $2'}` kB
\033[0;35m++++++++++++++++++: \033[0;37mUser Data\033[0;35m :++++++++++++++++++++
+  \033[0;37mUsername \033[0;35m= \033[1;32m`whoami`
\033[0;35m+ \033[0;37mPrivlages \033[0;35m= \033[1;32m$PRIVLAGED
\033[0;35m+  \033[0;37mSessions \033[0;35m= \033[1;32m`who | grep $USER | wc -l` of $ENDSESSION MAX
\033[0;35m+ \033[0;37mProcesses \033[0;35m= \033[1;32m$PROCCOUNT of `ulimit -u` MAX
\033[0;35m+++++++++++++: \033[0;37mHelpful Information\033[0;35m :+++++++++++++++
+    \033[0;37mvhosts \033[0;35m= \033[1;32mList valid RDNS on IPv6 subnet
\033[0;35m+     \033[0;37mirssi \033[0;35m= \033[1;32mIRC client, -h to use vhosts
\033[0;35m+ \033[0;37mBox Admin \033[0;35m= \033[1;32mLinuxwarz @ EFnet
\033[0;35m+++++++++++: \033[0;31mMaintenance Information\033[0;35m :+++++++++++++
+\033[0;31m `cat /etc/motd-maint`
\033[0;35m+++++++++++++++++++++++++++++++++++++++++++++++++++
"

And its output:

After viewing my example, you have probably noticed I have made calls to a static MOTD file known as /etc/motd-maint . This is a good way to push static information that you want to change without modifying the script. As my example shows, /etc/motd-maint currently contains "Nothing to report!". This file has nothing special inside it and only contains that message with no color codes attached.

My script is not without caveats. I have noticed it does display 4 excess processes at login and part of that is from the script executing itself with the "ps" command. For those of you limiting processes, you will need to watch out since the user will need some free to complete the script.

If the user doesn't have the free processes to run the entire script, they will only be greeted with a simple fork error that is completely harmless. Finally, due to my security settings, users cannot get output from ifconfig. Because of this, I have entered the main IP into the script by hand.

The second thing you will notice is that process, session, and account type reporting rely on you setting up account levels in /etc/security/limits.conf and putting a name to a face. This is my method of doing things and I am sure multiple methods exist.

Disabling MOTD

Disabling /etc/motd is actually rather easy and takes three steps.

First, make the sshd_config modifications as seen below:

Modify: /etc/ssh/sshd_config
1
PrintMotd no

Next, restart the sshd daemon. This command will vary between distributions. Consult your distributions website for further details. Two popular commands are: "/etc/init.d/sshd restart" and "service sshd restart".

Finally, modify PAM to prevent showing the MOTD after a successful login. Search for, and comment out, the line below:

Modify: /etc/pam.d/login
1
#session    optional   pam_motd.so

Note: Some distributions might use other files in pam.d to display the MOTD. Gentoo, for example, has been known to use either "login" or "system-login". Ubuntu seems to handle the MOTD in both "login" and "sshd" files. If you cannot get the MOTD to stop displaying by commenting it out in one pam.d configuration file, multiple configuration files may require the edit.

Installing the New Script

In order to start using the new dynamic MOTD script, you will need to make it executable. Running "chmod +x /usr/local/bin/dynmotd" will do the trick, if you've not done so already.

Append the following line to the end of /etc/profile:

Modify: /etc/profile
1
/usr/local/bin/dynmotd

You have now replaced /etc/motd with a dynamic MOTD! Each time a user logs in through either the console or SSH, they will be greeted by this script.

Dynamic MOTD scripts are very popular and I am still trying out the dynamic MOTD on my server. So far I have had no issues or complaints and the script looks beautiful. If you have a strict security setup, I would probably suggest looking into Ubuntu's update-motd script, as it has been licensed for use in any system.

ASCII Generator

Escape Sequences and Color Chart

Ubuntu update-motd

반응형