Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Take iSight snapshots during invalid login attempts' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Take iSight snapshots during invalid login attempts
Authored by: corosou on Feb 25, '13 01:51:22PM

Seems a lot of people are still looking to do, so here is a very simple procedure that will get this working on Mountain Lion and can easily be modified for older versions.

***Mac OS X iSight snapshot email on failed login attempts***

This script will take a snapshot on failed login attempts, email it to my main email account, and also send a text-over-email message, letting me know someone is currently trying to login to my laptop, to my Verizon Wireless cellphone using the email address: ##########@vtext.com. If you're not on Verizon, you'll need to find what your phone's email is.

*Requirements: Gmail account to send mail with and ImageSnap (http://iharder.sourceforge.net/current/macosx/imagesnap/)

1) Download and install ImageSnap:
Copy “imagesnap” executable to /usr/local/bin

*Note: I suggest creating a new gmail account that will be used below to send mail from, so you don’t have to specify your main account password in the sasl config.

2) Append the following lines to the bottom of /etc/postfix/main.cf:
relayhost=smtp.gmail.com:587
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options=
smtp_use_tls=yes
smtp_tls_security_level=encrypt
tls_random_source=dev:/dev/urandom

Create /etc/postfix/sasl_passwd and populate following example below:
smtp.gmail.com:587 account@gmail.com:password

Then run:
postmap /etc/postfix/sasl_passwd; chmod 600 /etc/postfix/sasl_passwd*
postfix stop
postfix start

4) Enable logging failed login attempt to a separate logfile by appending the lines below to the bottom of the /etc/asl.conf file:
# Facility loginwindow gets saved in loginwindow.log
? [= Sender loginwindow] file /var/log/loginwindow.log mode=0640 format=bsd

Restart syslogd:
sudo launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist
sudo launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist

5) Create /usr/local/bin/invalid_login_snap.sh and populate following example below:
#--Begin Script--
#!/bin/bash

PATH=/usr/sbin:/sbin:/usr/local/sbin:/usr/local/bin:/var/root/bin:/opt/ActivePython-2.6/bin:/usr/sbin:/sbin:/usr/bin:/bin:/usr/X11R6/bin
export $PATH

email=username@gmail.com
cell=555858555@vtext.com

runcheck=`ps -ef|grep -v grep|grep 'tail -f /var/log/loginwindow.log' > /dev/null;echo -n $?`

if [ $runcheck != 0 ];then
nohup tail -f /var/log/loginwindow.log| awk '/The authtok is incorrect/ {system("imagesnap /var/tmp/.snap.jpg > /dev/null; cat /var/tmp/.snap.jpg\|uuencode snap.jpg\|mailx -s \"Macbook Invalid Login Attempt\" $email; echo \"Someone Is Trying To Log Into Your Macbook Check Gmail for Snapshot\" \|mailx -s \"Macbook Invalid Login Attempt\" $cell; rm -f /var/tmp/.snap.jpg")}' &
fi
#--END SCRIPT--
*Note: Be careful to copy the lines above exactly as defined, specially the “, ‘, and \ characters.

Run: chmod a+x /usr/local/bin/invalid_login_snap.sh

Edit cronjob for script to run continuously:
sudo crontab -e

And append to the bottom of the file:
* * * * * /usr/local/bin/invalid_login_snap.sh

Save and exit.

To test: Press “Ctrl-Shift-Eject” to start screensaver and wait for screen lock. Test trying to login with an invalid password, it should take a snapshot and email you the picture.

*Note: This is very raw and not very pretty looking, but it is 100% working for me, and that's all that matters. If you run into problems and can't figure it out, then you need to familiarize yourself a bit better with shell scripting.

Gluck!



[ Reply to This | # ]