Thursday, December 2, 2010

Email alert on Root Login

This will allow you to be notified instantly via email whenever someone logs into your server as root.

ssh into your server

su to root

sudo -i

or su -

cd to /root

cd /root

edit your .bashrc file

vim .bashrc

add the following to the end of the file

echo 'ALERT - Root Shell Access (YourserverName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" you@yourdomain.com

Replace YourServerName with the name of your server.

Replace you@yourdomain.com with the email address you want the alerts sent to.

:x to save and exit

logout from your server, close the connection and log back in.

You will receive an email alert of the root login after a few minutes.

at 10:46 PM

1 comment:

Jason said...

Great post, thank you for this. I always look to blogs to help me solve my problems. This is really a useful tip for getting alerted anytime a user logs in as root.

April 19, 2011 at 6:43 AM

Post a Comment

Subscribe to: Post Comments (Atom)