Root Login Email Notification

configuring your server so that when someone logs in with root or su, your server will notify you via email.

Please use an email address that is NOT hosted on your server as a hacker could merely delete the emails right off the server.

Login to your server with root

Use any editor to edit .bash_profile

At the end of the file, place the following lines:

echo ‘WARNING – Root Login detected on:’ `date` `who` | mail -s “WARNING –
Root Login: `who | awk ‘{print $6}’`” youremail@domain.com

Now anytime someone gains root access you will be notified via email.

Advertisements

One thought on “Root Login Email Notification

  1. .bash_profile is executed only for login shells. Therefore when you do “su” (without the -) the script will not run.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s