Root Login Email Notification

configuring your server so that when someone logs in with root or su, your server will notify you via email.

Please use an email address that is NOT hosted on your server as a hacker could merely delete the emails right off the server.

Login to your server with root

Use any editor to edit .bash_profile

At the end of the file, place the following lines:

echo ‘WARNING – Root Login detected on:’ `date` `who` | mail -s “WARNING –
Root Login: `who | awk ‘{print $6}’`”

Now anytime someone gains root access you will be notified via email.


One thought on “Root Login Email Notification

  1. .bash_profile is executed only for login shells. Therefore when you do “su” (without the -) the script will not run.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s