Find the answer to your Linux question:
Results 1 to 6 of 6
I am looking for something that will notify me by email everytime someone login as root. I have found this script to put in bash file of root. But it ...
  1. 10-31-2011 #1
    Blisk
    Blisk is offline
    Just Joined!
    Join Date
    Feb 2007
    Posts
    15

    root access by email

    I am looking for something that will notify me by email everytime someone login as root. I have found this script to put in bash file of root. But it doesn't send the IP of person which is logged in as root.
    Even that I have read, that there is other ways where can someone pass through to root access and script won't send an email.

    Is there more relaible way to get notification by email, tha this below?

    1. Login to your server and su to root!

    2. cd /root

    3. pico .bashrc

    4. Scroll to the end of the file then add the following:
    echo 'ALERT - Root Shell Access (YourserverName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" you(at)yourdomain.com
    Reply With Quote Reply With Quote
  2. 10-31-2011 #2
    reginaldperrin
    reginaldperrin is offline
    Just Joined! reginaldperrin's Avatar
    Join Date
    Oct 2010
    Posts
    66
    A solution that I can think of involves monitoring of logs.
    Presumable your system has logging activated, and it logs to a seperate machine?
    You 'simply' ensure that login events are included in the list of things to log, and have a script that looks at the log in question:
    if log entry == root login event;
    then send email;
    endif;

    Sounds simple (and at the same time complicated) I know, but if someone can login as root to an individual machine, then they can do anything, including deleting all traces of their having been there.
    Unless of course it is logged to a seperate machine, one to which they cannot have access.

    Hope this helps.
    Reply With Quote Reply With Quote
  3. 11-03-2011 #3
    alf55
    alf55 is offline
    Linux User
    Join Date
    Jan 2005
    Location
    Saint Paul, MN
    Posts
    262
    Quote Originally Posted by Blisk View Post
    I am looking for something that will notify me by email everytime someone login as root. I have found this script to put in bash file of root. But it doesn't send the IP of person which is logged in as root.
    Even that I have read, that there is other ways where can someone pass through to root access and script won't send an email.

    Is there more reliable way to get notification by email, that this below?

    1. Login to your server and su to root!

    2. cd /root

    3. pico .bashrc

    4. Scroll to the end of the file then add the following:
    echo 'ALERT - Root Shell Access (YourserverName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" you(at)yourdomain.com
    Using "who am i" rather than "who"
    Code:
    echo 'ALERT - Root Shell Access (YourserverName) on:' `date` `who am i` | mail -s "Alert: Root Access from `who am i1" you@yourdomain.com
    Reply With Quote Reply With Quote
  4. 11-03-2011 #4
    kurtdriver
    kurtdriver is offline
    Linux Newbie
    Join Date
    Oct 2008
    Posts
    140
    Just wanted to point out that whoami has no spaces.
    Reply With Quote Reply With Quote
  5. 11-04-2011 #5
    alf55
    alf55 is offline
    Linux User
    Join Date
    Jan 2005
    Location
    Saint Paul, MN
    Posts
    262
    It is the "who" command with two arguments "am" and "i" which is what I wrote not the command "whoami".
    Reply With Quote Reply With Quote
  6. 11-04-2011 #6
    kurtdriver
    kurtdriver is offline
    Linux Newbie
    Join Date
    Oct 2008
    Posts
    140
    I stand corrected, I had no idea that would work, but it does.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

...