WebHostGear.com - the hosting resource for professionalshosting tutorials hosting howto webhost guide server managementJuly 25, 2008
server management, apache tutorials, hosting tutorials, cpanel, server security
Home | Blog | Hosting Forums | Most Popular | Top Rated | Search | RSS Syndicate | Contact Us | Site Map

Advanced Search
Search Forums

Categories:
Hire an ExpertHire an Expert
Hosting BlogBlog
ArticlesArticles
Hosting TutorialsHosting Tutorials
cPanel TutorialscPanel Tutorials
Server SecurityServer Security
InterviewsInterviews
ReviewsReviews
Web Host NewsWeb Hosting News
ForumsHosting Forums
ProjectsProjects

Special Offer:

Site Related:
Submit hosting articleSubmit Article
AdvertiseAdvertise
About UsAbout Us
WebhostGear PartnersPartners
SyndicateRSS Syndicate
Write for usWrite for us
Recommend UsRecommend Us
DisclaimerDisclaimer
Contact UsContact Us
Site MapSite Map

Free Newsletter:

Subscribe to our free newsletter and receive, tutorials, reviews and more all related to the hosting industry.
E-mail Address:

First Name:



$50 OFF Coupon for Dedicated and VPS Servers

cPanel Dedicated Servers 		Home / Hosting Tutorials / Server Security / E-mail Alert on Root SSH Login

E-mail Alert on Root SSH Login



Printer Friendly Printer Friendly Send to a friend Send to a friend
By : ramprage Rating : Average Rating : 7.86 From 50 Voter(s)

Want to be notified instantly when someone logs into your server as root? No problem, check out this nice tutorial on email notification for root logins. Keeping track of who logs into your server and when is very important, especially when you're dealing with the super user account. We recommend that you use an email address not hosted on the server your sending the alert from.

So lets get started!

1. Login to your server and su to root, I know the irony!

2. cd /root

3. pico .bashrc

4. Scroll to the end of the file then add the following:
echo 'ALERT - Root Shell Access (YourserverName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" you@yourdomain.com

Replace YourServerName with the handle for your actual server
Replace you@yourdomain.com with your actual email address

5. Crtl + X  then Y

Now logout of SSH, close the connection and log back in! You should receive an email address of the root login alert a few minutes afterwards.
Article provided by WebHostGear.com
Note: This is a great tool for servers that have multiple admins or if you give someone SSH access for whatever reason, although you should give out the root password to as few people as humanly possible and be sure to change it often.

Article provided by WebHostGear.com

This will not magically alert you when a hacker runs the latest kernel exploit on your server and logs into SSH because they will create their own SSH/telnet connection. You should keep your system up to date, install a firewall and follow the latest security releases.

New! - Need server help? Hire an Expert

Get professional help with your configuration, script installation or server issue.
Learn how we can help you with any server problem and make your server run like new. Professional staff will contact you, after submitting a quote request, by phone or email.

Rate this Article :

1
2
3
4
5
6
7
8
9
10
Poor Excellent

Related Articles


» Force (SSL) secure logins in WHM and Cpanel
» Disable Direct Root Logins


Discuss this article with others in our new hosting forums

Comments / Feedback

Edward
Loved it worked like a charm, but I had to make the entire code into one line instead of a 3 line code not sure why.
Chris
I am trying to do this but get a mail command not found when I login after doing this. cpanel/RH9 Any ideas what I might be doing wrong?
C0NIk
it's cool one but sometime dont work with the Red Hat Entrprise 3 so if it didnt work it will be easy to install LogWatch
Jimmy B Silva II
Make sure you put in a single line like Edward did. It should work for Red Hat Enterprise 3
jad madi
use echo -n for better so none will notice that there is a monitoring for login
JLChafardet
It worked like charm on my RHEL ES3 box, will see if it sends mails every root try.

any way it is most recomended that you forbid direct root logins.
Holoken
If the attacker's clever then it won't work. Instead of logging in like Joe Admin would, he'll tell ssh to execute the following command: "ssh user@example.com /bin/bash --noprofile --norc". This'll bypass the mail-sending script in /root/.bashrc, and we'll be none the wiser.

Put it instead in /root/.ssh/rc which is executed before any command (including any login shell) is run. This way the attacker's login will not go undetected even if he uses the above method to get in.
Arif Kanji
Awesome!
How do u code to get alerts only for users who have entered incorrect username and/or password?

Thanx
Clayton
Hi,
I couldn't see .bashrc anywhere in my /root what should i do.

Thanks
Regards,
CEO NightShells.NeT
BitSurFer
somthing wrong!!
when i login i get this error
----------------------------
cut: you must specify a list of bytes, characters, or fields
Try `cut --help' for more information.
-bash: -f1: command not found
----------------------------
Dave
BitSurFer,

Try replacing:
`who | cut -d"(" -f2 | cut -d")" -f1`

with:
`whoami`

It should do the same thing.
JACOB
I CAN'T SEE WHERE IT IS WRITTEN - "echo 'ALERT - Root Shell Access (YourserverName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" you@yourdomain.com"

Phil
For FreeBSD users, edit the /root/.cshrc file and add the line as follows:

echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `whoami`" yourname@your.email

This should all be one line and should probably be added to the end of the file.


 Add Comment
Name
Email
Image Code
Refresh Image
Comments / Feedback



Web Hosting News RSS ?


WebHostGear Hire an Expert - NEW!
Let us improve your servers performance, find that spammer and take care of that kernel upgrade. Hire us to help with any tutorials listed on the site or any other services needed. Get your free, NO obligation quote now

Our site offers free hosting tutorials, cpanel tutorial, web hosting news, shell commands, running a web hosting business, dedicated guides, linux tutorial, apache install, home web server, web server guide, ssh commands, dedicated servers, DNS nameservers, chkrootkit, apf firewall, exim configuration, server compromised, cron backup solution, ftp backup script

Server Tutorials


WebHostGear Reviewed by Ping Zine - Click here

Special Offer:


Links:
cPanel server administration

MidPhase Coupons

Reseller Hosting

Reseller Hosting FAQ

Icon

Web Hosting

Datacenter Discussion Forum

Lunarpages Coupon

Hosting Coupon



WebhostGear Sponsors
Copyright © 2003-2006 WebHostGear.com - A Wave Point Media property.
Going Up Advertise Hosting Free Uptime Check Web Hosting Chat Icons Banners Mall