The Planet Forums > Send an e-mail whenever someone logs in as root -- from securing the server checklist

Full Version: Send an e-mail whenever someone logs in as root -- from securing the server checklist

The Planet Forums > Control Panels > cPanel/WHM

Vatoloco

Dec 11 2004, 02:53 AM

I went through this post and followed all the advice in it to secure my server:
http://forums.cpanel.net/showthread.php?t=14443

I have a question about the part where it alerts you if there is a root login though. What I've noticed is that when you login as root using "su" instead of "su -" there is no e-mail sent. What would I have to do to get it to send an alert e-mail for both?

Have the server e-mail everytime someone logs in as root:

CODE
- Edit the .bash_profile in the users directory ( in this case /root)

commands:

su -

cd (just cd, nothing else)

pico .bash_profile

And put this at the very end:

echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access on Server #1" [email]webmaster@XXXXXXX.com[/email]

Advice from freddo:
Make sure the email address you send to also forwards to an off-server email address. This way the hacker cannot delete the warning email (without hacking another server anyway).

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.