How to be Alerted via Email upon Root Access

From ReduxWiki

Jump to: navigation, search
This simple yet very useful hack will let you know each time someone gains root shell access on your server; this is a good idea to do, as this setup can let you know very quickly if your machine has been compromised.

Edit .bash_profile with your favorite editor. At the end of this file, include the following. 

echo 'WARNING - Root Shell Access on:' `date` `who` | mail -s "Warning: Root Access from `who | awk '{print $6}'`"
off-site@address.tld

Image:Button ok.png Make sure that the e-mail address you use is not hosted on the server, as if it was, a hacker could simply delete the email. If it's offsite, the email will be sent before the hacker is even able to gain access.

Image:Important.png This will only work if the user that gains root launches the bash prompt.



Image:Tip.png Back to How To Documents
Retrieved from "http://wiki.networkredux.com/index.php/How_to_be_Alerted_via_Email_upon_Root_Access"
Personal tools
Getting Started