Even if it is too late when someone else logs in as root on your server, it is good to know that NOW is the time to get working on your security.
To setup email notification, login to your server as root.
Edit .bashrc
1 2 3 |
nano .bashrc |
add the following line at the end, changing “ServerName” to the hostname of your server and “email@thisaddress.com” to your own email address.
1 2 3 |
echo 'ALERT - Root Shell Access (ServerName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" email@thisaddress.com |
Save and exit.
Next time someone (hopefuly you) logs on as root, you will get an email about this.
This can be done for any user, you only have to make sure that the user can email out from your server.
mail -s “Alert: Root Access from
who | cut -d"(" -f2 | cut -d")" -f1
” myemail@mydomain.comdoesn’t seem to works
it just stuck there when i call mail
do i need additional setting for mail to work?
You need an MTA to be able to send emails, If you look at the post about MINSTALL, you can easily install Exim and use that.
If you really want to save on resources, use the Dragonfly Mail Agent (dma). It will send messages without listening on port 25, ref. http://leaf.dragonflybsd.org/cgi/web-man?command=dma§ion=8
check steve81’s squeeze repo @ LET for a .deb
Really nice, wasn’t aware of dma before.
With that you could use an external relay like google mail or something similar.
Good find 🙂
you shoult post your source next time
http://www.debian-tutorials.com/set-e-mail-alert-on-root-ssh-login
I would if I knew, the post was made from a thread on lowendtalk.com.
I’ll leave your comment here with the link to the site for you to feel better.
. . each of the email sent was treated as spam in gmail and thus block you from sending those spam alerts. . .
The reason for being marked as spam could be one of many, using a domain not listing your VPS IP as allowed to send emails. No RDNS setup for the IP. short emails with links.
Each case is different
if you mark them as “NOT SPAM” (once) they will end up in your inbox instead.