Türkce » WHM cPanel

Set an email alert on SSH root login to your server

http://forum.whmdestek.com/

Go Back   WHM/cPanel Support Platform » Türkce » WHM cPanel
 

Reply
 
LinkBack Thread Tools Display Modes
  #1  
Old 08.11.07, 20:46
CaLViN's Avatar
Sevgi güctür.
 
Join Date: Apr 2007
Location: Outta nation
Age: 32
Posts: 2,084
Rep Power: 100000
CaLViN has a reputation beyond reputeCaLViN has a reputation beyond reputeCaLViN has a reputation beyond reputeCaLViN has a reputation beyond reputeCaLViN has a reputation beyond reputeCaLViN has a reputation beyond reputeCaLViN has a reputation beyond reputeCaLViN has a reputation beyond reputeCaLViN has a reputation beyond reputeCaLViN has a reputation beyond reputeCaLViN has a reputation beyond repute
Set an email alert on SSH root login to your server

Want to be notified instantly when someone logs into your server as root? No problem, check out this nice tutorial on email notification for root logins. Keeping track of who logs into your server and when is very important, especially when you're dealing with the super user account. We recommend that you use an email address not hosted on the server your sending the alert from.

So lets get started!

1.
Login to your server and su to root, I know the irony!

2. cd /root

3. pico .bashrc

4. Scroll to the end of the file then add the following:
echo 'ALERT - Root Shell Access (YourserverName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" you@yourdomain.com

Replace YourServerName with the handle for your actual server
Replace you@yourdomain.com with your actual email address

5. Crtl + X then Y

Now logout of SSH, close the connection and log back in! You should receive an email address of the root login alert a few minutes afterwards.

Note: This is a great tool for servers that have multiple admins or if you give someone SSH access for whatever reason, although you should give out the root password to as few people as humanly possible and be sure to change it often.

This will not magically alert you when a hacker runs the latest kernel exploit on your server and logs into SSH because they will create their own SSH/telnet connection. You should keep your system up to date, install a firewall and follow the latest security releases.


Thanks to S. Leggett
__________________
1.)Lütfen destek talebinde bulunmak icin özel mesaj ile iletisime gecmeyiniz.
2.)Ücretsiz destek almak icin forum sayfalarimizi kullanmaniz ayni sorunu yasayan diger üyelerin cevaplara en kisa sürede ulasabilmesi ve sizlere yardimci olmak isteyen bizlerin ve diger üyelerimizin zaman kazanmalari acisindan cok önemlidir.
3.)Forumlarimizda sorunlarinizi anlatirken mümkün oldugunca cok detay vermeniz en kisa sürede sorununuza cözüm bulmaniz acisindan mühimdir.

Daha cok ögrenmek ve ögretmek dilegiyle..
Sevgiler..
The Platform.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



Navigasyon
Menü