break
1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...
Dec 10

For added security, I modified the .bashrc profile for any users that may have shell access, and added the following, so that when the user logs in, it sends out an email, letting you know that someone has logged in.

echo ‘ALERT – Root Shell Access (YourserverName) on:’ `date` `who` | mail -s “Alert: Root Access from `who | cut -d”(” -f2 | cut -d”)” -f1`” [email protected]

Of course, you need to modify¬† the (Yourservername) and [email protected] part.

This little code gets added into the .bashrc file for the user you want to report. For example, if the user logging in was named tedsite, you would add this to:

/home/tedsite/.bashrc

I was getting an error though once I tried it:

-bash: mail: command not found

This was fixed easily on the Centos system, by running the following from the command line:

yum install mailx

If you wanted to apply this to the root account, you would edit this file:

/root/.bashrc

A quick note, its best to use an email address that is not on your current server.