For added security, I modified the .bashrc profile for any users that may have shell access, and added the following, so that when the user logs in, it sends out an email, letting you know that someone has logged in.
echo ‘ALERT – Root Shell Access (YourserverName) on:’ `date` `who` | mail -s “Alert: Root Access from `who | cut -d”(” -f2 | cut -d”)” -f1`” firstname.lastname@example.org
Of course, you need to modify the (Yourservername) and email@example.com part.
This little code gets added into the .bashrc file for the user you want to report. For example, if the user logging in was named tedsite, you would add this to:
I was getting an error though once I tried it:
-bash: mail: command not found
This was fixed easily on the Centos system, by running the following from the command line:
yum install mailx
If you wanted to apply this to the root account, you would edit this file:
A quick note, its best to use an email address that is not on your current server.