Results 1 to 11 of 11
-
06-08-2009, 02:01 AM #1Junior Guru Wannabe
- Join Date
- Jun 2009
- Posts
- 46
how to automatically send email when someon login server via ROOT?
Hi guys,
I want to have an email alert everytime someone login into my server using ROOT user.
The server is based on Linux system.
Cheers,
toby
-
06-08-2009, 02:15 AM #2Junior Guru
- Join Date
- Jun 2009
- Location
- Kochi,India
- Posts
- 179
E-mail Alert on Root SSH Login
1.Login to the server via SSH using root
2. cd /root
3. vi .bash_profile
4.At the end of the file add the following line:
echo 'ALERT - Root Shell Access (YourserverName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" you@yourdomain.com
Replace you@yourdomain.com with your actual email address
Now logout of SSH, close the connection and log back in! You should receive an email address of the root login alert a few minutes afterwards.
-
06-08-2009, 02:36 AM #3Web Hosting Master
- Join Date
- Oct 2006
- Location
- /usr/src/linux/
- Posts
- 700
Instead of
Code:`who | cut -d"(" -f2 | cut -d")" -f1`
Code:$SSH_CLIENT
█ VPSnoc.com offers high quality Xen® OpenVZ & Windows® Virtual Private Servers at affordable prices.
█ 99.95% Uptime | 24/7/365 Support | Unmetered bandwidth.
█ Follow us: twitter.com/VPSnoc
-
06-08-2009, 02:52 AM #4Junior Guru Wannabe
- Join Date
- Jun 2009
- Posts
- 46
sorry guys, what does YourServerName means? what name should I use??
by the way, if I type the above command wrongly, will there be any bad impact on my server? i.e. will my server crash?
I'm newbie
-
06-08-2009, 03:15 AM #5Junior Guru
- Join Date
- Jun 2009
- Location
- Kochi,India
- Posts
- 179
[root@localhost ~]# hostname
server1.domain.com
Here server1.domain.com is the name of the server. Like that check your servername with the command hostname. Also this code won't create any problem to your server.Last edited by Rekhatitus; 06-08-2009 at 03:15 AM. Reason: crrection
-
06-08-2009, 04:00 AM #6New Member
- Join Date
- Mar 2008
- Posts
- 1
You can use this firewall....
ConfigServer Security&Firewall
It helps to set alerts for numerous security issues...
-
06-09-2009, 05:46 AM #7Junior Guru Wannabe
- Join Date
- Apr 2009
- Posts
- 35
I had this script before and it worked but for some reasons it is a long time it is not working any more
any body know what can interfere?
did not change any thing
-
06-09-2009, 08:26 AM #8Junior Guru Wannabe
- Join Date
- Apr 2009
- Posts
- 35
bump ! please see the above
what can cause this I do not receive any email alert any more eventhough I used to receive email and I did not change the line
can other firewalls or any other setting interfere with that?
-
06-09-2009, 09:04 AM #9Disabled
- Join Date
- Mar 2009
- Location
- Israel
- Posts
- 1,212
anything to show us from /var/log/maillog
?
:-)
-
06-09-2009, 11:17 AM #10Junior Guru Wannabe
- Join Date
- Apr 2009
- Posts
- 35
Dear this is what you want?
Code:Jun 7 04:35:22 server dovecot[1870]: pop3-login: Disconnected (no auth attempts): rip=84.74.735.96, lip=261.159.17.520 Jun 7 20:03:43 server dovecot[12870]: pop3-login: Disconnected (no auth attempts): rip=74.53.235.98, lip=261.159.17.520 Jun 7 20:47:09 server dovecot[12870]: pop3-login: Disconnected (no auth attempts): rip=74.53.235.98, lip=261.159.17.520 Jun 7 21:59:58 server spamd[2988]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42570 Jun 7 21:59:58 server spamd[2988]: spamd: setuid to george succeeded Jun 7 21:59:58 server spamd[2988]: spamd: processing message <53b412d1ff54e8138db90699711b3b16@localhost.localdomain> for george:503 Jun 7 22:00:02 server spamd[2988]: spamd: clean message (5.9/10.0) for george:502 in 3.8 seconds, 5254 bytes. Jun 7 22:00:02 server spamd[2988]: spamd: result: . 5 - AWL,DNS_FROM_AHBL_RHSBL,DNS_FROM_OPENWHOIS,HTML_IMAGE_ONLY_24,HTML_MESSAGE,RCVD_IN_SSC_TRUSTED_COI,URIBL_JP_SURBL scantime=3.8,size=5254,user=george,uid=502,required_score=10.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42570,mid=<53b412d1ff5yeyey9971y16@localhost.localdomain>,autolearn=no Jun 7 22:00:02 server spamd[2761]: prefork: child states: II Jun 7 22:05:12 server dovecot[12870]: pop3-login: Disconnected (no auth attempts): rip=74.53.235.98, lip=261.159.17.520 Jun 7 22:50:59 server dovecot[12870]: pop3-login: Disconnected (no auth attempts): rip=74.53.235.98, lip=261.159.17.520 Jun 7 23:41:16 server dovecot[12870]: pop3-login: Disconnected (no auth attempts): rip=74.53.235.98, lip=261.159.17.520 Jun 8 15:01:45 server dovecot[12870]: pop3-login: Disconnected (no auth attempts): rip=222.231.57.141, lip=261.159.17.520 Jun 8 15:01:45 server dovecot[12870]: pop3-login: Disconnected (no auth attempts): rip=222.231.57.141, lip=221.139.14.122 Jun 8 15:01:45 server dovecot[12870]: pop3-login: Disconnected (no auth attempts): rip=222.231.57.141, lip=241.135.14.123 Jun 8 20:07:51 server spamd[2988]: spamd: connection from localhost.localdomain [127.0.0.1] at port 42938 Jun 8 20:07:51 server spamd[2988]: spamd: setuid to george succeeded Jun 8 20:07:51 server spamd[2988]: spamd: processing message <694c01c3495$yeyed9a8825yy0$6a38093a@SALE2-08> for george:502 Jun 8 20:07:56 server spamd[2988]: spamd: identified spam (26.3/10.0) for george:502 in 4.5 seconds, 13360 bytes. Jun 8 20:07:56 server spamd[2988]: spamd: result: Y 26 - DATE_IN_FUTURE_03_06,DNS_FROM_AHBL_RHSBL,DNS_FROM_OPENWHOIS,DYN_RDNS_SHORT_HELO_HTML,HS_INDEX_PARAM,HTML_MESSAGE,L_SPAM_TOOL_13,MIME_HTML_ONLY,RATWARE_MS_HASH,RATWARE_OUTLOOK_NONAME,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RCVD_IN_SSC_TRUSTED_COI,RCVD_IN_XBL,RDNS_DYNAMIC,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_WS_SURBL scantime=4.5,size=13360,user=george,uid=502,required_score=10.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42938,mid=<694c05333d9a88tee0$tee3a@SALE2-08>,autolearn=spam Jun 8 20:07:56 server spamd[2761]: prefork: child states: II
-
06-09-2009, 04:58 PM #11Junior Guru Wannabe
- Join Date
- Mar 2009
- Location
- Near You..
- Posts
- 81
If you have any software firewall (csf/apf) installed in the server, this can be easily configured.