We can able to track whenever someone logs into root via SSH.
First login to your Server and goto "/root/" directory
[root@iitb-st ~]# cd /root/
[root@iitb-st ~]# vim .bashrc
First login to your Server and goto "/root/" directory
[root@iitb-st ~]# cd /root/
[root@iitb-st ~]# vim .bashrc
go to last line and add below command
echo 'ALERT - Root Shell Access (Server Name) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" server@manivel.com
:wq
Note:
Server Name --> Your server name
server@manivel.com --> Your mail id
Now logout of SSH and login back.You should receive an email address of the root login alerts.
No comments:
Post a Comment