To enable server to automatically send a notification email to predefined email address every time someone logs in as root to the host. To configure the automatic email alert notification to a default email address on each incident of root logon on the server.
- Update the Server : - apt-get update
- Install Optional (apt-get install mailutils)
- Install mailx client :- apt-get install bsd-mailx
During the installation Its ask for selecting following features “Postfix Configuration and Package Configuration” (Leave its as Default)
- Login as root user and go to root’s home directory by typing cd /root command.
# cd /root
- Open .bashrc file with vi or nano editor. Please remember .bashrc is a hidden file, you won’t see it by doing ls -l command. You’ve to use -a flag to see hidden files in Linux.
root@ubuntu:~# ls -a
. .. .bash_history .bashrc .cache .profile .viminfo
root@ubuntu:~# vi .bashrc
Add the following whole line at the bottom of the file. Make sure to replace “ServerName” with a hostname of your Server and change “your@yourdomain.com” with a your email address.
Syntax:- echo 'ALERT - Root Shell Access (ServerName) on:' `date` `who` | mail -s
"Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" your@yourdomain.com
Eg:- echo 'ALERT - SSH Access Detected To (ubuntu) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" ictops@gmail.com
- Execute the following for instant result.
No comments:
Post a Comment