Thursday, October 18, 2007

System Security Monitor root access

Security of the server always come first , especially web server which access by the worldwide and hackers always keep eyes on those server's.
So, its good if you have system which automatically send a email notification via email whenever someone logs in as root on your system.
To configure the automatic email alert notification to a email address on each incident of root log on on the server, use the following guide.
Login to the server via SSH using as root ID.
  • Ensure that you’re at home directory of root. The open up the .bash_profile for editing using pico or vi by typing one of the following commands at linux command shell:
    pico .bash_profilevi .bash_profile
  • Scroll down to the end of the file and add the following line:
    echo 'ALERT - Root Shell Access on:' `date` `who` mail -s "Alert: Root Access from `who cut -d"(" -f2 cut -d")" -f1`" user@example.com
    Replace user@email.com with the actual email account address that you want to the root access alert notification been sent to. Note that you can change the text contains in the email alert too. The text starting with first ALERT is written as email body, and you can add in other info such as host name or change the wordings. The second Alert is the email title which you can change to your own too.

Note that you can change the text contains in the email alert too. The text starting with first ALERT is written as email body, and you can add in other info such as host name or change the wordings. The second Alert is the email title which you can change to your own too.

Now logout and login again as root, you should receive an email alert at your inbox. The security trick should works on most popular flavor of Linux such as RedHat, CentOS, Ubuntu, FreeBSD and etc.

No comments:

SHOW ENGINE INNODB STATUS

  The SHOW ENGINE INNODB STATUS command in MySQL provides detailed information about the internal state of the InnoDB storage engine. This ...