For security reasons, you would like to get an alert to your mailbox if someone logins to the server with root credentials.
Step 1. Make sure csf firewall is enabled on the server.
Step 2. Check CSF configuration file .
Make sure below values are set to 1 –
LF_SSH_EMAIL_ALERT = “1”
Step 4. Restart firewall.
Alternatively, make sure following parameter is enabled in csf –
LF_CPANEL_ALERT = “1”
You can then go ahead an add following code to bashrc file –
echo ‘ALERT – Root Shell Access (ServerName) on:’ `date` `who` | mail -s “Alert: Root Access from `who | cut -d'(‘ -f2 | cut -d’)’ -f1`” [email protected]
Replace [email protected] with your email address.