Get Root User SSH Login Email Alerts

1.Create a file login_emailalert.sh in /etc directory and write

########### By vijay To send Mail when root user logs in ###########

currentlogin=`last -i| grep -i still | sort -r | head -n 1`
set $currentlogin

echo -e "ALERT -$1 Access To `hostname`(`hostname -i`) on: `date` From $3 \n\n`last -i | grep -i still | sort -r ` " | mail -r "from@addrres.com" -s "Alert: $1 Access from $3 To `hostname`(`hostname -i`) " one@addresss.com two@address.com

2.Now  call this file in /root/.bash_profile by adding below lines in /root/.bash_profile file

vim /root/.bash_profile
# .bash_profile

# Get the aliases and functions
if [ -f ~/.bashrc ]; then
 . ~/.bashrc
fi

# User specific environment and startup programs

PATH=$PATH:$HOME/bin

export PATH

/etc/jobs/login_emailalert.sh;

save the file and from now every time root users login you will get mail in below format

with subject

Alert: root Access from 192.168.1.115 To myhostname.com(192.168.1.114)

and with mail body shown below

ALERT -root Access To myhostname.com(192.168.1.114) on: Sat Oct 29 09:53:57 IST 2016 From 192.168.1.115 

root     pts/0        192.168.1.115    Sat Oct 29 09:53   still logged in

 

Advertisements
This entry was posted in Linux. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s