Maintaining tracks of anyone who logs into your dedicated server is very essential, particularly when you deal with the super user (i.e. root). This is simple tutorial that will show you how to receive e-mail alerts immediately, whenever a hacker or anyone including you logs into your server as root. An external email address is recommended to use your web server to send alerts from.
Lets get started with the following steps:
Log into your dedicated web server using root and su to root.
cd / root
You can use your choice of editor, but pico is recommended.
Scroll the file till end and then add the following:
echo ‘ALERT – Root Shell Access (YourServerName) on:’ `date` `who` | mail -s “Alert: Root Access from `who | cut -d'(‘ -f2 | cut -d’)’ -f1`” [email protected]
Replace YourServerName with the handle for your actual server.
Replace [email protected] with the email address you want to send alerts from.
Crtl + X then Y
Once the above steps are done, simply logout of the Secure shell, close the connection and login back into the server. After a few minutes, you will get an email address of the administrator login.
Note: This is one of the great tools for dedicated servers having more than one admin’s or if you provide someone Secure Shell access for whatever reason, although you should provide the administrator password to as less people as possible and make sure to change it often.
This won’t alert you whenever the latest kernel exploit on your server and log into SSH, as they will produce their own SSH / Telnet connection. One of the best way to prevent your server from hacker is to keep your system up-to-date and by installing a firewall and update it with latest releases.