The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

.bash_profile not sending root login notification

Discussion in 'General Discussion' started by gsbe, Nov 11, 2003.

  1. gsbe

    gsbe Active Member

    Joined:
    Jul 27, 2003
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Nashville, TN
    I have edited /root/.bash_profile as suggested in the Security Checklist on these forums to have the server email me anytime that the root login is used:
    Code:
    # .bash_profile
    
    # Get the aliases and functions
    if [ -f ~/.bashrc ]; then
            . ~/.bashrc
    fi
    
    # server e-mail everytime someone logs in as root
    echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access on Server #1" offsite_emailaddy@domain.com
    
    # User specific environment and startup programs
    PATH=$PATH:$HOME/bin
    BASH_ENV=$HOME/.bashrc
    USERNAME="root"
    
    export USERNAME BASH_ENV PATH
    
    I've removed the email address to protect the innocent (me).

    This was working for a little while, but now it is not sending me an email when I log in as root. What could be the problem?

    Thanks,
    Graham
     
  2. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    Are you su'ing with - ?

    echo 'ALERT - Root Login was Accessed on' `hostname`':' `date` 'by/location' `who` | mail -s "Alert: Root Access on `hostname`" user@domain.com
     
  3. gsbe

    gsbe Active Member

    Joined:
    Jul 27, 2003
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Nashville, TN
    You are correct, it does work with 'su -' and I understand why after reading 'info su', quoted below.

    I don't understand how the permissions would change if someone were to login with 'su' only. Don't I want to know if anyone logged in with 'su' or 'su -'?

    It would appear that users logged in via 'su' or 'su -' could still wreak havoc on my server, is this not the case?

    Code:
    `-'
    `-l'
    `--login'
         Make the shell a login shell.  This means the following.  Unset all
         environment variables except `TERM', `HOME', and `SHELL' (which
         are set as described above), and `USER' and `LOGNAME' (which are
         set, even for the super-user, as described above), and set `PATH'
         to a compiled-in default value.  Change to USER's home directory.
         Prepend `-' to the shell's name, intended to make it read its
         login startup file(s).
     
  4. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    su by itself does not use the root profile, that's why it is not tracked. But you are right you can still do about the same amount of damage.
     
Loading...

Share This Page