The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Root Access On (notifications)

Discussion in 'Security' started by cjmwebdesigns, Feb 28, 2010.

  1. cjmwebdesigns

    cjmwebdesigns Well-Known Member

    Joined:
    Dec 20, 2003
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    Twitter:
    I've reviewed the securing your server sticky and I really want to provide myself with notifications when my server is accessed via ROOT and did modified pico .bash_profile with the following:

    echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" your@email.com


    (I have entered my e-mail in place of your@email.com) however I am not receiving notification.

    Any thoughts? Update to the string since the sticky was written in 2004?
     
  2. cjmwebdesigns

    cjmwebdesigns Well-Known Member

    Joined:
    Dec 20, 2003
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    Twitter:
    Problem solved!!

    Sorry I did not see the automatic rule on my inbox for messages from Root which were sent to an offline folder in Outlook.

    :D
     
  3. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    I did & it works well

    Just one question : how can i add an IP as trusted & will not get alert for the same
     
  4. thewebhosting

    thewebhosting Well-Known Member

    Joined:
    May 9, 2008
    Messages:
    1,201
    Likes Received:
    1
    Trophy Points:
    38
    If you have installed a Firewall in your server then you can add the IP address into the whitelist IPs.
     
  5. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16

    Yes we do we have csf installed , in which file to add our ISP ip csf.allow ? if so than it was added at the time, when we installed csf

    i don't want Root SSH alert from this IP : 11.11.111.12 ( It is hidden to actual one)

    this is out static IP

    Hope! you guys understand.
     
  6. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Well if you have CSF and put your IP in /etc/csf/csf.ignore that will help limit some alerts generated from your IP.

    Regarding the .bash_profile code you posted, maybe try something more like this instead:

    Code:
    typeset -i RTALERT=$(who am i | /bin/egrep -c "STICKYOURIPHERE")
    
    if [ ${RTALERT} -gt 0 ]; then
       echo "Root alert bypass has been activated"
    else
       echo "ALERT - Root Shell Access on: $(date) $(who)" | mail -s "Alert: Root Access" "$(/bin/cat -- /root/.forward)"
    fi
    
    unset RTALERT
    
     
Loading...

Share This Page