The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Root only email alert

Discussion in 'General Discussion' started by popeye, Apr 5, 2016.

  1. popeye

    popeye Well-Known Member

    Joined:
    May 23, 2013
    Messages:
    313
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    how can i setup email alert for user root only. So i only get an alert if someone successfully logs in has root.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    671
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    The following options are available in "WHM Home » Security Center » cPHulk Brute Force Protection" if you have enabled cPHulk:

    Send a notification upon successful root login when the IP address is not on the whitelist
    Send a notification upon successful root login when the IP address is not on the whitelist, but from a known netblock


    cPHulk login notifications are configured via:

    "WHM Home » Server Contacts » Contact Manager"

    These options are documented at:

    cPHulk Brute Force Protection - Documentation - cPanel Documentation
    Contact Manager - Documentation - cPanel Documentation

    Thank you.
     
  3. popeye

    popeye Well-Known Member

    Joined:
    May 23, 2013
    Messages:
    313
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    Hi yes i have them setup but i want it for root only not other users who have ssh access to there account. And also want email sending to an email address that's not the same has email alerts for cron jobs and everything else.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    671
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you elaborate on this? In what other instances do you receive a root login email notification?

    You would have to change the alert priority, and update the notification method to a different communication type. Or, you could setup a system email filter that discards specific email notifications after forwarding them to an alternate address:

    How to Customize the Exim System Filter File - cPanel Knowledge Base - cPanel Documentation

    Thank you.
     
  5. popeye

    popeye Well-Known Member

    Joined:
    May 23, 2013
    Messages:
    313
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    Hi if a user has ssh access to there account i get email when they login via ssh
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    671
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Is CSF/LFD installed on this system? If so, check to see if that notification comes from that application.

    https://download.configserver.com/csf/readme.txt

    Thank you.
     
  7. popeye

    popeye Well-Known Member

    Joined:
    May 23, 2013
    Messages:
    313
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    My bad yes sorry it does :(
     
  8. ssfred

    ssfred Well-Known Member

    Joined:
    Jan 6, 2012
    Messages:
    62
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello

    If you wish to receive notification only for root logins through ssh, you can tweak the ".bashrc" file for the same. Edit the file /root/.bashrc in any of the editor and add the entries for your requirement. I am pasting my .bashrc entries for your reference

    echo 'ALERT - Root Shell Access (Server XXXX) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" xxxxxx@xxxx.com
     
  9. popeye

    popeye Well-Known Member

    Joined:
    May 23, 2013
    Messages:
    313
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    Thanks i have tried that before on one server but for some reason it never worked.

    So just tried it again on another one and it did. will this give alerts if someone gets access to WHM with user root
     
  10. ssfred

    ssfred Well-Known Member

    Joined:
    Jan 6, 2012
    Messages:
    62
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello
    Glad to know that it worked :). It works only for SSH logins and for WHM logins, you can follow the suggestions of
    cPanelMichael
     
Loading...

Share This Page