We can do it this in two ways
======
SSH:
echo 'SSH Root Access (Your Server Name) on:' `date` `who` | mail -s "ALERT: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" your@email-address.com
OR
WHM:
For tweaking this from WHM, the exact steps are:
Login to WHM > Scroll down the left menu to the bottom to reach the Plugins section > ConfigServer Security & Firewall > Firewall Configuration:
LF_SSH_EMAIL_ALERT: Send an email alert if anyone uses su to access another account. This will send an email alert whether the attempt to use su was successful or not.
LF_SU_EMAIL_ALERT: Send an email alert if anyone accesses WHM via root. An IP address will be reported again 1 hour after the last tracked access (or if lfd is restarted).
No comments:
Post a Comment