Root Login Notifier Script
I recently decided to write a Root Login Notifier Script this script checks every user that logs in as root or switches user to root against your firewall’s allowed hosts if the IP address of the root user is not in the allowed hosts list it silent sends an email to the address specified in the script listing the the username they sudo from or logged in as, as well as their ip address, and the date/time. If the root user is in the allowed hosts list of the firewall it will echo “Welcome Super User”.
Current Version: 0.2b
You can download this script here
Install Guide:
Login as root or Super User
[root@dev ~]# mkdir /etc/scripts
[root@dev ~]# cd /etc/scripts
[root@dev ~/etc/scripts]# wget http://www.abouteye.com/downloads/scripts/root.sh
[root@dev ~/etc/scripts]# chmod +x root.sh
[root@dev ~/etc/scripts]# nano /root/.bashrc
Go to the bottom of this file and ad this line:
sh /etc/scripts/root.sh
Control X and then Save.
In the script you will need to edit a two lines.
[root@dev ~]# nano /etc/scripts/root.sh
EMAIL="you@gmail.com"
IP_ADDRESSES=`cat /etc/apf/allow_hosts.rules`
Change the email address to your OFF server email or cell phone SMS
change the /etc/apf/allow_hosts.rules path to where ever your firewall allowed hosts rules are or you can just create a file that you list IPs in one line at a time and use this as the path.
Leave a Reply
You must be logged in to post a comment.