SSH Root Logon Notification Script.

This is a very simple script I wrote several years ago, a client wanted to be notified when a user logged in and switched to root. They also wanted some other basic information included, this was the quick solution I put together.

Login to your server and switch to root.

nano /root/.bashexec

Paste the following code in this file.

#!/bin/bash
tmpout=tmpout.txt
stringz="$(tail -n 1 /var/log/secure | grep root | grep opened | sed 's/.*by\(.*\)(.*/\1/' | awk '{print $1""$2}')"
echo -e "The local root account has been accessed by user $stringz" > $tmpout
echo -e "\nThe system last updated on: $(sed -n '/Updated:/h;${;g;p;}' < /var/log/yum.log | cut -dU -f1)" >> $tmpout
echo -e "\nThe last five users to access the system (including active):" >> $tmpout
echo -e "$(last -n 5 | sed '/^wtmp/d')" >> $tmpout
echo -e "\nUptime Report: $(uptime)" >> $tmpout
/bin/mail -s "$(hostname) root account accesssed by $stringz" youremail@whatever.com < $tmpout
rm -f $tmpout

Now execute it via .bashrc

nano /root/.bashrc

Paste the following.

sh /root/.bashexec

Comments are closed.