Root only email alert

popeye

• April 05, 2016 16:18

how can i setup email alert for user root only. So i only get an alert if someone successfully logs in has root.

• 

  cPanelMichael

  • April 05, 2016 21:56

  Hello :) The following options are available in "WHM Home " Security Center " cPHulk Brute Force Protection" if you have enabled cPHulk: Send a notification upon successful root login when the IP address is not on the whitelist Send a notification upon successful root login when the IP address is not on the whitelist, but from a known netblock cPHulk login notifications are configured via: "WHM Home " Server Contacts " Contact Manager" These options are documented at: cPHulk Brute Force Protection - Documentation - cPanel Documentation Contact Manager - Documentation - cPanel Documentation Thank you.

  0
• 

  popeye

  • April 05, 2016 22:02

  Hi yes i have them setup but i want it for root only not other users who have ssh access to there account. And also want email sending to an email address that's not the same has email alerts for cron jobs and everything else.

  0
• 

  cPanelMichael

  • April 05, 2016 22:07

  Hi yes i have them setup but i want it for root only not other users who have ssh access to there account.

  
  Could you elaborate on this? In what other instances do you receive a root login email notification?

  And also want email sending to an email address that's not the same has email alerts for cron jobs and everything else.

  
  You would have to change the alert priority, and update the notification method to a different communication type. Or, you could setup a system email filter that discards specific email notifications after forwarding them to an alternate address: How to Customize the Exim System Filter File - cPanel Knowledge Base - cPanel Documentation Thank you.

  0
• 

  popeye

  • April 05, 2016 22:10

  Hi if a user has ssh access to there account i get email when they login via ssh

  0
• 

  cPanelMichael

  • April 05, 2016 22:30

  Hi if a user has ssh access to there account i get email when they login via ssh

  
  Is CSF/LFD installed on this system? If so, check to see if that notification comes from that application.

  0
• 

  popeye

  • April 05, 2016 22:46

  My bad yes sorry it does :(

  0
• 

  ssfred

  • April 06, 2016 05:48

  Hello If you wish to receive notification only for root logins through ssh, you can tweak the ".bashrc" file for the same. Edit the file /root/.bashrc in any of the editor and add the entries for your requirement. I am pasting my .bashrc entries for your reference echo 'ALERT - Root Shell Access (Server XXXX) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" xxxxxx@xxxx.com

  0
• 

  popeye

  • April 06, 2016 09:32

  Thanks i have tried that before on one server but for some reason it never worked. So just tried it again on another one and it did. will this give alerts if someone gets access to WHM with user root

  0
• 

  ssfred

  • April 06, 2016 10:29

  Hello Glad to know that it worked :-). It works only for SSH logins and for WHM logins, you can follow the suggestions of cPanelMichael

  0

Please sign in to leave a comment.