Friday, March 13, 2015

Enable SSH and WHM login Alert emails

Enable WHM login Alerts

You can enable this option in CSF firewall configuration.
/etc/csf/csf.conf
WHM >> Plugins >> ConfigServer Security&Firewall > csf – ConfigServer Firewall”.
Just click the “Firewall Configuration
# Send an email alert if anyone accesses WHM via root. An IP address will be
# reported again 1 hour after the last tracked access (or if lfd is restarted)
LF_CPANEL_ALERT = “1”

Enable SSH login Alerts

Login to your server as root user
cd /root
vi .bashrc
Scroll to the end of the file then add the following:
echo ‘ALERT – Root Shell Access (ServerName) on:’ `date` `who` | mail -s “Alert: Root Access from `who | cut -d'(‘ -f2 | cut -d’)’ -f1`” your@yourdomain.com
Replace YourServerName with the handle for your actual server
Replace you@yourdomain.com with your actual email address

No comments:

Post a Comment