I have found this very useful to keep track of when other team members become root on one of our core infrastructure servers.
I dont want a notification when I (username=’richard’) log in though, so I exclude myself with a simple ‘if’.
Add this to roots ‘.bashrc’ file:
WHO=`who am i | cut -d " " -f1`
if [ "$WHO" != "richard" ]; then
echo 'ALERT - Root Shell Access ('`hostname`') on:' `date` $WHO | mail -s "Alert: Root Access from "$WHO my.emailaddress.com
fi
Leave a Comment