1. Set all ssh account to use bash shell by default , /etc/passwd
2. Make sure that you have install exim or postfix or any other email tool to send mail
3. Edit /etc/bash.bashrc , and the below lines
echo 'Date:' `date` $'\n'WhoAmI: `whoami` \
$'\n'Who: $'\n'"`who`" \
$'\n'Netstat: $'\n'"`netstat -nt | grep EST`" \
$'\n'Process: $'\n'"`ps -aux`" \
| mail -aFrom:[email protected] -s "Security Alert: SSH Access(`hostname -s`)" [email protected]
This script will send the following info : Date , WhoAMI, who , netstat, processlist
4. Test (1) Copying the above code in your shell and run , make sure that you receive the email (2) Login to the server from a different window.