Sometimes you just want to know who is doing what. Like, for instance, if someone logs in as root on one of your systems... and it isn't you.
Installing a script to send an alert to your Google Talk IM to alert you when somebody logs in as root is as inexpensive as a monitoring system can be. This article will provide a step by step, as tested on CentOS 4 and 5.
For this task, you're going to need to install a good chat application that we can script to. With that in mind, let's use freetalk, which is primarily a command-line Google Talk client. Before you grab the code to install it, be sure you have the required dependent packages installed:
yum install readline readline-devel guile* glib* loudmouth*
Now, create a temp directory somewhere and get freetalk. Once the tarballed code is downloaded and extracted, run the usual trinity of commands to build the app:
You should now have freetalk installed. If you check the examples provided with this application, you can see that it is scriptable enough for us to play with it.
Create a file called sendWarning.ft (or whatever you want to called it) and enter the following:
; file: sendWarning.ft
; chmod +x sendWarning.ft
"Root Login on aaa.bbb.ccc.ddd")
"Could not connect\\n"))
Open /root/.bash_profile and add this line:
The next time the root user logs in on the monitored server, the sendWarning script will send a message into your personal Google Talk account.
Next time, we will see how to achieve the same results with PHP on the command line.