Alert when user root attempts an invalid login
Posted on 2003-02-26
We have a few red hat servers running either 6.2 or 7.3. My boss has asked to be alerted if someone attempts to login as root and it is invalid. He would like this in an email. I know the /var/logs/messages has the information in there about logins, but how would I ever make it work? I thought about a perl script, but I am not that verse in it. Anyone knows of some sneaky script out there, or a monitoring software that can do this?