1. Log in as the root user of your server
2. type
cd /etc/cron.daily
3. then type
pico -w chkuid0
4. Paste the following code:
Quote:
#!/bin/sh
#
# This script must be owned by root or at least setuid 0
# It will scan the system and mail the root user when another user gains uid 0.
for id in `awk 'FS=":" {if(($3 == 0 && $1 != "root" )) \
print $1}' /etc/passwd`
do
echo 'ALERT Login ID' `echo ${id}` 'has uid 0 !!' `date "+Detected On Date :%D Time :%r"` | mail -s "ALERT: User `echo ${id}` has UID O" webmaster[at]yoursite.com
|
5. Press
Ctrl-X, and then press
Y.
6. type
chmod 755 chkuid0