====== Install SEC on Debian ======


===== On Debian : =====
 

   $ apt-get install sec 

Create a config file:   nano /root/root.conf 

add this content to the file:


<code bash>
type=Single
ptype=RegExp
pattern=(^.+\d+ \d+:\d+:\d+)(.+)sshd\[\d+\]: Accepted password for root from (.+)
desc=direct ssh root login on $2 from $3 @ $1
action=pipe 'direct ssh root login on $2 from $3 @ $1' /usr/bin/mail -s "Direct root login on $2 from $3" name@email.com
</code>


===== To start the monitoring: =====
 

     sec -detach -conf=/root/root.conf -input=/var/log/auth.log

{{tag>sec secu debian mail root ssh}}