Welcome to Centmin Mod Community
Register Now

Sysadmin Alert when dump is made

Discussion in 'System Administration' started by Jon Snow, Jul 10, 2017.

  1. Jon Snow

    Jon Snow Member

    64
    13
    8
    Jun 30, 2017
    Ratings:
    +16
    Local Time:
    5:46 AM
    Nginx 1.13.3
    MariaDB 10.1.25
    Is it possible somehow to get an alert (via email for example) whenever a database dump has been made? For example, if a hacker somehow gains access to my server and tries to back up my database without my consent, I'd like to receive an alert via email about it.

    Is something like that even possible?

    Or what would it look like in my access log so that I can often check?
     
    • Agree Agree x 1
  2. eva2000

    eva2000 Administrator Staff Member

    28,348
    6,438
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,535
    Local Time:
    6:46 PM
    Nginx 1.13.x
    MariaDB 5.5
    for initial ssh login SSH Login Email Alerts Centmin Mod Style

    for general file or command tracking with tools/auditd.sh though setting up custom rule would be something for you to figure out as there's many ways to get the mysql database data via mysqldump command or directly accessing the mysql data files in /var/lib/mysql within SSH or even via hacked PHP web apps and backdoor/PHP shells which can allow hackers to install phpmyadmin/adminer to use a web gui to access mysql data. Beta Branch - tools/auditd.sh discussion thread for 123.09beta01
     
    • Like Like x 1