Proactive monitoring, real-time alerts, and detailed reporting for optimal server security
Protect your infrastructure with automated security auditing and instant notifications
Explore Solutions | Learn More
Continuous monitoring of server performance, security events, and compliance metrics with minimal system impact. According to Gartner, organizations with real-time monitoring detect security incidents up to 60% faster than those using periodic scanning.
Instant notifications for security breaches, performance issues, and compliance violations via email, SMS, or custom channels. Forward Email's reliable delivery ensures critical alerts reach your team promptly.
Detailed audit logs and customizable reports for security analysis, compliance documentation, and performance optimization.
Automated detection of security vulnerabilities, misconfigurations, and outdated software with remediation recommendations. The NIST recommends continuous vulnerability scanning as a critical component of cybersecurity frameworks.
Monitor and enforce compliance with industry standards including PCI DSS, HIPAA, SOC 2, ISO 27001, and custom policies.
Track user activities, permission changes, and authentication attempts to identify unauthorized access and privilege escalation.
Identify and address security vulnerabilities before they can be exploited, preventing costly data breaches and system compromises. IBM's Cost of a Data Breach Report indicates that organizations with security automation save an average of $3.05 million per breach compared to those without automation.
Detect performance issues early and receive immediate notifications, allowing for quick resolution before they impact operations.
Automate compliance monitoring and documentation, streamlining audit processes and reducing the administrative burden.
Identify resource usage patterns and inefficiencies to optimize server performance and reduce operational costs.
Gain complete visibility into your server environment with centralized monitoring and detailed activity logs.
Easily scale your auditing capabilities as your infrastructure grows, from single servers to enterprise environments.
- Vulnerability assessment and management
- Security configuration monitoring
- Intrusion detection and prevention
- File integrity monitoring
- User activity tracking and analysis
- Security patch compliance
- CPU, memory, and disk usage monitoring
- Network performance tracking
- Application response time analysis
- Resource utilization optimization
- Bottleneck identification
- Capacity planning insights
- Automated compliance checks
- Policy enforcement monitoring
- Regulatory requirement tracking
- Audit-ready reporting
- Compliance gap analysis
- Historical compliance records
Ensure critical server audit notifications reach your team instantly with Forward Email's reliable SMTP service. According to research by Mailtrap, email service providers account for about 30% of email deliverability, making it crucial to choose a reliable provider like Forward Email for your security alerts.
- Reliable Delivery: Forward Email's robust infrastructure ensures your critical security alerts are delivered promptly and reliably.
- Simple Configuration: Easy integration with all major server auditing tools through standard SMTP or API connections.
- Detailed Delivery Tracking: Monitor the delivery status of important security notifications to ensure they reach your team.
- Customizable Alerts: Send formatted HTML emails with detailed information about security events, including severity levels, affected systems, and recommended actions.
- Automated Escalation: Configure escalation workflows for critical alerts that haven't been acknowledged within specified timeframes.
#!/bin/bash
#
# server_audit_notify.sh - Server Audit Notification Script
#
# This script performs server security audits and sends notifications
# via Forward Email's SMTP service when issues are detected.
#
# Usage: ./server_audit_notify.sh [options]
#
# Options:
# -e, --email EMAIL Email address to send notifications to
# -s, --smtp HOST SMTP server hostname (default: smtp.forwardemail.net)
# -p, --port PORT SMTP port (default: 587)
# -u, --user USERNAME SMTP username
# -w, --pass PASSWORD SMTP password
# -l, --level LEVEL Audit level: basic, standard, thorough (default: standard)
# -i, --interval HOURS Run as daemon with specified interval in hours
# -q, --quiet Suppress console output
# -h, --help Display this help message
#
# Example:
# ./server_audit_notify.sh --email admin@example.com --user user@yourdomain.com --pass yourpassword
#
# Dependencies:
# - mailx or sendmail for email notifications
# - lynis for security auditing (will be installed if not present)
# - common system utilities (grep, awk, etc.)
#
# Author: Forward Email Team
# Website: https://forwardemail.net
# License: MIT
set -e
# Default values
EMAIL=""
SMTP_HOST="smtp.forwardemail.net"
SMTP_PORT="587"
SMTP_USER=""
SMTP_PASS=""
AUDIT_LEVEL="standard"
INTERVAL=0
QUIET=false
REPORT_DIR="/var/log/server_audit"
TIMESTAMP=$(date +"%Y-%m-%d_%H-%M-%S")
LOG_FILE="${REPORT_DIR}/audit_${TIMESTAMP}.log"
SUMMARY_FILE="${REPORT_DIR}/summary_${TIMESTAMP}.txt"
# Display help message
show_help() {
grep "^#" "$0" | grep -v "!/bin/bash" | sed 's/^# \?//'
exit 0
}
# Parse command line arguments
parse_args() {
while [[ $# -gt 0 ]]; do
case "$1" in
-e|--email)
EMAIL="$2"
shift 2
;;
-s|--smtp)
SMTP_HOST="$2"
shift 2
;;
-p|--port)
SMTP_PORT="$2"
shift 2
;;
-u|--user)
SMTP_USER="$2"
shift 2
;;
-w|--pass)
SMTP_PASS="$2"
shift 2
;;
-l|--level)
AUDIT_LEVEL="$2"
shift 2
;;
-i|--interval)
INTERVAL="$2"
shift 2
;;
-q|--quiet)
QUIET=true
shift
;;
-h|--help)
show_help
;;
*)
echo "Unknown option: $1"
show_help
;;
esac
done
# Validate required parameters
if [[ -z "$EMAIL" ]]; then
echo "Error: Email address is required"
show_help
fi
if [[ -z "$SMTP_USER" || -z "$SMTP_PASS" ]]; then
echo "Error: SMTP username and password are required"
show_help
fi
}
# Check for dependencies and install if necessary
check_dependencies() {
# Create report directory
mkdir -p "$REPORT_DIR"
# Check for mailx
if ! command -v mailx &> /dev/null; then
log_message "Installing mailx..."
if command -v apt-get &> /dev/null; then
apt-get update && apt-get install -y mailutils
elif command -v yum &> /dev/null; then
yum install -y mailx
else
log_message "Error: Could not install mailx. Please install it manually."
exit 1
fi
fi
# Check for Lynis
if ! command -v lynis &> /dev/null; then
log_message "Installing Lynis..."
if command -v apt-get &> /dev/null; then
apt-get update && apt-get install -y lynis
elif command -v yum &> /dev/null; then
yum install -y lynis
else
log_message "Error: Could not install Lynis. Please install it manually."
exit 1
fi
fi
}
# Log message to console and log file
log_message() {
local message="$1"
local timestamp=$(date +"%Y-%m-%d %H:%M:%S")
if [[ "$QUIET" == false ]]; then
echo "[${timestamp}] ${message}"
fi
echo "[${timestamp}] ${message}" >> "$LOG_FILE"
}
# Run security audit
run_audit() {
log_message "Starting server security audit (level: $AUDIT_LEVEL)..."
# Set Lynis audit parameters based on level
local lynis_params=""
case "$AUDIT_LEVEL" in
basic)
lynis_params="--quick"
;;
standard)
lynis_params=""
;;
thorough)
lynis_params="--pentest"
;;
*)
log_message "Unknown audit level: $AUDIT_LEVEL. Using standard."
lynis_params=""
;;
esac
# Run Lynis audit
log_message "Running Lynis security audit..."
lynis audit system $lynis_params --no-colors --quiet > "${REPORT_DIR}/lynis_${TIMESTAMP}.log" 2>&1
# Check for failed SSH login attempts
log_message "Checking for failed SSH login attempts..."
grep "Failed password" /var/log/auth.log | tail -n 50 > "${REPORT_DIR}/ssh_failures_${TIMESTAMP}.log"
# Check for large files
log_message "Checking for large files..."
find / -type f -size +100M -exec ls -lh {} \; 2>/dev/null | sort -k5,5hr | head -n 20 > "${REPORT_DIR}/large_files_${TIMESTAMP}.log"
# Check disk usage
log_message "Checking disk usage..."
df -h > "${REPORT_DIR}/disk_usage_${TIMESTAMP}.log"
# Check for listening ports
log_message "Checking for listening ports..."
netstat -tuln > "${REPORT_DIR}/listening_ports_${TIMESTAMP}.log"
# Check for recent package installations
log_message "Checking for recent package installations..."
if command -v apt &> /dev/null; then
grep " install " /var/log/dpkg.log | tail -n 50 > "${REPORT_DIR}/recent_packages_${TIMESTAMP}.log"
elif command -v yum &> /dev/null; then
yum history | head -n 20 > "${REPORT_DIR}/recent_packages_${TIMESTAMP}.log"
fi
# Create summary
create_summary
log_message "Audit completed. Results saved to ${REPORT_DIR}"
}
# Create summary of audit findings
create_summary() {
log_message "Creating audit summary..."
{
echo "SERVER AUDIT SUMMARY"
echo "===================="
echo "Date: $(date)"
echo "Hostname: $(hostname)"
echo "IP Address: $(hostname -I | awk '{print $1}')"
echo "Audit Level: $AUDIT_LEVEL"
echo ""
echo "SYSTEM INFORMATION"
echo "------------------"
echo "OS: $(cat /etc/os-release | grep PRETTY_NAME | cut -d= -f2 | tr -d '"')"
echo "Kernel: $(uname -r)"
echo "Uptime: $(uptime -p)"
echo ""
echo "SECURITY WARNINGS"
echo "-----------------"
grep "Warning" "${REPORT_DIR}/lynis_${TIMESTAMP}.log" | tail -n 20
echo ""
echo "FAILED SSH ATTEMPTS"
echo "------------------"
wc -l "${REPORT_DIR}/ssh_failures_${TIMESTAMP}.log" | awk '{print $1 " failed SSH login attempts found"}'
if [[ -s "${REPORT_DIR}/ssh_failures_${TIMESTAMP}.log" ]]; then
echo "Top IP addresses:"
grep "Failed password" "${REPORT_DIR}/ssh_failures_${TIMESTAMP}.log" | awk '{print $(NF-3)}' | sort | uniq -c | sort -nr | head -n 5
fi
echo ""
echo "DISK USAGE"
echo "----------"
grep -v "tmpfs" "${REPORT_DIR}/disk_usage_${TIMESTAMP}.log" | grep -v "udev"
echo ""
echo "LISTENING PORTS"
echo "--------------"
grep "LISTEN" "${REPORT_DIR}/listening_ports_${TIMESTAMP}.log" | wc -l | awk '{print $1 " open ports found"}'
echo "Notable ports:"
grep -E ":(22|80|443|25|3306|5432) " "${REPORT_DIR}/listening_ports_${TIMESTAMP}.log"
echo ""
echo "RECOMMENDATIONS"
echo "--------------"
echo "1. Review all security warnings"
echo "2. Investigate any suspicious failed login attempts"
echo "3. Check for unauthorized listening ports"
if grep -q "Warning" "${REPORT_DIR}/lynis_${TIMESTAMP}.log"; then
echo "4. Address Lynis security warnings"
fi
if grep -q "9[0-9]%" "${REPORT_DIR}/disk_usage_${TIMESTAMP}.log"; then
echo "5. Free up disk space on partitions with >90% usage"
fi
echo ""
echo "For detailed information, see the full audit logs in ${REPORT_DIR}"
echo ""
echo "Generated by server_audit_notify.sh"
echo "Powered by Forward Email - https://forwardemail.net"
} > "$SUMMARY_FILE"
}
# Send email notification
send_notification() {
log_message "Sending email notification to $EMAIL..."
# Create email content
local email_subject="Server Audit Report: $(hostname) - $(date +"%Y-%m-%d")"
local email_body_file="${REPORT_DIR}/email_${TIMESTAMP}.txt"
{
echo "Server Audit Notification"
echo "========================="
echo ""
cat "$SUMMARY_FILE"
} > "$email_body_file"
# Configure mailx
echo "set smtp=$SMTP_HOST:$SMTP_PORT" > ~/.mailrc
echo "set smtp-use-starttls" >> ~/.mailrc
echo "set smtp-auth=login" >> ~/.mailrc
echo "set smtp-auth-user=$SMTP_USER" >> ~/.mailrc
echo "set smtp-auth-password=$SMTP_PASS" >> ~/.mailrc
echo "set ssl-verify=ignore" >> ~/.mailrc
# Send email
if cat "$email_body_file" | mailx -s "$email_subject" "$EMAIL"; then
log_message "Email notification sent successfully"
else
log_message "Failed to send email notification"
fi
}
# Main function
main() {
log_message "Server Audit Notification Script started"
check_dependencies
if [[ $INTERVAL -gt 0 ]]; then
log_message "Running in daemon mode with interval of $INTERVAL hours"
while true; do
run_audit
send_notification
log_message "Sleeping for $INTERVAL hours..."
sleep $(($INTERVAL * 3600))
done
else
run_audit
send_notification
fi
log_message "Script completed successfully"
}
# Parse command line arguments
parse_args "$@"
# Run main function
mainOur team conducts a comprehensive assessment of your server environment to identify monitoring requirements and security objectives.
We customize the auditing solution to meet your specific needs, including alert thresholds, compliance requirements, and reporting preferences.
Seamless deployment with minimal disruption to your operations, including integration with existing security tools and email notification systems.
Comprehensive training for your team on using the auditing dashboard, interpreting alerts, and responding to security incidents.
Continuous support and regular updates to ensure your auditing solution remains effective against evolving security threats.
Contact our team today to discuss how our server auditing solutions can help protect your infrastructure and streamline your security operations.
Request Consultation | View Pricing
- Gartner. (2024). Security Monitoring Best Practices. Retrieved April 5, 2025, from Gartner Research.
- Forward Email. (2025). Email Delivery Performance Report. Retrieved April 5, 2025, from https://forwardemail.net/performance
- National Institute of Standards and Technology (NIST). (2024). Cybersecurity Framework. Retrieved April 5, 2025, from https://www.nist.gov/cyberframework
- IBM. (2024). Cost of a Data Breach Report. Retrieved April 5, 2025, from IBM Security.
- Mailtrap. (2024). Email Deliverability Factors Research. Retrieved April 5, 2025, from https://mailtrap.io/blog/email-deliverability