Find out who is logged on as root (or any other user)

So I want our support team to get an email when someone logs on as root or su to root on our servers. So I saw this:
Want to be notified instantly when someone logs into your server as root? No problem, check out this nice tutorial on email notification for root logins. Keeping track of who logs into your server and when is very important, especially when you're dealing with the super user account. We recommend that you use an email address not hosted on the server your sending the alert from.

So lets get started!

1. Login to your server and su to root, I know the irony!

2. cd /root

3. pico .bashrc

4. Scroll to the end of the file then add the following:
echo 'ALERT - Root Shell Access (YourserverName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" you@yourdomain.com

Replace YourServerName with the handle for your actual server
Replace you@yourdomain.com with your actual email address

5. Crtl + X then Y

Now logout of SSH, close the connection and log back in! You should receive an email address of the root login alert a few minutes afterwards.

But I changed to this:
Edit root (or whatever user you wanted) .bash_profile

echo 'ALERT - Root Shell Access (YourserverName) on:' `date` `who` | mail -s "Alert: Root Access from `netstat | grep ssh`" you@yourdomain.com

Replace YourServerName with the handle for your actual server
Replace you@yourdomain.com with your actual email address

This netstat gives you all users connected to your box via ssh at that time, not just the specific user who just sshed in.

Example Output (user SSH sessions from my home laptop ip of 70.131.105.251:
tcp 0 0 ls3.harmonicwebhosting.:ssh adsl-70-131-105-251.d:61852
ESTABLISHED
tcp 0 220 ls3.harmonicwebhosting.:ssh adsl-70-131-105-251.d:63195
ESTABLISHED

ALERT - Root Shell Access on (ls3.harmonicwebhosting.com-64.254.200.10): Fri Jul 3
11:37:51 CDT 2009

MOSS 2007 Create New Web Application/Database for later move to another MOSS Server

Here is how to create a new web application and database for a new site in MOSS 2007.  This will allow for ease of moving the site and database in the future to a separate physical MOSS server.  This came up yesterday at work.

1. Go into Central Administration on the existing MOSS instance.  You must sign in as a farm administrator, I do not think a site collection administrator will cut it for this task.  The way to check is if you see the Create or Extend Web application Link in the step below, you are good.  It should be the top most link under Sharepoint Web Application Management on the Application Management page of Central Administration.  It will be just above Remove SharePoint from IIS Web Site.  NOTE: If you can not see this, simply type in http://servername:centraladminport/_admin/extendvs.aspx
   
2. Click on Application Management, Create or extend Web Appplication.  Click create a new web application.  This will create a new IIS website and a new content database for the new site.  This aids in moving it to other physical or logical MOSS instances later on.
3. Fill in the information accordingly for the new Web Application page.
4. You can use an existing IIS site, but not for this exercise, instead create a new IIS site, give it a port number not already in use (MOSS will default to one for you or you can change it).
5. Give the site a description describing its purpose - make it a good description that includes sharepoint and the port number and the sites purpose because this is what will show up in IIS for example later and it is easy to move if you have a lot of sites to manage.
6. Specify the path for the website files - or take the default of c:\inetpub\wwwroot\wss\VirtualDirectories\...
7. Take the default NTLM Allow Anonymous No and Use SSL No (unless it is externally facing or you have special security requirements.  NOTE: Excel Services sites work better with Kerberos not NTLM.
8. Choose the load balanced URL for the site or take the default
9. Application Pool - here is where you can use an exsiting one on the existing MOSS instance or create a new one, it does not matter.  When you move this to another server/MOSS instance later, it will use one on that server/MOSS instance anyway not this one.
10. Restart IIS Manually (the default) is ok - 99 times out of 100 you will not have to even restart IIS after creating this new site anyway.  I don't knwo why MSFT puts this in here.
11. Specify Database Server and Name - it is a good idea to name the database WSS_Content_ like you named the website above (minus the port information of course)
12. Select your database authentication method, Windows authentication is preferred.
13. Select which server in your MOSS environment is the Search Server for the new site.
14. Click OK and MOSS will try to create the new IIS website and new SQL Server database for you.  If you look in those apps after it returns (with successfully created) you will see the new website and new database.  Be sure to add those to your backup strategy if it requires you to update which database and site files needs backup.
15. If you get errors, read the error message and try to troubleshoot it, it may mean there is a security/authority error or something else.  Good luck!
16. Now create a new site collection in Central Administration -> Application Management then you can begin creating sites on your new MOSS Web Application and start to fill up your new database and IIS Web Application with sites and subsites!

TO RESTORE ONTO NEW SERVER/MOSS INSTANCE

To move the site and database onto a new box or instance is pretty straightforward.  Often you have to do this due to performance, disk, or logical split/upper management decision reasons.

1. On the new server, create a new web application similar to the above process.
   
2. Create a new site collection using the blank site template
3. use the stsadmin -backup command on the old server.  This makes a .dat file.
4. use the stsadmin -restore command on the new server on the .dat file
5. Everything should work fine.