Recently I initialised a new Linode CentOS without doing any hardening yet, I want to be informed if any unauthorised login, here is how I doing it:
vi /etc/profile.d/login.sh
curl "http:///notifier?message=LinodeUserLogIn" &
chmod +x /etc/profile.d/login.sh
Exit from ssh, and relogin, the above URL will be called and my iPhone will receive Push Notification.
And just the next day I detected unsuspicous login then… immediately shutdown the Linode.