I add this line at the end of my .bashrc file:-
who ; who | sendmail -f "firstname.lastname@example.org" -F "Root Login Alert" email@example.com
I normally add it to my own servers (local, virtual or dedicated) and of course you can put this line in a bootup file as well).
It will print the details of who is logged in using ‘who’ via the rlogind service to the screen, and then email this to an address of your choosing.
Of course this is only where someone has used your credentials (user/pass) to log in. On a shared system (other than at DreamHost ) then a root user (amongst others) could take a peak without triggering the .bashrc command)
Of course if you have have a server other than on the table in front of you it is always open to inspection.
Opinions are my own views, not DreamHosts’.
I am NOT a DreamHost employee OK! :@
Act on my advice at your own risk!