E-mail Alert on Root SSH Login

Want to be notified instantly when someone logs into your server as
root? No problem, check out this nice tutorial on email notification
for root logins. Keeping track of who logs into your server and when
is very important, especially when you’re dealing with the super user
account. We recommend that you use an email address not hosted on the
server your sending the alert from.

So lets get started!

1. Login to your server and su to root, I know the irony!

2. cd /root

3. pico .bashrc

4. Scroll to the end of the file then add the following:
echo ‘ALERT – Root Shell Access (YourserverName) on:’ `date` `who` |
mail -s “Alert: Root Access from `who | cut -d'(‘ -f2 | cut -d’)’
-f1`”
y…@yourdomain.com

Replace YourServerName with the handle for your actual server
Replace
y…@yourdomain.com with your actual email address

5. Crtl + X then Y

Now logout of SSH, close the connection and log back in! You should
receive an email address of the root login alert a few minutes
afterwards.

Leave a Reply