How To Setup/Enable SSH Login Email Alerts For Root User In Linux
If you are server administrator you should get all the email alerts from server, what’s going on server, any software updated or any daemon failed to start, restart and who’s logged in server.
In our previous article we have covered to setup SSH login email alerts for All users.
Today we are going to explain, how to setup SSH login email alerts for root users.
It’s one of the best tweak for server security to get email alerts for SSH login, which will help us to track the login attempts also it will help us to find the illegal and unwanted attempts.
I would advise you to set a hard and guess password, also change the password very frequently for best security practices.
By default ssh configuration comes with possible security parameters but still you can modify lots of parameters based on your requirement and environment to make the server more secure.
1) Find .bashrc file
Login as a root user and open the
.bashrc file by navigating to root directory since we are setting up the email alerts for root user. It’s a hidden file so make sure you have to put
ls -la command to print a hidden files in the current directory.
# cd /root # pwd /root # ls -la total 257228 dr-xr-x---. 5 root root 4096 Nov 14 10:18 . dr-xr-xr-x. 25 root root 4096 Oct 28 03:01 .. -rw-------. 1 root root 1369 Apr 30 2013 anaconda-ks.cfg -rw------- 1 root root 17011 Nov 22 18:04 .bash_history -rw-r--r--. 1 root root 18 May 20 2009 .bash_logout -rw-r--r--. 1 root root 234 Nov 14 10:32 .bash_profile -rw-r--r-- 1 root root 176 Nov 14 10:10 bash_profile_14-11-2013 -rw-r--r--. 1 root root 176 Sep 23 2004 .bashrc drwx------ 2 root root 4096 Oct 8 12:41 .ssh -rw------- 1 root root 7498 Oct 21 16:31 .viminfo
2) Add mail alerts script on bashrc file
Open the bashrc file with your favorite text editor and add the below colored line at end of the file.
# nano .bashrc # User specific aliases and functions alias rm='rm -i' alias cp='cp -i' alias mv='mv -i' # Source global definitions if [ -f /etc/bashrc ]; then . /etc/bashrc fi echo 'ALERT - Root Shell Access '$HOSTNAME' on:' `date` `who` | mail -s "Alert: Root Access" firstname.lastname@example.org,email@example.com
In the above file add your email id instead of us then save and exit the editor. If you want to add more then one email id use comma between the email id.
.bashrc file to take effect.
# source ~/.bashrc
We are going to test the setup whether its working or not by login with new ssh session. If its works you will be getting the email alert like below, every time
.bashrc batch file get executed for ssh login.
ALERT - Root Shell Access server.2daygeek.com on: Mon Nov 25 13:37:53 GMT 2013 root pts/0 2013-11-25 13:32 (188.8.131.52) root pts/2 2013-11-25 13:33 (184.108.40.206) root pts/3 2013-11-25 13:37 (220.127.116.11)
The above output is clearly shows that there are 3 user’s currently logged in server also showing logged in time, date and hostname.
To setup a specific user
Its same as above, navigate to particular user home directory and add the same line.
# vi /home/user/.bashrc echo 'ALERT - Root Shell Access '$HOSTNAME' on:' `date` `who` | mail -s "Alert: Root Access" firstname.lastname@example.org,email@example.com