How To Setup/Enable SSH Login Email Alerts For All User In Linux
Whenever we setup a new server, we need to enable/tweak email alerts for ssh login for security reason. So that if someone logged into server we can get a mail trigger immediately.
If you are server administrator, you will get an email alerts from server, like what’s going on in server, who’s logged in server (like root or other users who are permit to access the server),and so on. Now, in this article, we are going to teach you about how to set up an email alerts for all user SSH login in Linux.
It’s one of the additionally layer of security for server. Also we can keep track on that for further reference. Even, we are not in the position to check the server, we can ask the person with the help of this email alerts, what he is doing on it.
If you suspecting someone trying to (unwanted/illegal) access the server, we might get a chance to shutdown the server to avoid further damage because if anyone done something on server and there is no way to retrieve it.
1) Find the bashrc file on server
To make the tweak work, first locate the
bashrc file. I could see that three files are found and the common bashrc file location is
# find / -name "bashrc" /home/installd/bashrc /root/installd/bashrc /etc/bashrc
2) Add mail alerts script on bashrc file
Open the bashrc file with your favorite text editor and add the below line at end of the file.
# nano /etc/bashrc LIMITUSER=$USER if [ -e "/usr/bin/whoami" ]; then LIMITUSER=`/usr/bin/whoami` fi if [ "$LIMITUSER" != "root" ]; then ulimit -n 100 -u 35 -m 200000 -d 200000 -s 8192 -c 200000 -v unlimited 2>/dev/null else ulimit -n 4096 -u 14335 -m unlimited -d unlimited -s 8192 -c 1000000 -v unlimited 2>/dev/null fi echo 'ALERT - Root Shell Access '$HOSTNAME' on:' `date` `who` | mail -s "Alert: Root Access" [email protected],[email protected]
In the above scrip you need to change email id instead of us then save and exit the editor. Use comma to add more then one email id.
Now, try to login ssh again with new session and you will be getting the email alert, every time
bashrc batch file get executed for all user SSH login.
3) Check the email alerts on mail
For testing purpose, i have logged into server with root, mageshm & 2daygeek users then will see how the alerts will send to mentioned email id.
ALERT - Root Shell Access server.2daygeek.com on: Fri Feb 14 12:34:07 IST 2014 root pts/0 2014-02-14 12:34 (126.96.36.199) root pts/1 2014-02-14 12:34 ALERT - Root Shell Access server.2daygeek.com on: Fri Feb 14 12:34:25 IST 2014 root pts/0 2014-02-14 12:34 (188.8.131.52) root pts/1 2014-02-14 12:34 mageshm pts/2 2014-02-14 12:34 (184.108.40.206) ALERT - Root Shell Access server.2daygeek.com on: Fri Feb 14 12:34:36 IST 2014 root pts/0 2014-02-14 12:34 (220.127.116.11) root pts/1 2014-02-14 12:34 mageshm pts/2 2014-02-14 12:34 (18.104.22.168) 2daygeek pts/4 2014-02-14 12:34 (22.214.171.124)
The output clearly shows about the current users, who had logged into (2 root, mageshm & 2daygeek) the server and also shows log in time, date and hostname.