E-mail alert when a successful root login occurs

By | December 22, 2013

I find it very useful to receive alert notifications via e-mail whenever a successful root login occurs. This will make sure that you are notified immediately (you can link the e-mail address to a mobile sms service) whenever someone logs in. This can be done very easily in several ways after logging into the CLI (Command Line Interface) as root:

[[email protected] ~]#

Method 1:

Next, edit the .bashrc file (I prefer nano over vi for simplicity):

[[email protected] ~]# nano .bashrc

Add the following line to the end of the .bashrc file:

echo -n 'ALERT - Root Shell Access (servername) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" [email protected]

Substitute “servername” and “[email protected]” for your servername and e-mail address, and save the file. This also works for other shell accounts on the system when you modify the shell user’s .bashrc file.

Method 2 (I prefer this one):

Go to the .ssh directory:

[[email protected] ~]# cd /root/.ssh

Create a file named “rc”:

[[email protected] ~]# nano rc

Add the following line to the newly created rc file:

echo -n 'ALERT - Root Shell Access (servername) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" [email protected]

Substitute “servername” and “[email protected]” for your servername and e-mail address, and save the file.

At some point I will write up a (new) server security checklist that will also include this tip.

Leave a Reply

Your email address will not be published. Required fields are marked *