Howto Setup Root Login Email Alerts

Categories

Howto Setup Root Login Email Alerts

Last Updated On
You are here:

Introduction

This guide details howto setup notifications to email you when someone logs into your linux server using root SSH.  If your server is subject to a brute force attack or your password is leaked and your server logged into you would then be aware of a succesful login.

Step 1 – Install mailx (Mail Client)

In this tutorial we will use mailx to send the notification emails, depending on which distribution of linux you are using you can install mailx using one of the following commands:

On Debian & Ubuntu 

apt-get install mailx

On RedHat & Centos

yum install mailx

On AlmaLinux & RockyLinux

dnf install mailx

 

Step 2 – Configure the Alerts

a) Navigate to the root directory and edit the bashrc file:

cd /root
nano .bashrc

b) Copy the text below into the file, be sure to replace “DeviceName” with the hostname of your server and change your@yourdomain.com to the email address where you want to recieve the alerts.

echo 'ALERT - Root Shell Access (DeviceName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" your@yourdomain.com

 

Step 3 – Test the alerts

Simply test the alerts by opening a new SSH session to your server!

Table of Contents
supermicro server

– Limited Offer –

 

Dual Core Xeon E3-1220L 2.20Ghz 

 

Only £29/Month