Search Our Database

How to set SSH root login email alerts in a Linux Server

Last updated on |
by

Important Note:  This is meant for POC\Test environments. The recommendation is to research security vulnerabilities with Mailx before installing in hardened production environments.

Introduction

To improve the security of the server, especially the webserver which exposes to the internet and worldwide hackers, it’s a good way to enable the server to send a notification email automatically to a predefined email address every time someone logs in as “root” to the host. To configure the automatic email alert notification to a default email address on each incident of root login to the server, use the following guide:

 

Step-by-Step Guide

1. On Debian/Ubuntu/Linux Mint

apt-get install mailx

On RHEL/CentOS/Fedora

yum install mailx

 

2. Now login as a root user and go to the root’s home directory by typing cd /root command:

cd /root

 

3. Open .bashrc file with vi or nano editor. Please remember .bashrc is a hidden file, you won’t see it by doing ls -l command. You have to use -a flag to see the hidden files in Linux

vi .bashrc

 

4. Add the following line at the bottom of the file, make sure to replace “ServerName” with a hostname of your server and change “your@yourdomain.com” with your email address

echo 'ALERT - Root Shell Access (ServerName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" your@yourdomain.com

 

5. Save and close the file and logout and log back in. Once you log in via SSH, a .bashrc file by default executes and sends you the root login alert.

 

Source: How to Set SSH Login Email Alerts in Linux Server

 

Conclusion

This simple setup helps improve server security by notifying you of every root login via email, allowing you to monitor unauthorized access.

For additional assistance, or if you encounter issues, please contact our support team at support@ipserverone.com.

 

Article posted on 2020-04-04 by IPSERVERONE