To improve the security of the server, especially web server which exposes to the internet and worldwide hackers, it’s a good way to enable the server to send a notification email automatically to a predefined email address every time someone logs in as “root” to the host. To configure the automatic email alert notification to a default email address on each incident of root login to the server, use the following guide:
Step 1 – On Debian/Ubuntu/Linux Mint
# apt-get install mailx
Step 1 – On RHEL/CentOS/Fedora
# yum install mailx
Step 2 – Now login as a root user and go to the root’s home directory by typing cd /root command:
# cd /root
Step 3 – Open .bashrc file with vi or nano editor. Please remember .bashrc is a hidden file, you won’t see it by doing ls -l command. You have to use -a flag to see the hidden files in Linux.
# vi .bashrc
Step 4 – Add the following line at the bottom of the file, make sure to replace “ServerName” with a hostname of your server and change “email@example.com” with your email address:
echo 'ALERT - Root Shell Access (ServerName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" firstname.lastname@example.org
Step 5 – Save and close the file and logout and log back in. Once you login via SSH, a .bashrc file by default executes and sends you the root login alert.