Even if it is too late when someone else logs in as root on your server, it is good to know that NOW is the time to get working on your security.
To setup email notification, login to your server as root.
Edit .bashrc
|
1 2 3 |
nano .bashrc |
add the following line at the end, changing “ServerName” to the hostname of your server and “email@thisaddress.com” to your own email address.
|
1 2 3 |
echo 'ALERT - Root Shell Access (ServerName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" email@thisaddress.com |
Save and exit.
Next time someone (hopefuly you) logs on as root, you will get an email about this.
This can be done for any user, you only have to make sure that the user can email out from your server.
11 comments for “Email notification when someone logs in via SSH”