When you run a website, it is important to keep track of who is logging into your server, especially as root. Unauthorized logins can cause serious security issues, as they will most likely have access to every part of your server. Generally, what system administrators do is setup an automated email alert that sends them a message every time there is a root login to their system. In this article, we will look at how to setup email alerts for root login in Linux. It will also send IP address of user who has logged in, so that you can block that IP address, if it is unknown.
How to Setup Email Alerts for Root Login in Linux
Here are the steps to setup email alerts to root login in Linux. We will use mailx software for this purpose.
1. Install Mailx
Open terminal and run the following command to install Mailx.
Debian/Ubuntu
# apt-get install mailx
Redhat/Fedora/CentOS
# yum install mailx
2. Setup SSH Root Login Email Alerts
Login as root and go to root’s home folder.
$ cd /root
Next, we need to set add command to .bashrc file which contains environment variable settings for logged in users.
$ sudo vi .bashrc
Add the following line to it.
sudo echo 'ALERT - Root Shell Access (ServerName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" your@yourdomain.com
Replace ServerName with your domain name, your@yourdomain.com with the email id of system administrator.
Save and close the file. Every time you or someone else logs in as root, .bashrc script will be executed and the system administrator whose email is mentioned in .bashrc file will receive a mail.
Here is a sample email.
ALERT - Root Shell Access (exampl.com) on: Thu Nov 24 13:59:40 UTC 2021 ubuntu pts/0 2021-11-24 16:59 (192.162.251.125)
3. Setup email alerts for other users
Similarly, you can also setup email alerts for other users (e.g. ubuntu). Log into your system as ubuntu. Go to the home folder of this user
$ cd /home/ubuntu
Open .bashrc file for this user.
$ sudo vi .bashrc
Add the following line to it.
sudo echo 'ALERT - Root Shell Access (ServerName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" your@yourdomain.com
Replace ServerName with your domain name, your@yourdomain.com with the email id of system administrator.
It is the same command used in step 2 above, for alerting root logins. In this case, when someone logs in as ubuntu, this .bashrc file will be executed and your system administrator will be alerted.
This way you can setup automated email alerts for any user on your system. You need to log in as user, go to that user’s home folder, open that user’s .bashrc file and add the above echo command. Save and close the file.
In this article, we have seen how to setup email alerts for root logins as well as for other user logins.
However, on a separate note, it is always advisable to disable SSH root login for further safety.
Also read:
How to Extract IP Address from Log Files
How to Switch User Password Without Password
How to Find Most Frequent IP Address Accessing Website
How to Zip Files & Folders in Linux
What are the Different Shells in Linux
Related posts:
Shell Script to Count Number of Words in File
How to Fix "mv: Argument List too Long" Error
Sed Command to Replace String in File
How to Encrypt File in Linux
How to Merge Folders & Directories in Linux
How to mkdir Only if Directory Does Not Exist
How to Prompt for User Input in Shell Script
How to Undo or Redo Yum Install in RHEL/CentOS/Fedora
Sreeram has more than 10 years of experience in web development, Python, Linux, SQL and database programming.