setup email alerts for root login

How to Setup Email Alerts for Root Login in Linux

When you run a website, it is important to keep track of who is logging into your server, especially as root. Unauthorized logins can cause serious security issues, as they will most likely have access to every part of your server. Generally, what system administrators do is setup an automated email alert that sends them a message every time there is a root login to their system. In this article, we will look at how to setup email alerts for root login in Linux. It will also send IP address of user who has logged in, so that you can block that IP address, if it is unknown.


How to Setup Email Alerts for Root Login in Linux

Here are the steps to setup email alerts to root login in Linux. We will use mailx software for this purpose.


1. Install Mailx

Open terminal and run the following command to install Mailx.

Debian/Ubuntu

# apt-get install mailx

Redhat/Fedora/CentOS

# yum install mailx


2. Setup SSH Root Login Email Alerts

Login as root and go to root’s home folder.

$ cd /root

Next, we need to set add command to .bashrc file which contains environment variable settings for logged in users.

$ sudo vi .bashrc

Add the following line to it.

sudo echo 'ALERT - Root Shell Access (ServerName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" your@yourdomain.com

Replace ServerName with your domain name, your@yourdomain.com with the email id of system administrator.

Save and close the file. Every time you or someone else logs in as root, .bashrc script will be executed and the system administrator whose email is mentioned in .bashrc file will receive a mail.

Here is a sample email.

ALERT - Root Shell Access (exampl.com) on: Thu Nov 24 13:59:40 UTC 2021 ubuntu pts/0 2021-11-24 16:59 (192.162.251.125)


3. Setup email alerts for other users

Similarly, you can also setup email alerts for other users (e.g. ubuntu). Log into your system as ubuntu. Go to the home folder of this user

$ cd /home/ubuntu

Open .bashrc file for this user.

$ sudo vi .bashrc

Add the following line to it.

sudo echo 'ALERT - Root Shell Access (ServerName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" your@yourdomain.com

Replace ServerName with your domain name, your@yourdomain.com with the email id of system administrator.

It is the same command used in step 2 above, for alerting root logins. In this case, when someone logs in as ubuntu, this .bashrc file will be executed and your system administrator will be alerted.

This way you can setup automated email alerts for any user on your system. You need to log in as user, go to that user’s home folder, open that user’s .bashrc file and add the above echo command. Save and close the file.

In this article, we have seen how to setup email alerts for root logins as well as for other user logins.

However, on a separate note, it is always advisable to disable SSH root login for further safety.

Also read:

How to Extract IP Address from Log Files
How to Switch User Password Without Password
How to Find Most Frequent IP Address Accessing Website
How to Zip Files & Folders in Linux
What are the Different Shells in Linux

Leave a Reply

Your email address will not be published.