Get an Email Alert when Somebody Logs in as Root

 

How to setup an Email alert when somebody has logged into your server as root? #

It is suggested to set an email alert when somebody gets logged into your server via. SSH/root.

You need to make amendments to the .bashrc that is available under the ‘/root’ partition. This file is a hidden, therefore you must use the -a flag with ls command to view all the hidden files.

Then add the below code to the bottom of the existing code :

echo ‘SSH Root Access (Your Server Name) on:’ `date` `who` | mail -s “ALERT: Root Access from `who | cut -d”(” -f2 | cut -d”)” -f1`” [email protected]

Then save and exit.

NOTE: We suggest you :

  • Not to enable root logins over SSH.
  • Also, it is useful to use an email address which isn’t hosted on the same server from which the notifications would be sent.
  • This procedure is suitable only for those customers who have an SSH access ie. with VPS Hosting, Cloud Hosting, Semi-Dedicated Servers and Dedicated Hosting Servers.

This procedure should be helpful to all the customers who have servers with multiple administrators or have to provide an SSH access to somebody on a regular basis. Here again, we would stress on limiting the disclosure of the Root password and keeping it to minimum. Further, we would like to encourage you to change it on a regular basis.

Though, the mentioned procedure would not help if someone tries to hack into your server using the latest kernel exploit, due to the basic fact that, the hacker would create a different SSH or telnet connection. Inorder to protect your server from such activities, you must keep your server updated, get a firewall installed and adopt the updated security releases.

You must re-check if the modifications are working fine. If you face an issue with that and need an assistance, please contact our 24×7 Linux Technical Support Team either via. Live Chat or raise a ticket at the helpdesk.

Powered by BetterDocs

Leave a Reply

Your email address will not be published. Required fields are marked *

en_USEnglish