Hi,
Today My Simple Topic is 'How to send email alert when any person on root ssh login'..
Like..
If You Want to, Get notified instantly when someone log in your 'root' server with date, time and local ip address then you need to enable email alerts.
It's a good idea in terms of security but in case if it is unavoidable then it can be helpful to setup a monitoring system that can email notifications immediately whenever root access is done.
Step-1 Login to the server as root.
[root@server ashutosh]# cd
[root@server ~]# whoami
root
Step-2 Then install an email routing program like 'sendmail' ..
[root@server ~]# yum install sendmail* -y
Step-3 After this, the .bashrc file needs to be edited for root. This file is the one that is read and all the commands in it are executed upon root login.
[root@server ~]# vim .bashrc
---------------------------------------------------------------------------------------
echo "ALERT – Root Shell Access on:" `date` `who` | mail -s "Alert: Root Access from"user@exaample.com
# Note- Replace Email ID..Which you want to get the email alert...
:wq! (Save & Quet)
---------------------------------------------------------------------------------------
Step-4 Now logout..
Step-5 Now log back in as root via ssh, after a minute or two there will be an email notification at the specified email address stating that root login to server has occured from a specific IP address with timestamp.
Enjoy....!!!
______________________________________________________________________________________
Click Back.. Click Home..
