Howto Setup Root Login Email Alerts
This guide details howto setup notifications to email you when someone logs into your linux server using root SSH. If your server is subject to a brute force attack or your password is leaked and your server logged into you would then be aware of a succesful login.
Step 1 – Install mailx (Mail Client)
In this tutorial we will use mailx to send the notification emails, depending on which distribution of linux you are using you can install mailx using one of the following commands:
On Debian & Ubuntu
apt-get install mailx
On RedHat & Centos
yum install mailx
On AlmaLinux & RockyLinux
dnf install mailx
Step 2 – Configure the Alerts
a) Navigate to the root directory and edit the bashrc file:
b) Copy the text below into the file, be sure to replace “DeviceName” with the hostname of your server and change email@example.com to the email address where you want to recieve the alerts.
echo 'ALERT - Root Shell Access (DeviceName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" firstname.lastname@example.org
Step 3 – Test the alerts
Simply test the alerts by opening a new SSH session to your server!