As a Linux system administrator you must receive a notification from the server for all types of activities.
This could be a system update, user login alert, service failed or hang, high memory usage, disk usage, CPU usage.
In this article, we will show you how to set up email alert for ssh root login on Linux system.
This is one of the mandatory tweak we consider in our environment to receive an alert for unauthorized or illegal login access to the root user.
Also, I recommend you to set a strong password and change the password frequently for best security practices.
You can check your password strength and score on Linux using this article.
Go to this article to set up a password complexity on Linux.
By default the ssh tool configuration comes with possible security parameters, but you can modify a lot of parameters based on your need and environment to make the Linux system more secure.
It can be done by adding a line bash script in the root user “.bashrc” file.
Since the “.bashrc” file plays an important role in this tutorial, I will give a detailed description of it.
What is the Purpose of the .bashrc file
The “.bashrc” file is a script that is executed whenever a new terminal session is started in interactive mode.
It contains a set of configurations for the terminal session, which includes setting up or enabling: colouring, completion, the shell history, command aliases and more.
It can be found in a user’s home folder. This is a hidden file and you should use the ls command with the “-a” option to display hidden files on your computer.
1) How to Enable Email Alerts for the root User
Log in as a root and add the below one line script to the root user “.bashrc” file to achieve this.
# vi .bashrc echo 'ALERT - SSH root shell access found on '$HOSTNAME' on:' `date` `who` | mail -s "Alert: SSH root shell access" [email protected]
Run the below command to reload the “.bashrc” file.
# source .bashrc
Alternatively, you can run the below command. It does the same thing and easy to remember. It replaces the shell with given command without creating a new process.
# exec bash
When you have done, log in as a root in the new session. After logging in, you will receive a mail alert like the one below.
ALERT - SSH root shell access found on server.2daygeek.com on: Mon Oct 14 11:35:07 IST 2019 root :1 pts/0 2019-10-14 09:34 (219.91.219.14)
If you want to add multiple email IDs in the script, add a space between the email id.
# vi .bashrc echo 'ALERT - SSH root shell access found on '$HOSTNAME' on:' `date` `who` | mail -s "Alert: SSH root shell access" [email protected] [email protected]
2) How to Enable Email Alerts for a Specific User
This is similar to the above script, but you need to add the following script to the associated user’s “.bashrc” file and change the content of the alert.
# vi /home/daygeek/.bashrc echo 'ALERT - '$USER' shell access found on '$HOSTNAME' on:' `date` `who` | mail -s "Alert: User shell access" [email protected]
3) How to Enable Email Alerts for All Users
This is similar to the above script, but you need to add the following script to the global “/etc/bashrc” file.
# vi /etc/bashrc echo 'ALERT - '$USER' shell access found on '$HOSTNAME' on:' `date` `who` | mail -s "Alert: User shell access" [email protected]
Run the below command to reload the “/etc/bashrc” file.
# source /etc/bashrc
