Thursday 2 May 2013

Email alert on root SSH Login in Linux

We can able to track whenever someone logs into root via SSH.

First login to your Server and goto "/root/" directory

          [root@iitb-st ~]# cd /root/
          [root@iitb-st ~]# vim .bashrc 


                           go to last line and add below command

              echo 'ALERT - Root Shell Access (Server Name) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" server@manivel.com

               :wq
         
       Note:
                 Server Name --> Your server name
server@manivel.com --> Your mail id

Now logout of SSH and login back.You should receive an email address of the root login alerts.