Email notification of Root Login

Keeping track of who logs into your Dedicated Server and when is very important, especially when you’re dealing with the super user account. We recommend that you use an email address not hosted on the server your sending the alert from.

So lets get started!

1. Login to your server and su to root.

2. cd /root

3. vi .bashrc

4. Scroll to the end of the file then add the following:
echo ‘ALERT – Root Shell Access (YourserverName) on:’ `date` `who` | mail -s “Alert: Root Access from `who | cut -d'(‘ -f2 | cut -d’)’ -f1`” you@yourdomain.com

Replace YourServerName with the handle for your actual server
Replace you@yourdomain.com with your actual email address

5. Save and exit vi (:wq)

Now logout of SSH, close the connection and log back in! You should receive an email address of the root login alert a few minutes afterwards.

Note: This is a great tool for Dedicated Servers that have multiple admins or if you give someone SSH access for whatever reason, although you should give out the root password to as few people as humanly possible and be sure to change it often.

 

Both comments and pings are currently closed.

Comments are closed.