E-mail Alert on Root SSH Login

Want to be notified instantly when someone logs into your server as root? No problem, check out this nice tutorial on email notification for root logins. Keeping track of who logs into your server and when is very important, especially when you're dealing with the super user account. We recommend that you use an email address not hosted on the server your sending the alert from.
1. Login to your server and su to root, I know the irony!

2. cd /root

3. pico .bashrc
4. Scroll to the end of the file then add the following:
echo 'ALERT - Root Shell Access (YourserverName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" you@yourdomain.com
Replace YourServerName with the handle for your actual server
Replace you@yourdomain.com with your actual email address

5. Crtl + X then Y

Now logout of SSH, close the connection and log back in! You should receive an email address of the root login alert a few minutes afterwards.

Note: This is a great tool for servers that have multiple admins or if you give someone SSH access for whatever reason, although you should give out the root password to as few people as humanly possible and be sure to change it often.

This will not magically alert you when a hacker runs the latest kernel exploit on your server and logs into SSH because they will create their own SSH/telnet connection. You should keep your system up to date, install a firewall and follow the latest security releases.
  • Root SSH Login, E-mail Alert
  • 35 Users Found This Useful
Was this answer helpful?

Related Articles

Options for protecting SSH on Dedicated Servers

Filter by IP - We can set up a firewall to filter SSH access to the SSH port by IP. Change SSH...

install mod_security for Apache

What is mod_security? ModSecurity is an open source intrusion detection and prevention engine for...

How to install BFD (Brute Force Detection)

What is BFD (Brute Force Detection)? BFD is a modular shell script for parsing applicable logs...

Installing and Configuring CSF Firewall

This article demonstrates how to install and configure the CSF (configserver) firewall. CSF can...