How to setup an Email alert when somebody has logged into your server as root?
For receiving an alert if someone logs in as root to your server, you will have to make
Some changes to .bashrc that is available under the ‘/root’ partition.
This file is a hidden, therefore you must use the -a flag with ls command to view all the
Specify the below code to the bottom of the existing code;-
echo ‘SSH Root Access (Your Server Name) on:’ `date` `who` | mail -s “ALERT: Root Access from `who | cut -d”(” -f2 | cut -d”)” -f1`” email@example.com
Then save and exit.
Its recommended not to enable root logins on SSH.
Also, it is useful to use an email address which isn’t hosted on the same server from
which the notifications would be sent.