It’s very crucial to keep track of what is happening with servers and who logs into the server as far as the security of the server is concerned. Any user who gains root access can do whatever he wants. So its highly necessary to Setup an Email alert when something anonymous takes place. For receiving an alert if someone logs in as root to your server, you will have to make some changes to .bashrc that is available under the ‘/root’ partition.
This file is a hidden one, therefore you must use the –a flag with ls command to view all the hidden files.
Specify the below code at the bottom of the existing code;-
echo ‘SSH Root Access (Your Server Name) on:’ `date` `who` | mail -s “ALERT: Root Access from `who | cut -d”(” -f2 | cut -d”)” -f1`” email@example.com
Then save and exit.
Do not enable the root logins on SSH (highly recommended).
It is always useful to use an email address which isn’t hosted on the same server from which the notifications would be sent. But this would not help if someone tries to hack your server using the latest kernel exploit. Therefore it is always a good practice (from the security point of view), to get notified instantly through an email when someone logs into your server through SSH with root privileges.
Read our exciting blog Post: Guide to Install PIP on CentOS 7