Set Email Alert SSH Login On Linux Server

Email Alert SSH Login On Linux Server

Overview

As SysAdmin maintaining server security is our first important task. Whenever we launch a new server for production. We have to make sure the security on the server is not compromised. Because if someone enters server as root user using bruce attack techniques then think how he will damage your server. Anyone who has root access can do anything on the server.

To make SSH Secure, we will set up an Email alert on the server. so we will get an alert if someone trying to login on the server using SSH.

Follow below link to another SSH article for securing the SSH login.

 

READ : 5 simple steps for key based authentication SSH

 

Always make a practice to not directly login with root user via SSH. If you want to access server first login with the normal user then use su to switch in root user.

In this article, we will look simple way to know when someone tries to log in as the root user. It will provide or send an email alert ssh login notification to the mentioned email ids with IP of the last login.

Let's see the configuration steps to get Email alert ssh login on a Linux server.

To make this setting on the server you must have root level access on the server.

1. Install mailutils

We need to install "mailutils" package on the server which will help to send email alerts from the server.

Below command help to install this package on Ubuntu/Debian/Mint distros.

$ apt-get install mailutils

If you want to setup own local postfix server then follow below links which help you to install and configure Postfix Mail Server.

 

Read : Steps To Install Postfix Server on Linux

Read : Integration of squirrelmail with postfix server on Linux

 

2. Email Alert SSH Login

Once you install mailutils package, now go to the /root directory.

$ cd /root

Now open ".bashrc" file which by default resides under the home section of the user. Add below-provided Email alert variable in this file.
Do remember ".bashrc" is a hidden file. You need to use "ls -al" to see the hidden files. if this file is not present then create a new file and add the Email alert.

$ vim /root/.bashrc

#Add below line,
echo "ALERT : Root Shell Access on: $(date) $(who)" | mail -s "Alert: Root Access from `$(who) | cut -d'(' -f2 | cut -d')' -f1`" youemail@com

save and close the file.

Now logout from root user and log in back again. when you login with root user, you will get Email alert ssh login mail on your email id.

Output Email Alert:

ALERT : Root Shell Access on: Wed Oct 5 20:13:57 IST 2016 prashanttty8 2016-10-03 12:20 (:0)

That's it now your server is secure with an email alert. If you want to set it for the Normal user also then follow the same steps. Make sure to change the .bashrc file of that user only. .bashrc file is by default resides under "/home/username/.bashrc". If the file is not available then create a new file with the .bashrc name then it will work without issues.

I hope you like the article if you find any difficulties using this article then please do comment your queries or problem via the comment section, till then stay tuned to techthings.org for more such valuable articles.

Latest Comments
  1. steve October 12, 2016
    • Prashant Thorat October 12, 2016
  2. Ravi October 23, 2016
    • ashwin December 14, 2016
  3. harry December 13, 2016

Leave a Reply

Your email address will not be published. Required fields are marked *