How to Set SSH Login Email Alerts in Linux Server
Note: This is meant for POC\Test environments. The recommendation is to research security vulnerabilities with mailx before installing in hardened production environments.
On Debian/Ubuntu/Linux Mint run command below;
# apt-get install mailx
On RHEL/CentOS/Fedora run command below;
# yum install mailx
Set SSH Root Login Email Alerts
1. Login as root user and go to root’s home directory by typing cd /root command.
# cd /root
Next, add an entry to the .bashrc file. This file sets local environment variables to the users and does some login tasks.
1. Open .bashrc file with vi or nano editor.
Note: .bashrc is a hidden file, it won't be seen by doing ls -l command. To find Hidden file you use the ls -a flag to see hidden files in Linux.
# vi .bashrc
2. Add the following whole line at the bottom of the file.
Make sure to replace “ServerName” with a hostname of your Server and change “[email protected]” with a your email address.
echo 'ALERT - Root Shell Access (ServerName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" [email protected]
Save and close the file and logout and log back in.
3. Once re-login occurs via SSH, a .bashrc file by default executed and sends an email address of the root login alert.
Sample Email Alert;
ALERT - Root Shell Access (Database Replica) on: Thu Nov 28 16:59:40 IST 2013 tecmint pts/0 2013-11-28 16:59 (172.16.25.125)
4. Set SSH Normal User Login Email Alerts
Login as normal user (youruser) and go to user’s home directory by typing cd /home/youruser/ command.
# cd /home/youruser
5. Next, open .bashrc file and add the following line at end of the file. Make sure to replace values as shown above.
echo 'ALERT - Root Shell Access (ServerName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" [email protected]
6. Save and close the file and logout and login again.
Once logging back again, a .bashrc file executed and sends an email address of the user login alert. This can set an email alert on any user to receive login alerts.
7. If additional Alerts are needed, Open the user’s .bashrc file which should located under the user’s home directory (i.e. /home/username/.bashrc) and set the login alerts as described above.