To improve the security of a Linux server, especially a web server, which is exposed to the Internet and possible worldwide hackers, it’s best to enable the server to automatically send a notification email to predefined email address anytime someone logs in as root to the host. To configure the automatic email alert notification to a default email address on each incident of root log on on the server, use the following guide.
1. Login to the server via SSH using as root ID.
2. Ensure that you’re at home directory of root. Then open up the .bash_profile for editing using pico or vi by typing one of the following commands at command shell line:
Using Pico# pico .bash_profile
Using Nano# nano .bash_profile
Using Vi# vi .bash_profile
3. Scroll down to the end of the file and add the following line:
“echo ‘ALERT – echo ‘ALERT – Root Shell Access (YourserverName) :’ `date` `who` | mail -s “Alert: Root Access from `who | cut -d”(” -f2 | cut -d”)” -f1`” user@example.com” (Without the quotes)
Now logout and login again as root, you should receive an email alert at your inbox. This works on most popular flavor of Linux such as RedHat, CentOS, Ubuntu, FreeBSD , etc.
4. Replace user@email.com with the actual email account address that you want to the root access alert notification been sent to. Note that you can change the text contains in the email alert too. You will want to change the (YourserverName) to your actual server name or hostname.
No comments:
Post a Comment