As SysAdmin keeping up server security is our first essential undertaking. At whatever point we dispatch another server for production. We need to ensure the security on the server is not traded off. Since in the event that somebody enters server as root using brut force attack techniques. At that point figure how he will harm your server. Any individual who has root access can do anything on the server.
To secure SSH login, you can set an email alert whenever any user login on the server and trying to login using SSH.
Continuously influence a training to not straightforwardly to login with root client by means of SSH. On the off chance that you need to get to server first login with the ordinary client at that point utilize su to switch in root client.
In this article, we will look straightforward approach to know when somebody tries to sign in as the root client. It will give or send an email alarm ssh login warning to the specified email ids with IP of the last login.
Install Mail Client
Mail command is sued to send mail from the server. There are lots of mail client is available in market such as mailx, mutt, etc. Type the below command to install the mail client on the system.
# apt-get install mailutils
Email Alert During SSH Login
After installing mailutils tools on the system now go to /root directory.
# cd /root
Presently open “.bashrc” file which is default file under the home area of the client. Include underneath gave below-provided Email alert variable in this file.
Do recall “.bashrc” is a hidden file. You have to utilize “ls – al” to see the hidden file. on the off chance that this file is absent at that point make another file and include the Email alert.
# vim /root/.bashrc #Add below line, echo "ALERT : Root Shell Access on: $(date) $(who)" | mail -s "Alert: Root Access from `$(who) | cut -d'(' -f2 | cut -d')' -f1`" [email protected]
save and close the file.
Now logout from root user and log in back again. when you login with root user, you will get Email alert ssh login mail on your email id.
That is it now your server is secure with an email alert. On the off chance that you need to set it for the Normal client likewise then take after similar steps. Make a point to change the .bashrc file of that client as it were. .bashrc file is naturally lives under “/home/username/.bashrc“. On the off chance that the file is not accessible at that point make another file with the .bashrc name then it will work without issues.