Introduction

Monitoring root access is critical for maintaining server security. By enabling root login alerts, you can receive instant email notifications whenever someone logs in as the root user. This helps in detecting unauthorized access and improves overall system auditing on your Linux server.

Prerequisites

Before proceeding, ensure the following:

  • You have root or sudo access to the server
  • A mail service (like sendmail/postfix) is properly configured on the server
  • You have a valid email address to receive alerts
  • Basic familiarity with Linux command line editors

Steps to Enable Root Login Alerts

  1. Login to Server
    Access your server via SSH and switch to root user:
    $ su -
  2. Navigate to Root Directory
    $ cd /root
  3. Edit .bashrc File
    Open the file using an editor:
    $ pico .bashrc
  4. Add Alert Command
    Scroll to the end of the file and add the following line:
    $ echo 'ALERT – Root Shell Access (YourServerName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" you@yourdomain.com
    Replace:
  5. Save the File
    Press:
    • Ctrl + X
    • Then Y
    • Press Enter

Conclusion

Enabling root login alerts is a simple yet effective way to enhance server security. By receiving real-time notifications, you can quickly identify and respond to any unauthorized or unexpected root access, helping safeguard your system.

Post Views: 56

Leave a Reply