Do you wish to be notified by email whenever someone login to the server as root? The tip that you read below is useful if more than one admins know the server root password, and you want to know when and where they access the server from.
To make this possible, just edit the file /root/.bashrc and add the below line at the end of the file:
echo 'ALERT - Root Shell Access (YourserverName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" you@yourdomain.com
Replace ‘YourServerName‘ with the handle for your actual server and ‘you@yourdomain.com‘ with your actual email address.
How does this work? You may ask! /home/<user>/.bashrc is one of the scripts executed when a successful login for that user occur. Since we have to be alerted during root logins, we place this code at the end of /root/.bashrc.
Consider the case that you wish to be alerted when a user, say ‘joe‘ login to his account. In that case you can paste the one line code to /home/joe/.bashrc.
Why no one use this very simple solution ? Everybody say use the .bashrc.
man ssh
—-snip—-
/etc/ssh/sshrc
Commands in this file are executed by ssh when the user logs in, just before the user’s shell (or command) is started. See the sshd(8)
manual page for more information.
—-snip—-
Well, what if the user login as ‘joe’ and then switches to ‘root’? You will ultimately need to use .bashrc. Also, a slight error in /ets/ssh/sshrc (even an empty /etc/ssh/sshrc) would result in errors like ‘X11 connection rejected because of wrong authentication’ when you try to run a graphical application via ssh.
I ran into it when I tried /etc/ssh/sshrc and spent a lot of time only to find that an empty file could result in authentication error 😉
thank!
Interesting article comments. This article help to every one……. I wish you all the best……… Thanks. 🙂