As a Linux system administrator, it is important to know when someone logs into your server, especially as root. Unauthorized logins can cause serious security issues, as they can gain full access to the system and install unwanted and malicious software on it, among other things. Therefore, it is recommended to set up an automatic email alert that sends a message every time root is logged into the system. In this tutorial we will show you how to set up email alerts that will send a mail with time and IP address of the user logging in every time root logs in.
Make sure you can send email messages from the command line of your system. If you are not sure you can check this with a simple command.
# echo "This is a test" | mail -s "test message" email@example.com
In case this fails and you don’t have mta installed, you can follow this tutorial to install it on your system
Now open the .bashrc file.
# vi /root/.bashrc
And add code at the bottom of the file.
echo 'ALERT - Root Shell Access (<your_hostname>) on:' `date` `who` | mail -s "Alert: Root Access on <your_hostname>" firstname.lastname@example.org
Change the highlighted items with your own credentials.