Just leaving these instructions here largely for my own personal future reference. I wanted to receive email alerts if anyone logs in as root or any other accounts on my Linux server box.
First, ensure mailx is installed on the server.
For RHEL/CentOS/FEDORA:
# yum install mailx
For Debian/Ubuntu/Linux Mint:
# apt-get install mailx
Once mailx is installed, we want to update the hidden .bashrc file which is run for a given user every time that user starts a shell session. Login as root and
# cd /root
# nano .bashrc
Add the following line to the .bashrc file updating ServerName and [email protected] with your server’s name and your email address
echo ‘ALERT – Root Shell Access (ServerName) on:’ `date` `who` | mail -s “Alert: Root Access from `who | cut -d'(‘ -f2 | cut -d’)’ -f1`” [email protected]
Save the .bashrc file, and now anytime someone logs in as the root user, it will trigger an email giving the day, time and IP address.
To do the same thing with non-root accounts, simply log in as the account you want to receive notifications for and then
# cd /home/[username]
nano .bashrc
Add the same line we added above for the root user, save, and you’re good to go.