Send Email on Root Login

Since root should not have direct log in access via SSH and we have set up our user to use sudo, root should get logged into very rarely. In an effort to alert the System Administrator when someone logs into root, I have set up my system to send out an email on root log in.

• Log in as root

  su -

• Change to the root user’s home directory

  cd ~

• Edit the root user’s .bashrc file (in this example I use nano, but using vi, emacs, pico, etc. is fine)

  nano .bashrc

• Add the following block of code to the end of .bashrc. This will send an email to example@example.com (change as appropriate)

  echo 'ALERT - Root Shell Access () on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" example@example.com

• When rootlogs in you will receive a message similar to this

  ALERT - Root Shell Access () on: Tue Jun 16 11:04:10 CDT 2009 user123 pts/0 2009-06-16 11:04

Word of warning: Send this to an email account that is not hosted on the same machine. If someone can log into root, they can see mail spools on the entire server. It would be a trivial matter to delete this message from the spool so the real System Administrator never sees this message.