If you are using Linux server, you must have enhanced security by Changing Default SSH port. (If you haven’t you should do it immediately). To further secure your environment, you should consider setting alerts for root login.
Setting alerts for root account login is useful in many ways. To track who logged in and for security reason,
Steps to enable Alerting for root login
- Login to server and switch to root user.
- Open file /root/.bash_profile and append the code below.
/usr/bin/echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" firstname.lastname@example.org
Simple, isn’t it?
You can try to login/switch to root user and you should get the email like this.
ALERT - Root Shell Access on: Thu Jul 23 09:42:46 UTC 2020 user pts/0 2020-07-23 09:42 (xx.xx.xx.xx)