It’s very Crucial Thing to keep track of what’s happening with the servers while one installs, configures and secures a Linux Server in Production Environment. Here Keep Tracks means to have an eye on the things like who logged into the server and when. It is crucial because if someone log into your servers as root user using brute force techniques on SSH, then he /she can easily destroy the server. There are some methods that block these kinds of SSH Attacks and some of them are detailed below.

How To Block SSH Attacks ?

First of all, the things which one should avoid is the Open Root User via SSH Login (Create Non-root Accounts with Sudo Access). If it is necessary then be assured that you have chosen the hardest as well as strongest password for root user. You should also configure the email alerts so that when someone log into the server by using root user details then you get an Email Alert. This Email alert has the IP address of the user who tried to log in; if the user seems dangerous or specious then you can easily block his / her IP Address.

Before Configuring Email Alerts you must also have some knowledge about Nano or Vi Editor and Mailx (Mail Client). You can set Email alerts for both Root Users and Normal Users. You can easily install Mailx by using following command:

Code:
# apt-get install mailx (On Debian / Ubuntu / Linux Mint)
If you want to install mailx on RHEL / CentOS / Fedora then use following command :

Code:
# yum install mailx
How to Set Email Alert on Root SSH Login in Linux ?

1. Log in as Root User and Go To root directory by using this command:

Code:
cd /root
2. Open the ".bashrc" file in editable mode with this command :

Code:
vi .bashrc
3. At the end of file, add the below code then save the file and finally log out your SSH panel.

Code:
echo 'ALERT - Root Shell Access (ServerName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" you@yourdomain.com
After this you will get Email Alert, whenever anyone log into the Servers.

How to Set Email Alert on SSH Normal User Login ?

1. Log in as Normal User and Go To user’s home directory by using the command.

Code:
cd /home/user
2. Open the file ".bashrc" file in editable mode :

Code:
vi .bashrc
At the end of file, add following code then save the file and finally log out your SSH panel.

Code:
echo 'ALERT - Root Shell Access (ServerName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" you@yourdomain.com
You can easily set Email Alerts for any user by editing user’s .bashrc file under the user’s home directory as shown above.
Author
bhawanisingh
Views
3,676
First release
Last update
Rating
0.00 star(s) 0 ratings
Top