It’s very Crucial Thing to keep track of what’s happening with the servers while one installs, configures and secures a Linux Server in Production Environment. Here Keep Tracks means to have an eye on the things like who logged into the server and when. It is crucial because if someone log into your servers as root user using brute force techniques on SSH, then he /she can easily destroy the server. There are some methods that block these kinds of SSH Attacks and some of them are detailed below.
How To Block SSH Attacks ?
First of all, the things which one should avoid is the Open Root User via SSH Login (Create Non-root Accounts with Sudo Access). If it is necessary then be assured that you have chosen the hardest as well as strongest password for root user. You should also configure the email alerts so that when someone log into the server by using root user details then you get an Email Alert. This Email alert has the IP address of the user who tried to log in; if the user seems dangerous or specious then you can easily block his / her IP Address.
Before Configuring Email Alerts you must also have some knowledge about Nano or Vi Editor and Mailx (Mail Client). You can set Email alerts for both Root Users and Normal Users. You can easily install Mailx by using following command:
If you want to install mailx on RHEL / CentOS / Fedora then use following command :
How to Set Email Alert on Root SSH Login in Linux ?
1. Log in as Root User and Go To root directory by using this command:
2. Open the ".bashrc" file in editable mode with this command :
3. At the end of file, add the below code then save the file and finally log out your SSH panel.
After this you will get Email Alert, whenever anyone log into the Servers.
How to Set Email Alert on SSH Normal User Login ?
1. Log in as Normal User and Go To user’s home directory by using the command.
2. Open the file ".bashrc" file in editable mode :
At the end of file, add following code then save the file and finally log out your SSH panel.
You can easily set Email Alerts for any user by editing user’s .bashrc file under the user’s home directory as shown above.
How To Block SSH Attacks ?
First of all, the things which one should avoid is the Open Root User via SSH Login (Create Non-root Accounts with Sudo Access). If it is necessary then be assured that you have chosen the hardest as well as strongest password for root user. You should also configure the email alerts so that when someone log into the server by using root user details then you get an Email Alert. This Email alert has the IP address of the user who tried to log in; if the user seems dangerous or specious then you can easily block his / her IP Address.
Before Configuring Email Alerts you must also have some knowledge about Nano or Vi Editor and Mailx (Mail Client). You can set Email alerts for both Root Users and Normal Users. You can easily install Mailx by using following command:
Code:
# apt-get install mailx (On Debian / Ubuntu / Linux Mint)
Code:
# yum install mailx
1. Log in as Root User and Go To root directory by using this command:
Code:
cd /root
Code:
vi .bashrc
Code:
echo 'ALERT - Root Shell Access (ServerName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" you@yourdomain.com
How to Set Email Alert on SSH Normal User Login ?
1. Log in as Normal User and Go To user’s home directory by using the command.
Code:
cd /home/user
Code:
vi .bashrc
Code:
echo 'ALERT - Root Shell Access (ServerName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" you@yourdomain.com