It’s a good idea to set email notification on login on your servers.

You can set it by adding a script to your /etc/profile file.

vi /etc/profile

At the bottom add

/path/to/your/script
Now put the script in that path :

!/bin/bash #Author : Amit Nepal #Email : amit@amitnepal.com #This script is free to use as long as you have these lines in the #script. Logging=true; #true/false LOG_FILE=/var/log/amit.log #path to log file SUBJECT="Root Login Alert:hostname" ADMIN="amit@amitnepal.com" #admin email #known ips if you dont want to receive email for login from known ips KNOWN_IPS="192.168.100.10 10.10.20.3 172.16.5.1" loginip=echo $SSH_CLIENT | awk '{print $1}' authorized=false; function message { echo "${msgheader}hostname" echo "-----------------------------------------" echo "Login IP : $loginip" echo "Login User: whoami" echo "Date-Time:date" echo "-----------------------------------------" } for ip in $KNOWN_IPS; do if [ "$loginip" == "$ip" ]; then authorized=true; msgheader="Authorized Login to Server:" fi done if [ ! "$authorized" == "true" ];then msgheader="Unauthorized Login to Server:" #message|mail -s "$SUBJECT" "$ADMIN" #Unauthorized #person logged in.. fi if [ "$Logging" == "true" ]; then message >> $LOG_FILE fi

This way you will get notification whenever someone logs
into your machine.