Server login notifications (SSH / TERMINAL) cheap and cheerful
Greetings to the community. This is the first publication, far from being a pro administrator, but I just wanted to share a short and simple experience that may be useful for a newbie like myself.
It so happened that it was necessary to control about 30 VDS-oks on Debian, which I safely “transferred” to supervision (and I’m more like a programmer than a * nix-administrator). And the first thought that came to my mind after the basic operations of changing and checking accesses was “If I missed something, I want to quickly know about the connections.” There are recipes (including on Habré) for binding SSH authorization events and email notifications, which I used as a base, but I still wanted to be responsive and some informative. In general, I eventually got this kind of "system", which for quite a month works quite successfully and informs me of any fact of authorization.
Everything about everything takes about 5-10 minutes, no more. Well, now actually the technicals.
PS. Everything was running on Debian9 x64 (if that matters).
/ sbin / onlogged
/ sbin / telegram
/ etc / ssh / sshrc
/etc/bash.bashrc
Perhaps this is all banal and simple, but someone will be interested or just the basis for creating something of their own.
It so happened that it was necessary to control about 30 VDS-oks on Debian, which I safely “transferred” to supervision (and I’m more like a programmer than a * nix-administrator). And the first thought that came to my mind after the basic operations of changing and checking accesses was “If I missed something, I want to quickly know about the connections.” There are recipes (including on Habré) for binding SSH authorization events and email notifications, which I used as a base, but I still wanted to be responsive and some informative. In general, I eventually got this kind of "system", which for quite a month works quite successfully and informs me of any fact of authorization.
- Using manuals on API telegrams, a token and chat-id were received for the notification bot (I won’t distribute here, it's all easily and simply located in the 1-2 line of the search engine).
- Two scripts were created, the code from which will be posted below. In principle, you can put everything in one file, but because I wanted modularity, then I put in a separate script the function of sending notifications to the telegram bot.
- In two settings files, he added a call to the script for registering the server login event and restarted the SSH service.
Everything about everything takes about 5-10 minutes, no more. Well, now actually the technicals.
PS. Everything was running on Debian9 x64 (if that matters).
/ sbin / onlogged
#!/bin/sh
if [ "$1" = "ssh" ] && [ -z "$TERM" ] ; then
MESS="USER USE SSH AUTH [not console]"
elif [ "$1" = "bash" ] && [ ! -z "$TERM" ] ; then
if [ ! -z "$SUDO_USER" ] && [ "$TERM" = "linux" ] ; then
MESS="USER USE SUDO DISPLAY CONSOLE [terminal]"
elif [ ! -z "$SUDO_USER" ] && [ ! "$TERM" = "linux" ] ; then
MESS="USER USE SUDO SSH CONSOLE [ssh session]"
elif [ "$TERM" = "linux" ] ; then
MESS="USER USE DISPLAY CONSOLE [terminal]"
elif [ ! -z "$SSH_TTY" ] ; then
MESS="USER USE SSH CONSOLE [ssh session]"
else
MESS="USER LOGGED [unknown]"
fi
fi
if [ ! -z "$MESS" ] ; then
if [ ! -z "$SSH_TTY" ] ; then
M_TTY=" TTY = $SSH_TTY |"
fi
if [ ! -z "$SUDO_USER" ] ; then
M_SUDO=" SUDO = $SUDO_USER |"
fi
if [ ! -z "$TERM" ] ; then
M_TERM=" TERM = $TERM |"
fi
SEND="$MESS | USER = $USER |$M_TTY$M_SUDO$M_TERM"
/sbin/telegram "$SEND" "ALERT" > /dev/null
fi
/ sbin / telegram
#!/bin/sh
if [ $# -gt 0 ]
then
text="[$2] `cat /etc/hostname` : $1"
url="https://api.telegram.org/bot{TOKEN}/sendMessage"
curl \
--data-urlencode "chat_id={CHAT_ID}" \
--data-urlencode "text=$text" \
--connect-timeout 10 \
--max-time 10 \
$url > /dev/null 2>&1
else
echo "Text is empty"
fi
/ etc / ssh / sshrc
/sbin/onlogged ssh
/etc/bash.bashrc
... тут весь текущий код ...
/sbin/onlogged bash
Perhaps this is all banal and simple, but someone will be interested or just the basis for creating something of their own.