Server login notifications (SSH / TERMINAL) are cheap and cheerful
Greetings to the community. This is the first publication, far from a pro administrator, but just wanted to share a short and simple experience, which can be useful for a newcomer like myself.
It turned out that it took about 30 VDS-ok on Debian to be controlled, which I was safely “transferred” under supervision (and I’m more like a programmer than * nix-administrator). And the first thought that came to mind after the basic operations for changing and checking access was “If I missed something, I want to know about the connections quickly”. There are recipes (including on Habré) linking authorization events via SSH and email notifications, which I used as a base, but I still wanted to be quick and informative. In general, I ended up with just such a “system”, which works quite successfully within a month and informs me of any fact of authorization.
On everything about everything it takes about 5-10 minutes, not more. Well, now the actual technicals.
')
Ps. Everything was done on Debian9 x 64 (if this is important).
/ sbin / onlogged
/ sbin / telegram
/ etc / ssh / sshrc
/etc/bash.bashrc
Perhaps this is all trite and simple, but someone will be interesting or just a base for creating something of their own.
It turned out that it took about 30 VDS-ok on Debian to be controlled, which I was safely “transferred” under supervision (and I’m more like a programmer than * nix-administrator). And the first thought that came to mind after the basic operations for changing and checking access was “If I missed something, I want to know about the connections quickly”. There are recipes (including on Habré) linking authorization events via SSH and email notifications, which I used as a base, but I still wanted to be quick and informative. In general, I ended up with just such a “system”, which works quite successfully within a month and informs me of any fact of authorization.
- Using the manuals for the API telegram, a token and chat id were received for the bot of notifications (I will not spread here, it's all easy and simple to be found in line 1-2 of the search engine).
- Two scripts have been created, the code from which will be placed below. In principle, you can put everything in one file, but since I wanted modularity, then I carried out in a separate script the function of sending a notification to the telegram-bot.
- In the two configuration files, I added a call to the script to register the event of entry to the server and restarted the SSH service.
On everything about everything it takes about 5-10 minutes, not more. Well, now the actual technicals.
')
Ps. Everything was done on Debian9 x 64 (if this is important).
/ sbin / onlogged
#!/bin/sh if [ "$1" = "ssh" ] && [ -z "$TERM" ] ; then MESS="USER USE SSH AUTH [not console]" elif [ "$1" = "bash" ] && [ ! -z "$TERM" ] ; then if [ ! -z "$SUDO_USER" ] && [ "$TERM" = "linux" ] ; then MESS="USER USE SUDO DISPLAY CONSOLE [terminal]" elif [ ! -z "$SUDO_USER" ] && [ ! "$TERM" = "linux" ] ; then MESS="USER USE SUDO SSH CONSOLE [ssh session]" elif [ "$TERM" = "linux" ] ; then MESS="USER USE DISPLAY CONSOLE [terminal]" elif [ ! -z "$SSH_TTY" ] ; then MESS="USER USE SSH CONSOLE [ssh session]" else MESS="USER LOGGED [unknown]" fi fi if [ ! -z "$MESS" ] ; then if [ ! -z "$SSH_TTY" ] ; then M_TTY=" TTY = $SSH_TTY |" fi if [ ! -z "$SUDO_USER" ] ; then M_SUDO=" SUDO = $SUDO_USER |" fi if [ ! -z "$TERM" ] ; then M_TERM=" TERM = $TERM |" fi SEND="$MESS | USER = $USER |$M_TTY$M_SUDO$M_TERM" /sbin/telegram "$SEND" "ALERT" > /dev/null fi / sbin / telegram
#!/bin/sh if [ $# -gt 0 ] then text="[$2] `cat /etc/hostname` : $1" url="https://api.telegram.org/bot{TOKEN}/sendMessage" curl \ --data-urlencode "chat_id={CHAT_ID}" \ --data-urlencode "text=$text" \ --connect-timeout 10 \ --max-time 10 \ $url > /dev/null 2>&1 else echo "Text is empty" fi / etc / ssh / sshrc
/sbin/onlogged ssh /etc/bash.bashrc
... ... /sbin/onlogged bash Perhaps this is all trite and simple, but someone will be interesting or just a base for creating something of their own.
Source: https://habr.com/ru/post/441774/
All Articles