Purpose of this article is to provide a simple and effective way to enable login alert to remote server using SSH and console login.
Here we will use a simple script to send alert to multiple platforms using opensource tools chatz
Lets do it step by step:
1. Install chatz
Check in the project repository and take the latest release tag.
1
2
3
4
TAG=<tag-name>
curl -sL "https://github.com/tech-thinker/chatz/releases/download/${TAG}/chatz-linux-amd64" -o chatz
chmod +x chatz
sudo mv chatz /usr/bin
2. Create env for chatz
- Create a file
/etc/login-alert.envfor environment variables. This env will be varied based on the provider. Kindly check the documentation for chatz env.1 2 3
PROVIDER=<provider-name> TOKEN=<token> CHANNEL_ID=<channel-id>
- Give permission to only root user
1 2
sudo chown root:root /etc/login-alert.env sudo chmod 600 /etc/login-alert.env
3. Create login alert
- Create a login alert script file
/usr/local/bin/login-alert.shwith the following content:1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37
#!/bin/bash # Load env export $(cat /etc/login-alert.env | xargs) USER_NAME="$PAM_USER" LOGIN_TIME=$(date "+%Y-%m-%d %H:%M:%S") HOSTNAME=$(hostname) # Prepare Notification DECOR="=============================" TEXT="" if [ -n "$PAM_RHOST" ]; then LOGIN_TYPE="SSH" IP_ADDR="$PAM_RHOST" TEXT="$TEXT\n$DECOR" TEXT="$TEXT\nDate: ${LOGIN_TIME}" TEXT="$TEXT\nUser: ${USER_NAME}@${HOSTNAME}" TEXT="$TEXT\nFrom: ${IP_ADDR}" else LOGIN_TYPE="Console" TTY="$PAM_TTY" TEXT="$TEXT\n$DECOR" TEXT="$TEXT\nDate: ${LOGIN_TIME}" TEXT="$TEXT\nUser: ${USER_NAME}@${HOSTNAME}" TEXT="$TEXT\nFrom: Console on ${PAM_TTY}" fi # Send Notification case "$PAM_TYPE" in open_session) SUBJECT="🔓 $LOGIN_TYPE Login Detected" TEXT="$DECOR\n$SUBJECT$TEXT\n" chatz --from-env "$TEXT" ;; close_session) SUBJECT="🔒 $LOGIN_TYPE Logout Detected" TEXT="$DECOR\n$SUBJECT$TEXT\n" chatz --from-env "$TEXT" ;; esac
- Make it executable
1
sudo chmod +x /usr/local/bin/login-alert.sh
4. Configure PAM for Remote Login
- Edit file
/etc/pam.d/sshd1
sudo vim /etc/pam.d/sshd - Add the following line at the top of the file
1
session optional pam_exec.so /usr/local/bin/login-alert.sh
- Save and exit the file
5. Configure PAM for Console Login
- Edit file
/etc/pam.d/login1
sudo vim /etc/pam.d/login - Add the following line at the top of the file
1
session optional pam_exec.so /usr/local/bin/login-alert.sh
- Save and exit the file
6. Test Login Alert
- Login to the server using SSH or console
- Check the notification on the configured platform
7. Bonus Tips
If you don’t want to configure globally, you want to use only for your user then you can use shell entrypoint to configure alert.
- Create
.login-alert.envfile in your home directory1 2 3
PROVIDER=<provider-name> TOKEN=<token> CHANNEL_ID=<channel-id>
- Edit
.bashrcor.zshrcbased on your shell1 2 3 4 5 6 7 8 9
export $(cat .login-alert.env | xargs) if [ -n "$SSH_CLIENT" ]; then TEXT="SSH Login detected" TEXT="$TEXT\n=============================" TEXT="$TEXT\nDate: $(date)" TEXT="$TEXT\nUser: ${USER}@$(hostname -f)" TEXT="$TEXT\nFrom $(echo $SSH_CLIENT|awk '{print $1}')" chatz --from-env "$TEXT" fi
- You are done!