---
title: "A SSH monitoring platform with Discord !"
date: 2017-10-27
url: a-ssh-monitoring-platform-with-discord
layout: post
category: Security
image: /img/blog/a-ssh-monitoring-platform-with-discord_1.png
---

[![A missing blog post image](/img/blog/a-ssh-monitoring-platform-with-discord_1.png)](/img/blog/a-ssh-monitoring-platform-with-discord_1.png)

### Introduction

Two days ago, I came up with an idea : "Why not use Discord as a monitoring platform for servers I manage ?".  
I meant, we actually use [GitHub's web-hooks](https://support.discordapp.com/hc/en-us/articles/228383668-Intro-to-Webhooks) (pretty handful during development by the way), but Discord provides an API allowing us to do almost anything we want.

Let's go then !
You'll find below a short tutorial to build your first web-hook, announcing each SSH connection occurring on the server of your choice.

### Features

* Send a notification when a connection occurs

* Announce the session opened and the server name (useful if you have many on the same Discord channel)

* Display the result of a reversed DNS query on the source IP

* Ability to send the same message by SMS with [Free SMS API](https://www.freenews.fr/freenews-edition-nationale-299/free-mobile-170/nouvelle-option-notifications-par-sms-chez-free-mobile-14817) (French users)

### Tutorial

#### Creating a Discord web-hook

That's pretty easy actually. If you never did that in the past, just go to the settings of a channel you have rights on, click on **webhooks**, and on **Create webhooks**. You should now have a pop up like this :

[![A missing blog post image](/img/blog/a-ssh-monitoring-platform-with-discord_2.png)](/img/blog/a-ssh-monitoring-platform-with-discord_2.png)

Look at the URL of your new web-hook, and extract from it its identifier (first parameter), and its token (the second one).

#### Deploying a script hook on SSHD

> A "hook" ?? Not again !
>> — Well... hum, yeah. Sorry.

Actually, somehow we need to make _SSHD_ execute something to notify us when an event is occurring. This is what you have to do to get it working :

1. Install the requirements :

   * **python3**

   * **python3-requests**

   * **dnsutils**

2. Fetch the [_Python_ script I wrote](https://gist.github.com/HorlogeSkynet/054e363ade6093e24dd97ea19debff9e) for the occasion

3. Set your Discord web-hook information (_id_ & _token_) within the script

4. Move it to the `/usr/local/bin/` folder (or anywhere else, but `sshd` will need to access it !), and set its permissions accordingly :

	* `# mv hook_SSH.py /usr/local/bin/`

	* `# chmod 755 /usr/local/bin/hook_SSH.py`

5. And finally :

	* `# echo 'python3 /usr/local/bin/hook_SSH.py &' >> /etc/ssh/sshrc`

	* `# service sshd reload`

If everything is set, your next occurring SSH connection should trigger a notification on your channel !  
If not, you can contact me and we'll figure something out :wink:  
This script handles testing execution too (not within a SSH environment). You can run it out-of-the-box to check your settings (however, don't expect any IP to show up) !

[![A missing blog post image](/img/blog/a-ssh-monitoring-platform-with-discord_3.png)](/img/blog/a-ssh-monitoring-platform-with-discord_3.png)

#### Addendum about the Free SMS API

In France we got a famous ISP, _Free_. We can blame them for many things, but the API they provide for SMS is just the best thing which never existed.  
This script will send a SMS (with the same content) to the sys-admin who are able to use this API (_coucou la France_), when the _post_ to Discord was not successful (useful when Discord is out) _#backupPlan_.  
Other users should let `SEND_SMS_ON_FAIL` to `False`.

### Some other things you need to know

* This post has been mainly inspired by [this article](https://blog.genma.fr/?SSH-Notification-par-SMS-Freemobile-a-la-connexion), and improved afterward with [its first comment](https://blog.genma.fr/?SSH-Notification-par-SMS-Freemobile-a-la-connexion#forum6551) !

* The funny thing is : 15 days ago, someone has come up with the same idea. I invite you to look at how he actually did this ! It's [here](https://www.danirod.es/blog/linux/receive-sshd-login-notifications/).

* The logo I use for my web-hooks comes from [here](http://www.iconarchive.com/show/button-ui-system-apps-icons-by-blackvariant/Terminal-icon.html), thanks to its author !

Bye :wave:

_PS : That was the first post written in Markdown on this website. I had to re-think the whole thing to get it working :confused: But it was about time, isn't it ?_