--- title: "A SSH monitoring platform with Discord !" date: 2017-10-27 url: a-ssh-monitoring-platform-with-discord layout: post category: Security image: /img/blog/a-ssh-monitoring-platform-with-discord_1.png --- [](/img/blog/a-ssh-monitoring-platform-with-discord_1.png) ### Introduction Two days ago, I came up with an idea : "Why not use Discord as a monitoring platform for servers I manage ?". I meant, we actually use [GitHub's web-hooks](https://support.discordapp.com/hc/en-us/articles/228383668-Intro-to-Webhooks) (pretty handful during development by the way), but Discord provides an API allowing us to do almost anything we want. Let's go then ! You'll find below a short tutorial to build your first web-hook, announcing each SSH connection occurring on the server of your choice. ### Features * Send a notification when a connection occurs * Announce the session opened and the server name (useful if you have many on the same Discord channel) * Display the result of a reversed DNS query on the source IP * Ability to send the same message by SMS with [Free SMS API](https://www.freenews.fr/freenews-edition-nationale-299/free-mobile-170/nouvelle-option-notifications-par-sms-chez-free-mobile-14817) (French users) ### Tutorial #### Creating a Discord web-hook That's pretty easy actually. If you never did that in the past, just go to the settings of a channel you have rights on, click on **webhooks**, and on **Create webhooks**. You should now have a pop up like this : [](/img/blog/a-ssh-monitoring-platform-with-discord_2.png) Look at the URL of your new web-hook, and extract from it its identifier (first parameter), and its token (the second one). #### Deploying a script hook on SSHD > A "hook" ?? Not again ! >> — Well... hum, yeah. Sorry. Actually, somehow we need to make _SSHD_ execute something to notify us when an event is occurring. This is what you have to do to get it working : 1. Install the requirements : * **python3** * **python3-requests** * **dnsutils** 2. Fetch the [_Python_ script I wrote](https://gist.github.com/HorlogeSkynet/054e363ade6093e24dd97ea19debff9e) for the occasion 3. Set your Discord web-hook information (_id_ & _token_) within the script 4. Move it to the `/usr/local/bin/` folder (or anywhere else, but `sshd` will need to access it !), and set its permissions accordingly : * `# mv hook_SSH.py /usr/local/bin/` * `# chmod 755 /usr/local/bin/hook_SSH.py` 5. And finally : * `# echo 'python3 /usr/local/bin/hook_SSH.py &' >> /etc/ssh/sshrc` * `# service sshd reload` If everything is set, your next occurring SSH connection should trigger a notification on your channel ! If not, you can contact me and we'll figure something out :wink: This script handles testing execution too (not within a SSH environment). You can run it out-of-the-box to check your settings (however, don't expect any IP to show up) ! [](/img/blog/a-ssh-monitoring-platform-with-discord_3.png) #### Addendum about the Free SMS API In France we got a famous ISP, _Free_. We can blame them for many things, but the API they provide for SMS is just the best thing which never existed. This script will send a SMS (with the same content) to the sys-admin who are able to use this API (_coucou la France_), when the _post_ to Discord was not successful (useful when Discord is out) _#backupPlan_. Other users should let `SEND_SMS_ON_FAIL` to `False`. ### Some other things you need to know * This post has been mainly inspired by [this article](https://blog.genma.fr/?SSH-Notification-par-SMS-Freemobile-a-la-connexion), and improved afterward with [its first comment](https://blog.genma.fr/?SSH-Notification-par-SMS-Freemobile-a-la-connexion#forum6551) ! * The funny thing is : 15 days ago, someone has come up with the same idea. I invite you to look at how he actually did this ! It's [here](https://www.danirod.es/blog/linux/receive-sshd-login-notifications/). * The logo I use for my web-hooks comes from [here](http://www.iconarchive.com/show/button-ui-system-apps-icons-by-blackvariant/Terminal-icon.html), thanks to its author ! Bye :wave: _PS : That was the first post written in Markdown on this website. I had to re-think the whole thing to get it working :confused: But it was about time, isn't it ?_