HorlogeSkynet
/
blog
1
0
Fork 0
Code Issues Pull Requests Releases Activity
blog/_posts/2017-10-27-a-ssh-monitoring...

4.5 KiB
Raw Permalink Blame History

title date url layout category image
A SSH monitoring platform with Discord ! 2017-10-27 a-ssh-monitoring-platform-with-discord post Security /img/blog/a-ssh-monitoring-platform-with-discord_1.png

A missing blog post image

Introduction

Two days ago, I came up with an idea : "Why not use Discord as a monitoring platform for servers I manage ?".
I meant, we actually use GitHub's web-hooks (pretty handful during development by the way), but Discord provides an API allowing us to do almost anything we want.

Let's go then ! You'll find below a short tutorial to build your first web-hook, announcing each SSH connection occurring on the server of your choice.

Features

  • Send a notification when a connection occurs

  • Announce the session opened and the server name (useful if you have many on the same Discord channel)

  • Display the result of a reversed DNS query on the source IP

  • Ability to send the same message by SMS with Free SMS API (French users)

Tutorial

Creating a Discord web-hook

That's pretty easy actually. If you never did that in the past, just go to the settings of a channel you have rights on, click on webhooks, and on Create webhooks. You should now have a pop up like this :

A missing blog post image

Look at the URL of your new web-hook, and extract from it its identifier (first parameter), and its token (the second one).

Deploying a script hook on SSHD

A "hook" ?? Not again !

— Well... hum, yeah. Sorry.

Actually, somehow we need to make SSHD execute something to notify us when an event is occurring. This is what you have to do to get it working :

  1. Install the requirements :

    • python3

    • python3-requests

    • dnsutils

  2. Fetch the Python script I wrote for the occasion

  3. Set your Discord web-hook information (id & token) within the script

  4. Move it to the /usr/local/bin/ folder (or anywhere else, but sshd will need to access it !), and set its permissions accordingly :

    • # mv hook_SSH.py /usr/local/bin/

    • # chmod 755 /usr/local/bin/hook_SSH.py

  5. And finally :

    • # echo 'python3 /usr/local/bin/hook_SSH.py &' >> /etc/ssh/sshrc

    • # service sshd reload

If everything is set, your next occurring SSH connection should trigger a notification on your channel !
If not, you can contact me and we'll figure something out 😉
This script handles testing execution too (not within a SSH environment). You can run it out-of-the-box to check your settings (however, don't expect any IP to show up) !

A missing blog post image

Addendum about the Free SMS API

In France we got a famous ISP, Free. We can blame them for many things, but the API they provide for SMS is just the best thing which never existed.
This script will send a SMS (with the same content) to the sys-admin who are able to use this API (coucou la France), when the post to Discord was not successful (useful when Discord is out) #backupPlan.
Other users should let SEND_SMS_ON_FAIL to False.

Some other things you need to know

  • This post has been mainly inspired by this article, and improved afterward with its first comment !

  • The funny thing is : 15 days ago, someone has come up with the same idea. I invite you to look at how he actually did this ! It's here.

  • The logo I use for my web-hooks comes from here, thanks to its author !

Bye 👋

PS : That was the first post written in Markdown on this website. I had to re-think the whole thing to get it working 😕 But it was about time, isn't it ?