blog/_posts/2017-10-27-a-ssh-monitoring-platform-with-discord.md

title, date, url, layout, category, image

title	date	url	layout	category	image
A SSH monitoring platform with Discord !	2017-10-27	a-ssh-monitoring-platform-with-discord	post	Security	/img/blog/a-ssh-monitoring-platform-with-discord_1.png

Introduction

Two days ago, I came up with an idea : "Why not use Discord as a monitoring platform for servers I manage ?".
I meant, we actually use GitHub's web-hooks (pretty handful during development by the way), but Discord provides an API allowing us to do almost anything we want.

Let's go then ! You'll find below a short tutorial to build your first web-hook, announcing each SSH connection occurring on the server of your choice.

Features

• Send a notification when a connection occurs

• Announce the session opened and the server name (useful if you have many on the same Discord channel)

• Display the result of a reversed DNS query on the source IP

• Ability to send the same message by SMS with Free SMS API (French users)

Tutorial

Creating a Discord web-hook

That's pretty easy actually. If you never did that in the past, just go to the settings of a channel you have rights on, click on webhooks, and on Create webhooks. You should now have a pop up like this :

Look at the URL of your new web-hook, and extract from it its identifier (first parameter), and its token (the second one).

Deploying a script hook on SSHD

A "hook" ?? Not again !

— Well... hum, yeah. Sorry.

Actually, somehow we need to make SSHD execute something to notify us when an event is occurring. This is what you have to do to get it working :

1. Install the requirements :

   • python3

   • python3-requests

   • dnsutils

2. Fetch the Python script I wrote for the occasion

3. Set your Discord web-hook information (id & token) within the script

4. Move it to the /usr/local/bin/ folder (or anywhere else, but sshd will need to access it !), and set its permissions accordingly :

   • # mv hook_SSH.py /usr/local/bin/

   • # chmod 755 /usr/local/bin/hook_SSH.py

5. And finally :

   • # echo 'python3 /usr/local/bin/hook_SSH.py &' >> /etc/ssh/sshrc

   • # service sshd reload

If everything is set, your next occurring SSH connection should trigger a notification on your channel !
If not, you can contact me and we'll figure something out 😉
This script handles testing execution too (not within a SSH environment). You can run it out-of-the-box to check your settings (however, don't expect any IP to show up) !

Addendum about the Free SMS API

In France we got a famous ISP, Free. We can blame them for many things, but the API they provide for SMS is just the best thing which never existed.
This script will send a SMS (with the same content) to the sys-admin who are able to use this API (coucou la France), when the post to Discord was not successful (useful when Discord is out) #backupPlan.
Other users should let SEND_SMS_ON_FAIL to False.

Some other things you need to know

• This post has been mainly inspired by this article, and improved afterward with its first comment !

• The funny thing is : 15 days ago, someone has come up with the same idea. I invite you to look at how he actually did this ! It's here.

• The logo I use for my web-hooks comes from here, thanks to its author !

Bye 👋

PS : That was the first post written in Markdown on this website. I had to re-think the whole thing to get it working 😕 But it was about time, isn't it ?