HorlogeSkynet
/
blog
1
0
Fork 0
Code Issues Pull Requests Releases Activity
blog/_posts/2017-10-27-a-ssh-monitoring...

94 lines
4.5 KiB
Markdown
Raw Permalink Blame History

---
title: "A SSH monitoring platform with Discord !"
date: 2017-10-27
url: a-ssh-monitoring-platform-with-discord
layout: post
category: Security
image: /img/blog/a-ssh-monitoring-platform-with-discord_1.png
---
[![A missing blog post image](/img/blog/a-ssh-monitoring-platform-with-discord_1.png)](/img/blog/a-ssh-monitoring-platform-with-discord_1.png)
### Introduction
Two days ago, I came up with an idea : "Why not use Discord as a monitoring platform for servers I manage ?".
I meant, we actually use [GitHub's web-hooks](https://support.discordapp.com/hc/en-us/articles/228383668-Intro-to-Webhooks) (pretty handful during development by the way), but Discord provides an API allowing us to do almost anything we want.
Let's go then !
You'll find below a short tutorial to build your first web-hook, announcing each SSH connection occurring on the server of your choice.
### Features
* Send a notification when a connection occurs
* Announce the session opened and the server name (useful if you have many on the same Discord channel)
* Display the result of a reversed DNS query on the source IP
* Ability to send the same message by SMS with [Free SMS API](https://www.freenews.fr/freenews-edition-nationale-299/free-mobile-170/nouvelle-option-notifications-par-sms-chez-free-mobile-14817) (French users)
### Tutorial
#### Creating a Discord web-hook
That's pretty easy actually. If you never did that in the past, just go to the settings of a channel you have rights on, click on **webhooks**, and on **Create webhooks**. You should now have a pop up like this :
[![A missing blog post image](/img/blog/a-ssh-monitoring-platform-with-discord_2.png)](/img/blog/a-ssh-monitoring-platform-with-discord_2.png)
Look at the URL of your new web-hook, and extract from it its identifier (first parameter), and its token (the second one).
#### Deploying a script hook on SSHD
> A "hook" ?? Not again !
>> — Well... hum, yeah. Sorry.
Actually, somehow we need to make _SSHD_ execute something to notify us when an event is occurring. This is what you have to do to get it working :
1. Install the requirements :
* **python3**
* **python3-requests**
* **dnsutils**
2. Fetch the [_Python_ script I wrote](https://gist.github.com/HorlogeSkynet/054e363ade6093e24dd97ea19debff9e) for the occasion
3. Set your Discord web-hook information (_id_ & _token_) within the script
4. Move it to the `/usr/local/bin/` folder (or anywhere else, but `sshd` will need to access it !), and set its permissions accordingly :
* `# mv hook_SSH.py /usr/local/bin/`
* `# chmod 755 /usr/local/bin/hook_SSH.py`
5. And finally :
* `# echo 'python3 /usr/local/bin/hook_SSH.py &' >> /etc/ssh/sshrc`
* `# service sshd reload`
If everything is set, your next occurring SSH connection should trigger a notification on your channel !
If not, you can contact me and we'll figure something out :wink:
This script handles testing execution too (not within a SSH environment). You can run it out-of-the-box to check your settings (however, don't expect any IP to show up) !
[![A missing blog post image](/img/blog/a-ssh-monitoring-platform-with-discord_3.png)](/img/blog/a-ssh-monitoring-platform-with-discord_3.png)
#### Addendum about the Free SMS API
In France we got a famous ISP, _Free_. We can blame them for many things, but the API they provide for SMS is just the best thing which never existed.
This script will send a SMS (with the same content) to the sys-admin who are able to use this API (_coucou la France_), when the _post_ to Discord was not successful (useful when Discord is out) _#backupPlan_.
Other users should let `SEND_SMS_ON_FAIL` to `False`.
### Some other things you need to know
* This post has been mainly inspired by [this article](https://blog.genma.fr/?SSH-Notification-par-SMS-Freemobile-a-la-connexion), and improved afterward with [its first comment](https://blog.genma.fr/?SSH-Notification-par-SMS-Freemobile-a-la-connexion#forum6551) !
* The funny thing is : 15 days ago, someone has come up with the same idea. I invite you to look at how he actually did this ! It's [here](https://www.danirod.es/blog/linux/receive-sshd-login-notifications/).
* The logo I use for my web-hooks comes from [here](http://www.iconarchive.com/show/button-ui-system-apps-icons-by-blackvariant/Terminal-icon.html), thanks to its author !
Bye :wave:
_PS : That was the first post written in Markdown on this website. I had to re-think the whole thing to get it working :confused: But it was about time, isn't it ?_
Reference in New Issue View Git Blame Copy Permalink