Mattermost (or Slack) Message on SSH Login
You have a server that you access over SSH. You have hardened it following the necessary best practices.
Now you can do one small thing for a little additional peace of mind: Set up Linux Pluggable Authentication Modules (PAM) to send a message to Mattermost (or Slack) on every successful SSH login.
Here is how you can do it:
Add a script to
/usr/local/bin/to send the notification message. Name itsshnotify.sh. Make it executable.1 2 3 4 5 6 7 8 9 10#!/bin/sh MATTERMOST_HOST='...' MATTERMOST_WEBHOOK_KEY='...' MATTERMOST_CHANNEL='...' REMOTE_IP=`echo $SSH_CONNECTION | awk '{print $1}'` SERVER_HOSTNAME=`hostname` curl -i -X POST \ -H 'Content-Type: application/json' \ -d '{"channel":"'${MATTERMOST_CHANNEL}'","text": "Someone just logged in to your server '${SERVER_HOSTNAME}' from '${REMOTE_IP}'"}' \ https://${MATTERMOST_HOST}/hooks/${MATTERMOST_WEBHOOK_KEY}chmod +x sshnotify.shIf you want to do the same but use Slack, then change the
curlcommand accordingly.1 2 3 4 5curl -i -X POST \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer ${SLACK_TOKEN}" -d '{"channel":"'${SLACK_CHANNEL}'","blocks":[{"type":"section","text":{"type":"mrkdwn","text":"Someone just logged in to your server '${SERVER_HOSTNAME}' from '${REMOTE_IP}'"}}]}' \ https://slack.com/api/chat.postMessageRelated documentations:
Add the following line to the bottom of
/etc/pam.d/sshd.session optional pam_exec.so /usr/local/bin/sshnotify.shYou can change
optionaltorequireto force PAM to allow the SSH connection only when the script runs successfully.Any time you are modifying
/etc/pam.d/sshdbe sure to keep a SSH connection active in a separate terminal window to avoid being locked out of your server because of bad configuration.
And that’s it.
Any time someone logs in to that server, you will get a message on Mattermost (or Slack) or anywhere the webhook points to.
This post is 58th of my #100DaysToOffload challenge. Want to get involved? Find out more at 100daystooffload.com.
comments powered by Disqus