chris-x86-64 · April 14, 2016 04:33
diff --git a/aliases b/aliases
 # Add the following line to /etc/aliases

 slack: |"/usr/bin/python /path/to/post-to-slack.py"
diff --git a/login-hook.sh b/login-hook.sh
 #!/bin/bash
 (
    echo "ALERT - Shell Access ($(hostname)) on: `date` `who`"
 ) | /usr/sbin/sendmail slack
diff --git a/post-to-slack.py b/post-to-slack.py
 import sys
 import urllib
 import urllib2 as urlrequest
 import json
 import mail

 SLACK_POST_URL = "https://hooks.slack.com/services/[TOKEN]"

 def build_attachment():
    b = email.message_from_string(sys.stdin.read())
    post_json = {"text": b.get_payload()}
    return post_json

 def post(payload):
    payload_json = json.dumps(payload)
    data = urllib.urlencode({"payload": payload_json})
    req = urlrequest.Request(SLACK_POST_URL)
    response = urlrequest.build_opener(urlrequest.HTTPHandler()).open(req, data.encode('utf-8')).read()
    return response.decode('utf-8')

 post(build_attachment())
diff --git a/sshd b/sshd
 # Add the following line to /etc/pam.d/sshd

 session    optional     pam_exec.so /bin/bash /path/to/login-hook.sh
	# Add the following line to /etc/aliases

	slack: \|"/usr/bin/python /path/to/post-to-slack.py"
	#!/bin/bash
	(
	echo "ALERT - Shell Access ($(hostname)) on: `date` `who`"
	) \| /usr/sbin/sendmail slack
	import sys
	import urllib
	import urllib2 as urlrequest
	import json
	import mail

	SLACK_POST_URL = "https://hooks.slack.com/services/[TOKEN]"

	def build_attachment():
	b = email.message_from_string(sys.stdin.read())
	post_json = {"text": b.get_payload()}
	return post_json

	def post(payload):
	payload_json = json.dumps(payload)
	data = urllib.urlencode({"payload": payload_json})
	req = urlrequest.Request(SLACK_POST_URL)
	response = urlrequest.build_opener(urlrequest.HTTPHandler()).open(req, data.encode('utf-8')).read()
	return response.decode('utf-8')

	post(build_attachment())
	# Add the following line to /etc/pam.d/sshd

	session optional pam_exec.so /bin/bash /path/to/login-hook.sh