Skip to content

Instantly share code, notes, and snippets.

@nyanshell

nyanshell/login_notify.sh

Last active May 1, 2022 07:54
Show Gist options
  • Save nyanshell/29b1347a9148a81c834bc8f3f8b7d8ff to your computer and use it in GitHub Desktop.
Save nyanshell/29b1347a9148a81c834bc8f3f8b7d8ff to your computer and use it in GitHub Desktop.
Download ZIP
Raw
login_notify.sh
#!/bin/bash
# location: /usr/local/share/login_notify.sh
# /etc/pam.d/sshd
# add optional pam_exec.so /usr/local/share/login_notify.sh
function post_to_slack () {
# format message as a code block ```${msg}```
SLACK_MESSAGE="\`\`\`$1\`\`\`"
new ssh-login channel
https://hooks.slack.com/services/<channel-url>
SLACK_URL=https://hooks.slack.com/services/<webhook-url>
case "$2" in
INFO)
SLACK_ICON=':slack:'
;;
WARNING)
SLACK_ICON=':warning:'
;;
ERROR)
SLACK_ICON=':bangbang:'
;;
*)
SLACK_ICON=':slack:'
;;
esac
curl -X POST --connect-timeout 5 --data "payload={\"text\": \"${SLACK_ICON} ${SLACK_MESSAGE}\", \"username\": \"login-bot\"}" ${SLACK_URL}
}
DATE="Date: `date`"
SERVER="Server: `uname -a`"
LOGINMESSAGE="`grep -o -E 'sshd\['$PPID'\]: Accepted publickey for.*' /var/log/auth.log`"
# on Fedora
# LOGINMESSAGE="`journalctl --since today -u sshd | grep -o -E 'sshd\['$PPID'\]: Accepted publickey for.*' | tail -n 1`"
if [ "$PAM_TYPE" = "open_session" ]
then
post_to_slack "${LOGINMESSAGE}\n${DATE}\n${SERVER}\n${PAM_AUTHTOK}" "INFO"
fi
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment