Slack alert ssh login: Difference between revisions
Jump to navigation
Jump to search
(Enable Slack alerts on ssh login to Linux server) |
No edit summary |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
==SSH Login Alerts to Slack Channel== | |||
Edit .bash_profile and add: | Edit .bash_profile and add: | ||
<syntaxhighlight lang="bash" line start="1"> | |||
sh /home/<username>/scripts/login.sh | |||
</syntaxhighlight> | |||
Use mkdir to create a scripts directory and create/edit login.sh: | |||
<syntaxhighlight lang="bash" line start="1"> | |||
mkdir /home/<username>/scriptsf | |||
vi /home/<username>/scripts/login.sh | |||
</syntaxhighlight> | |||
Add to login.sh : | |||
<syntaxhighlight lang="bash" line start="1"> | |||
#!/bin/bash | |||
# This script sends a SLACK notification when the root user logs in via SSH | |||
# The script is triggered by way of an entry in .bash_profile in Roots home folder (/root/.bash_profile) | |||
# This script will not fire for SFTP logins (WinSCP, etc.) | |||
IP="$(echo $SSH_CONNECTION | cut -d " " -f 1)" | |||
HOSTNAME=$(hostname) | |||
NOW=$(date +"%e %b %Y, %a %r") | |||
ICON_URL="https://swkls.org/ssh.png" | |||
CHANNEL="#ansible" | |||
USER="Linux Serverbot - SSH Login" | |||
TOKEN="xoxp-x1-x2-x3-x4" | |||
TEXT="SSH login from '$IP' to '$HOSTNAME' on '$NOW'." | |||
/usr/bin/curl https://slack.com/api/chat.postMessage -X POST -d "channel=${CHANNEL}" -d "text=${TEXT}" -d "username=${USER}" -d "token=${TOKEN}" -d "icon_url=${ICON_URL}" | |||
</syntaxhighlight> | |||
[[Category:Linux]] | |||
Latest revision as of 13:47, 26 March 2020
SSH Login Alerts to Slack Channel
Edit .bash_profile and add:
sh /home/<username>/scripts/login.sh
Use mkdir to create a scripts directory and create/edit login.sh:
mkdir /home/<username>/scriptsf
vi /home/<username>/scripts/login.sh
Add to login.sh :
#!/bin/bash
# This script sends a SLACK notification when the root user logs in via SSH
# The script is triggered by way of an entry in .bash_profile in Roots home folder (/root/.bash_profile)
# This script will not fire for SFTP logins (WinSCP, etc.)
IP="$(echo $SSH_CONNECTION | cut -d " " -f 1)"
HOSTNAME=$(hostname)
NOW=$(date +"%e %b %Y, %a %r")
ICON_URL="https://swkls.org/ssh.png"
CHANNEL="#ansible"
USER="Linux Serverbot - SSH Login"
TOKEN="xoxp-x1-x2-x3-x4"
TEXT="SSH login from '$IP' to '$HOSTNAME' on '$NOW'."
/usr/bin/curl https://slack.com/api/chat.postMessage -X POST -d "channel=${CHANNEL}" -d "text=${TEXT}" -d "username=${USER}" -d "token=${TOKEN}" -d "icon_url=${ICON_URL}"