Skip to main content

Recently I added to my home lab, an Ubuntu Server with a Hardened Repository for Veeam Backup, you can find more info here (Spanish).

Now, the thing is, I want to be able to get notified if some user logs into the server via ssh, as a extra control, since I disable the SSH service when I dont use it.

Also the idea came, to be able to get notified from other applications via telegram, so wasn't a crazy idea at the end.

You can easily find how to create a Bot, and how to get your ID, so Im not going to dive into that, from previous entries, or the internet.

So first, once we have created and activated our bot and user ID, lets go a create our Telegram messaging program, 

in our home, lets create a file like this:

nano send-over-telegram.sh
#!/bin/bash
GROUP_ID=
BOT_TOKEN=

# this 3 checks (if) are not necessary but should be convenient
if > "$1" == "-h" ]; then
echo "Usage: `basename $0` \"text message\""
exit 0
fi

if > -z "$1" ]
then
echo "Add message text as second arguments"
exit 0
fi

if > "$#" -ne 1 ]; then
echo "You can pass only one argument. For string with spaces put it on quotes"
exit 0
fi
curl -s --data "text=$1" --data "chat_id=$GROUP_ID" 'https://api.telegram.org/bot'$BOT_TOKEN'/sendMessage' > /dev/null

GROUP_ID: Your Group ID from your telegram suscription
BOT_TOKEN: your token received when you created your bot.

let`s convert this into a "program" to do so, lets move (or copy) our file into the route /usr/sbin

sudo mv send-over-telegram.sh /usr/sbin/send-over-telegram

Everything inside /usr/sbin is owned by root, so lets change the ownership to our file

sudo chown root:root /usr/sbin/send-over-telegram

Finally, we want any user to execute this "program" so lets also modify the permissions for that

sudo chmod 0755 /usr/sbin/send-over-telegram

now we can test it out:

send-over-telegram test

you should get the "test" text message into your Telegram Group!

Now, let's get notified any time a user logs into our server via SSH, to do so, we are going to create a script, and move it to a specific folder.

nano login-notification.sh
#!/bin/bash

# prepare any message you want
login_ip="$(echo $SSH_CONNECTION | cut -d " " -f 1)"
login_date="$(date +"%e %b %Y, %a %r")"
login_name="$(whoami)"

# For new line I use $'\n' here
message="New login to server"$'\n'"$login_name"$'\n'"$login_ip"$'\n'"$login_dat>

#send it to telegram
send-over-telegram "$message"

As you can see, here we are sending the information to our previously created "command" send-over-telegram

now, lets move (copy) the script where needs to be to trigger the alert:

sudo mv login-notification.sh /etc/profile.d/login-notification.sh
sudo chown root:root /etc/profile.d/login-notification.sh
sudo chmod 0755 /etc/profile.d/login-notification.sh

We are done!
Now, lets log off and back on to our Ubuntu Server,

You should get your Telegram Message with the information like this:

 

Remember!!

After using your SSH access, you should always disable it from the server, to avoid unwanted accesses to your server remotely, and do local changes or enable it just when you need to

To disable SSH:

sudo systemctl stop ssh
sudo systemctl disable ssh

Cheers!

A very interesting trick Luis.  Great share. 👍


Another great article. Thanks Luis 


Wow...this is super cool Luis.  Now if we can get it to send to Teams so that, for instance, my work team can get a quick alert for such things in a teams channel.  Thanks for sharing.


Comment