TheStaticTurtleWriting a small bash script to send a notification in my telegram monitoring channel each time a user logs in to one of my server
I thought it was a nice little idea to set up a script that notifies my when a user logins into one of my most important VMs/CTs/Hosts. Of course there are probably ways around it, but it was somewhat fun to write. So let's dive in!
For the notifications, I choose Telegram, mostly because I already have most of my notifications in there already and because the API is just so simple 😲
Telegram makes it ridiculously easy to create a new bot, so I just dm-ed @BotFather and got a new token.
Subsequently, all, I had to do is add the bot to the group I use for monitoring. Then I could use the API myself to determine the chat ID of my group:
I simply went to https://api.telegram.org/botTELEGRAMBOTTOKEN/getUpdates in my browser (with TELEGRAMBOTTOKEN being the real token) and got the chat id:
On Telegram, chat ID are negative, and user IDs are positive, so it was pretty easy to find.
I then ran:
1curl -X POST \
2 -H 'Content-Type: application/json' \
3 -d '{"chat_id": "'"$TELEGRAM_CHAT_ID"'", "text": "This is a test from curl", "disable_notification": true}' \
4 https://api.telegram.org/bot$TELEGRAM_BOT_TOKEN/sendMessage
With the correct variables, and it worked, nice 😀
After having a way to send messages, I need to generate what I need to send.
hostname -f$USERwho -mSo, I wrote a little script to combine everything and send the message:
1TELEGRAM_CHAT_ID="-----censored-----"
2TELEGRAM_BOT_TOKEN="-----censored-----"
3
4HOSTNAME=$(hostname -f)
5WHO_OUT=$(who -m)
6
7MESSAGE="User "$USER"@"$HOSTNAME" logged in from: \n"$WHO_OUT
8
9DATA='{"chat_id": "'"$TELEGRAM_CHAT_ID"'", "text": "'"$MESSAGE"'", "disable_notification": true}'
10
11curl -X POST -H 'Content-Type: application/json' -d "$DATA" "https://api.telegram.org/bot$TELEGRAM_BOT_TOKEN/sendMessage" 2>/dev/null 1>/dev/null
Did a quick test, it worked, nice
I'm starting to use Ansible to deploy configs to my servers, so I just created a new role with this task:
1- name: Copy profile script
2 when: ansible_os_family == 'Debian'
3 copy:
4 src: files/Z99-notify-login.sh
5 dest: /etc/profile.d/Z99-notify-login.sh
6 owner: root
7 group: root
8 mode: 0755
9 register: copy_login_notify_script
And added said role the playbook.yaml (parts are redacted, hence why it's in different blocks)
1- hosts: core
2 roles:
3 - security_login_notify
4
5- hosts: proxmox_pve
6 roles:
7 - security_login_notify
8
9- hosts: proxmox_pbs
10 roles:
11 - security_login_notify
This is a very little script that, honestly, is just a gimmick, there definitively are ways to bypass it (for example Ansible doesn't trigger it because it doesn't load the profile).
I wrote it mainly to track logins of one machine which is exposed to the outside for me to use as a bastion.
Want to chat about this article? Just post a message down here. Chat is powered by giscus and all discussions can be found here: TheStaticTurtle/blog-comments