Sshrc: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
E-Mail Alert on SSH Login Event | E-Mail or Telegram Alert on SSH Login Event | ||
*/etc/ssh/sshrc | */etc/ssh/sshrc | ||
=Telegram= | |||
#!/bin/sh | |||
#Send a Telegram message on boot | |||
TELEGRAM_CHAT_ID="xxx" | |||
TELEGRAM_BOT_TOKEN="xxx" | |||
ipaddr=`echo $SSH_CONNECTION | cut -d " " -f 1` | |||
Hostname=`hostname` | |||
NOW=$( date '+%F_%H%M%S' ) | |||
export LANG=C | |||
MESSAGE="$(echo "<strong>SSH Login</strong> | |||
From IP: $ipaddr | |||
To Host: $Hostname | |||
Date: $NOW ")" | |||
logger "Debug Reboot Message" | |||
logger $MESSAGE | |||
/usr/bin/curl --connect-timeout 5 --max-time 10 --silent --output /dev/null \ | |||
--data-urlencode "chat_id=${TELEGRAM_CHAT_ID}" \ | |||
--data-urlencode "text=${MESSAGE}" \ | |||
--data-urlencode "parse_mode=HTML" \ | |||
--data-urlencode "disable_web_page_preview=true" \ | |||
"https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" | |||
==Email== | |||
#!/bin/bash | #!/bin/bash | ||
#email on ssh login | #email on ssh login | ||
Latest revision as of 23:32, 20 January 2023
E-Mail or Telegram Alert on SSH Login Event
- /etc/ssh/sshrc
Telegram
#!/bin/sh
#Send a Telegram message on boot
TELEGRAM_CHAT_ID="xxx"
TELEGRAM_BOT_TOKEN="xxx"
ipaddr=`echo $SSH_CONNECTION | cut -d " " -f 1`
Hostname=`hostname`
NOW=$( date '+%F_%H%M%S' )
export LANG=C
MESSAGE="$(echo "SSH Login
From IP: $ipaddr
To Host: $Hostname
Date: $NOW ")"
logger "Debug Reboot Message"
logger $MESSAGE
/usr/bin/curl --connect-timeout 5 --max-time 10 --silent --output /dev/null \
--data-urlencode "chat_id=${TELEGRAM_CHAT_ID}" \
--data-urlencode "text=${MESSAGE}" \
--data-urlencode "parse_mode=HTML" \
--data-urlencode "disable_web_page_preview=true" \
"https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage"
#!/bin/bash #email on ssh login ip=`echo $SSH_CONNECTION | cut -d " " -f 1` Hostname=`hostname` NOW=$( date '+%F_%H:%M:%S' ) Country=`curl -s https://ipapi.co/$ip/country/` > /dev/null echo " UTC Date/Time: $NOW IP Address: $ip Country: $Country Target Hostname: $Hostname User: $USER " | mail -s "SSH Login Alert From: $ip" user@domain.com