This is a new version of my old bash script written in python, which sends all successfull SSH log-ins to your server via Telegram bot.
Allows to monitor all connections to server and where are they made from.
Also it is using local sqlite3 DB for whitelist IPs database.Using this DB allow to to use "IP + comment" from DB in the login message - usefull to understand who is connecting.
If there is a connection from unknown IP (it doesn't exist in DB) - the login message has another view, and consists whois info about country and provider of that IP.
Requires additionally two python packages:
- ipwhois
Installation:
- Just clone the repo with the script to any folder. For example, on Debian-based OS it could be /opt/ folder.
- Launch the script from CLI for the first time. It will generate a default configuration file.
- Add Telegram ChatID and Token:
./login-notify.py add chatid "Telegram ChatID" - The ChatID for telegram bot
./login-notify.py add token "Telegram token" - The API token for telegram bot - Finally, add to the end of /etc/pam.d/sshd next string: "session optional pam_exec.so [/opt/LoginNotify.py/login-notify.py]"
If you want to monitor TTY login from any attached console add "session optional pam_exec.so [/opt/LoginNotify.py/login-notify.py]" to /etc/pam.d/login
Adding an IP address:
- You can add new IP address with a comment using any mysql clients, cli, etc. Or use internal function of this script:
./login-notify.py add ip "IP" "Comment"
"IP" - an IP address to be added
"Comment" - comment for IP. Should be not large.
Delete an IP address:
- You can delete already existing IP address with internal function of this script:
./login-notify.py del ip "IP"
"IP" - an IP address to be deleted