4 releases
0.2.0 | Oct 15, 2021 |
---|---|
0.1.2 | Oct 14, 2021 |
0.1.1 | Oct 14, 2021 |
0.1.0 | Oct 12, 2021 |
#15 in #pam
16KB
173 lines
pam-send-slack-message
pam-send-slack-message is a program that publishes messages on slack when the linux server is accessed through ssh.
Installation
Go to releases page and download last release. There are static binaries for Linux (ARM64, x86_64, x86) and a debian package for debian based systems (Ubuntu).
Here a example of how to install it using upx (compressed) binary:
wget https://github.com/iuridiniz/pam-send-slack-message/releases/download/v0.2.0/pam-send-slack-message.$(uname -m).musl.upx
sudo mkdir -p /usr/local/bin/
sudo cp pam-send-slack-message.$(uname -m).musl.upx /usr/local/bin/pam-send-slack-message
chmod +x /usr/local/bin/pam-send-slack-message
Configuration
In order to work, you need a SLACK-TOKEN
with channel.write
permission and a SLACK-CHANNEL-ID
. Follow instructions here, if you are lost.
# configure pam/sshd
echo "session optional pam_exec.so /usr/local/bin/pam-send-slack-message | sudo tee -a /etc/pam.d/sshd
create a file /etc/pam.d/pam-send-slack-message.conf
with the following content:
slack_token = "<SLACK-TOKEN>"
slack_channel_id = "<SLACK-CHANNEL-ID>"
# see https://api.slack.com/reference/surfaces/formatting
open_session_message = """🕵️ ▶️▶️▶️ IP `{addr}` logged in `{hostname}` as `{user}` using `{auth_info}` at `{when}`"""
close_session_message = """🕵️ 🛑🛑🛑 IP `{addr}` logout from `{hostname}` (is was `{user}` using `{auth_info}`) at `{when}`"""
# could be "America/Sao_Paulo" or "America/Los_Angeles" or "Europe/Oslo"
timezone = "UTC"
replace <SLACK-TOKEN>
and <SLACK-CHANNEL-ID>
with your own.
Usage
After machine configuration, just log in the machine through ssh.
pam/sshd configuration
This program need to be called by pam at session phase, you must edit /etc/pam.d/sshd
to have this line:
session optional pam_exec.so /path/to/pam-send-slack-message
You can learn about pam configuration here.
pam-send-slack-message configuration
A file located at /etc/pam.d/pam-send-slack-message.conf
is used to configure this software.
The valid keys are:
slack_token
: your slack token (required)slack_channel_id
: your slack channel id (required)open_session_message
: the message to send when a user logs in (if not specified, the default message will be used)close_session_message
: the message to send when a user logs out (if not specified, the default message will be used).timezone
: the timezone to use (defaults to UTC)
You can view default values in src/settings.default.toml
Hacking
Manual compilation
Pre-requisites: All you need is a working cargo + rust compiler, make and gcc.
make clean
make all
Testing
In order to test, you need a SLACK-TOKEN
with channel.write
permission and a SLACK-CHANNEL-ID
.
Simulate a pam login using ssh:
make SLACK_CHANNEL_ID=slack_channel_id SLACK_TOKEN=slack_token fake-open-session
Simulate a pam logout using ssh:
make SLACK_CHANNEL_ID=slack_channel_id SLACK_TOKEN=slack_token fake-close-session
In order to avoid pass env vars all the time, I recommend use direnv
, there's a sample .envrc
in envrc.sample
cp envrc.sample .envrc
direnv allow .
Enable logs when using inside pam
change /etc/pam.d/sshd
to:
session optional pam_exec.so debug log=/tmp/file_to_log.txt /usr/local/bin/pam-send-slack-message SLACK-CHANNEL-ID SLACK-TOKEN
See /tmp/pam-slack.log
, also see audit logs, in ubuntu they are located in /var/log/auth.log
Contributing
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
License
Dependencies
~7–23MB
~270K SLoC