pam-send-slack-message is a program that publishes messages on slack when a linux server is accessed through ssh.

Overview

pam-send-slack-message

pam-send-slack-message is a program that publishes messages on slack when the linux server is accessed through ssh.

Installation

Go to releases page and download last release. There are static binaries for Linux (ARM64, x86_64, x86) and a debian package for debian based systems (Ubuntu).

Here a example of how to install it using upx (compressed) binary:

wget https://github.com/iuridiniz/pam-send-slack-message/releases/download/v0.2.0/pam-send-slack-message.$(uname -m).musl.upx
sudo mkdir -p /usr/local/bin/
sudo cp pam-send-slack-message.$(uname -m).musl.upx /usr/local/bin/pam-send-slack-message
chmod +x /usr/local/bin/pam-send-slack-message

Configuration

In order to work, you need a SLACK-TOKEN with channel.write permission and a SLACK-CHANNEL-ID. Follow instructions here, if you are lost.

# configure pam/sshd
echo "session optional pam_exec.so /usr/local/bin/pam-send-slack-message | sudo tee -a /etc/pam.d/sshd 

create a file /etc/pam.d/pam-send-slack-message.toml with the following content:

" slack_channel_id = " " # see https://api.slack.com/reference/surfaces/formatting open_session_message = """🕵️ ▶️▶️▶️ IP `{addr}` logged in `{hostname}` as `{user}` using `{auth_info}` at `{when}`""" close_session_message = """🕵️ 🛑🛑🛑 IP `{addr}` logout from `{hostname}` (is was `{user}` using `{auth_info}`) at `{when}`""" # could be "America/Sao_Paulo" or "America/Los_Angeles" or "Europe/Oslo" timezone = "UTC" ">
slack_token = "
     
      "
     
slack_channel_id = "
     
      "
     
# see https://api.slack.com/reference/surfaces/formatting
open_session_message = """🕵️ ▶️▶️▶️ IP `{addr}` logged in `{hostname}` as `{user}` using `{auth_info}` at `{when}`"""
close_session_message = """🕵️ 🛑🛑🛑 IP `{addr}` logout from `{hostname}` (is was `{user}` using `{auth_info}`) at `{when}`"""
# could be "America/Sao_Paulo" or "America/Los_Angeles" or "Europe/Oslo"
timezone = "UTC"

replace and with your own.

Usage

After machine configuration, just log in the machine through ssh.

pam/sshd configuration

This program need to be called by pam at session phase, you must edit /etc/pam.d/sshd to have this line:

session optional pam_exec.so /path/to/pam-send-slack-message

You can learn about pam configuration here.

pam-send-slack-message configuration

A file located at /etc/pam.d/pam-send-slack-message.conf is used to configure this software.

The valid keys are:

  • slack_token: your slack token (required)
  • slack_channel_id: your slack channel id (required)
  • open_session_message: the message to send when a user logs in (if not specified, the default message will be used)
  • close_session_message: the message to send when a user logs out (if not specified, the default message will be used).
  • timezone: the timezone to use (defaults to UTC)

You can view default values in src/settings.default.toml

Hacking

Manual compilation

Pre-requisites: All you need is a working cargo + rust compiler, make and gcc.

make clean
make all

Testing

In order to test, you need a SLACK-TOKEN with channel.write permission and a SLACK-CHANNEL-ID.

Simulate a pam login using ssh:

make SLACK_CHANNEL_ID=slack_channel_id SLACK_TOKEN=slack_token fake-open-session

Simulate a pam logout using ssh:

make SLACK_CHANNEL_ID=slack_channel_id SLACK_TOKEN=slack_token fake-close-session

In order to avoid pass env vars all the time, I recommend use direnv, there's a sample .envrc in envrc.sample

cp envrc.sample .envrc
direnv allow .

Enable logs when using inside pam

change /etc/pam.d/sshd to:

session optional pam_exec.so debug log=/tmp/file_to_log.txt /usr/local/bin/pam-send-slack-message SLACK-CHANNEL-ID SLACK-TOKEN

See /tmp/pam-slack.log, also see audit logs, in ubuntu they are located in /var/log/auth.log

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

License

MIT

You might also like...
Lightweight proxy that allows redirect HTTP(S) traffic through a proxy.

Proxyswarm Proxyswarm is a lightweight proxy that allows redirect HTTP(S) traffic through a proxy. WARNING: This app isn't recomended for download lar

axum-server is a hyper server implementation designed to be used with axum framework.

axum-server axum-server is a hyper server implementation designed to be used with axum framework. Features Conveniently bind to any number of addresse

Jex Compiler Server - Server that runs Jex code

Server that compiles and runs Jex code.

Dav-server-rs - Rust WebDAV server library. A fork of the webdav-handler crate.

dav-server-rs A fork of the webdav-handler-rs project. Generic async HTTP/Webdav handler Webdav (RFC4918) is defined as HTTP (GET/HEAD/PUT/DELETE) plu

A simple web server(and library) to display server stats over HTTP and Websockets/SSE or stream it to other systems.

x-server-stats A simple web server(and library) to display server stats over HTTP and Websockets/SSE or stream it to other systems. x-server(in x-serv

DNS Server written in Rust for fun, see https://dev.to/xfbs/writing-a-dns-server-in-rust-1gpn

DNS Fun Ever wondered how you can write a DNS server in Rust? No? Well, too bad, I'm telling you anyways. But don't worry, this is going to be a fun o

A CLI test program for HNU Cloud Computing Lab 2, built with Rust.

HTTP Server Tester This is a CLI test program for HNU Cloud Computing Lab 2. Install For most student, you don't neet to rebuild this project. We prov

BLEZ - Asynchronous Bluetooth Low Energy on Linux for Rust

BLEZ - Asynchronous Bluetooth Low Energy on Linux for Rust This library provides an asynchronous, fully featured interface to the Bluetooth Low Energy

Listen to bluetooth headphone keys (Linux only)

What Take action when you use your bluetooth headphone to indicate pause, play, next or previous. For Linux only. Why You can bind global keys to XF86

Comments
  • Mis-leading information in README.md

    Mis-leading information in README.md

    It seems that the project tries to check the following paths for config:

    stat("/etc/pam-send-slack-message", 0x7ffc6a4b8240) = -1 ENOENT (No such file or directory)
    stat("/etc/pam-send-slack-message.toml", 0x7ffc6a4b8240) = -1 ENOENT (No such file or directory)
    

    but not the documented one:

    /etc/pam.d/pam-send-slack-message.conf
    

    would be nice if one or the other would be used :)

    opened by mnaser 0
Owner
Iuri Diniz
Linux, Android;; Rust, C, Python, Perl, Zig, Go, V, Java, JavaScript, bash;; Multimedia, VoIP, GUI, Embedded;; Soccer, FPS, RTS, TBS;;
Iuri Diniz
Imagine your SSH server only listens on an IPv6 address, and where the last 6 digits are changing every 30 seconds as a TOTP code...

tosh Imagine your SSH server only listens on an IPv6 address, and where the last 6 digits are changing every 30 seconds as a TOTP code... Inspired fro

Mark Vainomaa 409 Oct 23, 2022
Send files over TCP. Quick and simple. Made in Rust.

SFT Multithreaded utility to send files over TCP. The sender writes a header containing the filename, and then the contents of the file, buffered, to

Orel 0 Dec 24, 2021
A simple message based networking library for the bevy framework

Spicy Networking for Bevy bevy_spicy_networking is a solution to the "How do I connect multiple clients to a single server" problem in your bevy games

Cabbit Studios 67 Jan 1, 2023
The Safe Network Core. API message definitions, routing and nodes, client core api.

safe_network The Safe Network Core. API message definitions, routing and nodes, client core api. License This Safe Network repository is licensed unde

MaidSafe 101 Dec 19, 2022
Expose local age identities to remote machines via SSH

age-plugin-remote TBD Design Notes Proxy identities act as bearer tokens. A proxy identity is only "active" if the authority provides it when starting

null 6 Aug 19, 2022
Simple SSH, TELNET connection manager written in rust

gcoma gcoma or Geri's Connection Manager is a small project, that I started to learn rust. The goal of this project is to create a MTPuTTY like cli ap

Bak Gergely János 2 Sep 30, 2022
A TCP proxy using HTTP - Reach SSH behind a Nginx reverse proxy

?? TCP over HTTP ?? The Questions ?? What does it do? You can proxy TCP traffic over HTTP. A basic setup would be: [Your TCP target] <--TCP-- [Exit No

Julian 185 Dec 15, 2022
Convert TeleInfo frames from a Linky meter's serial port to Home Assistant-compatible MQTT messages.

teleinfo2mqtt-rs Convert TeleInfo frames from a Linky meter's serial port to Home Assistant-compatible MQTT messages. Overview sequenceDiagram par

Stanislas 4 Mar 19, 2024
Transforms UDP stream into (fake) TCP streams that can go through Layer 3 & Layer 4 (NAPT) firewalls/NATs.

Phantun A lightweight and fast UDP to TCP obfuscator. Table of Contents Phantun Latest release Overview Usage 1. Enable Kernel IP forwarding 2. Add re

Datong Sun 782 Dec 30, 2022
Tunnel TCP traffic through SOCKS5 or HTTP using a TUN interface.

tun2proxy Tunnel TCP traffic through SOCKS5 or HTTP on Linux. Authentication not yet supported. Error handling incomplete and too restrictive. Build C

B. Blechschmidt 34 Nov 29, 2022