Free SMS notifications for logins and logouts on your server

0xdragon

Requirements:

• Android or iOS smartphone
• A phone number
• A server you wish to log the SSH logins and logouts from.

In order to complete this tutorial, you need to sign up for both IFTTT (https://ifttt.com/) and Numerous (http://numerousapp.com/). For the sake of simplicity, only logins and logouts will be covered.

Set up your https://ifttt.com/numerous and https://ifttt.com/sms channels so that IFTTT can do its magic.
Open Numerous and press on the hamburger symbol on the top left, then Settings -> Developer Info. Copy the API key into notepad or whatever text editor you use for us to use later.

Go back to the main screen of Numerous and press on the top right + to create a new number. Tap on “Create Your Own” and give your number a title. For example, this could be simply “SSH” or the name of your server “Dal01”. But it doesn’t really matter.
Repeat the fourth step, and this time make one for logging out.

Now we need to link up your server and Numerous.

On your server, ensure that curl is installed, then execute:

curl -u YourAPIkeyFromEarlier: https://api.numerousapp.com/v1/users/me/metrics

You should see both of the numbers that you created. Make note of the label that you created and the IDs for both of them.
Now comes the slightly tricky bit. We need to edit the PAM file for SSH so that we can see SSH sessions.
nano /etc/pam.d/sshd and add the following line to the sessions section:

session optional pam_exec.so quiet /etc/pam_session.sh

It should look something like this.

Now we need to edit /etc/pam_session.sh and add the following, being sure to fill in your IDs and API key where specified.

#!/bin/sh
if [ "$PAM_TYPE" = "open_session" ]; then
  curl -X POST -u YourAPIkeyFromEarlier: https://api.numerousapp.com/v1/metrics/YourLOGINNumberID/events -d '{ "value" : 1, "action" : "ADD" }' &> /dev/null
fi

if [ "$PAM_TYPE" = "close_session" ]; then
  curl -X POST -u YourAPIkeyFromEarlier: https://api.numerousapp.com/v1/metrics/YourLOGOUTNumberID/events -d '{ "value" : 1, "action" : "ADD" }' &> /dev/null
fi

Once you have double checked that you have replaced “YourLOGINNumberID”, “YourLOGOUTNumberID” and “YourAPIkeyFromEarlier” for both of the if sections, save the file and then execute:
chmod a+x /etc/pam_session.sh

Great! Almost there.

Now we need to link up Numerous and IFTTT to send you SMSs.
Create a new Recipe on IFTTT with the following parameters:
Choose Trigger Channel: Numerous
Choose a Trigger: Number changes by any amount
Complete Trigger Fields -> Which number: Your Login Number’s name (for instance, Dal01)
Create Trigger.
Click on “that”.
Choose Action Channel: SMS
Choose an Action: Send me an SMS
Complete Action Fields -> Message: “SSH login detected on Dal01 at {{Timestamp}}. You have had a total of {{NumericValue}} logins.”
Create Action.
Create Recipe.

Now repeat the above to create a recipe for the other number (for instance, Dal01Logout), and use a message such as “SSH logout detected on Dal01 at {{Timestamp}}. You have had a total of {{NumericValue}} logout events.”

Once both recipes are created, we can now test it out! Log into your server, then disconnect by typing “exit”. (This system will log both graceful and ungraceful disconnects, but for the sake of convenience we will exit gracefully for testing)

And this is what it should look like when you log out.

Free SMS paging when you log in and out, and you can of course use this same method to get SMSs for other events on your server as well. Have fun!

With help from:
http://unix.stackexchange.com/questions/136548/force-command-to-be-run-on-logout-or-disconnect
https://developer.numerousapp.com/guides/metrics

ATHK

I prefer pushbullet instead of SMS however, if you don't have a internet connection on your mobile but do have a mobile signal this is great!

Here's a quick script for Pushbullet.

.bashrc add the below

~/scripts/checkLoginIP.sh

~/scripts/checkLoginIP.sh

#!/bin/bash

# Grab the login IP from environment variables
LOGINIP=`echo $SSH_CLIENT | cut -f 1 -d " "`

curl --silent -u APIKEYHERE: https://api.pushbullet.com/v2/pushes \
        -d "type=note"\
        -d "title=SERVER NAME: root login from"\
        -d "body=$LOGINIP" >/dev/null

TheRedFox

If you're going into all the trouble to set this up:

Please start using 2FA(I recommend duosecurity(which can use a app which notifies on login and asks for approval, but also SMS/paper recovery codes in case of lost phone)). and enjoy actual added security which isn't annoying

0xdragon

@TheRedFox said:
If you're going into all the trouble to set this up:

Please start using 2FA(I recommend duosecurity(which can use a app which notifies on login and asks for approval, but also SMS/paper recovery codes in case of lost phone)). and enjoy actual added security which isn't annoying

http://www.lowendtalk.com/discussion/32169/script-single-factor-hybrid-authentication-with-pam-and-a-yubikey

You just have to change one word in this tutorial and it's dual factor authentication.

The tutorial is provided as food for thought.

simonindia

Cool i have Email alert setup before i will change it to this in future

Thank you @0xdragon for taking time to do this for the community