Of course nobody should be able to login to your server. But if someone finds a way to do it, don’t you want to know it?
I am running an Ubuntu Server that uses motd to welcome logged in users. Therefore I am using motd to execute a script for me once a user logged in.
I extracted the details of the just logged in user from /var/log/auth.log, and uses the IP address and a resolver (ipapi.co in my case) to resolve the IP address to a location.
I am using a Telegram Chat with my own Telegram bot to notify me. I might write a small blogpost about my Telegram bot in the future.
Place the script in a file, make it executable, and place it in /etc/update-motd.d/. For example:
$ touch /etc/update-motd/01-notify-me.sh
$ chmod +x /etc/update-motd/01-notify-me.sh
$ vi /etc/update-motd/01-notify-me.sh # Add script And the actual script:
#!/bin/bash
_loginDetails=$(grep "Accepted" /var/log/auth.log | tail -n 1)
_IP=$(echo $_loginDetails | awk '{print $11}')
_LOCATION=$(curl https://ipapi.co/${_IP}/json/ | jq .city -r)
_METHOD=$(echo $_loginDetails | awk '{print $7}')
_WHO=$(echo $_loginDetails | awk '{print $4}')
message="[SSH LOGIN] => ${_WHO} from ${_LOCATION}, IP: ${_IP}, AUTH: ${_METHOD}"
curl -s -X POST https://api.telegram.org/<bot_token>/sendMessage -d chat_id=<chat_id> -d text="${message}"Additional security measures should be taken, for example:
- Login with Key only
- Disallow root login via ssh
- Blacklist IP’s
- Block based on Geo location
- fail2ban