Send an SMS message when someone logs into a Linux server using SSH. Notify with SMS using Twilio, written in Python 3, and Systemd Journal for logging.
Use the following documentation provided by Twilio to create and do initial configuration on the account so that you have access to the necessary API keys.
The script works by checking each line of the ssh log file and searching for two strings 'sshd' and 'Accepted'.
If the SSH daemon coonfiguration file 'sshd_config' is not set to log this information then the script will not report any SSH activity.
Confirm that the following two lines are set appropriately:
SysLogFacility AUTHPRIV
LogLevel INFOIf you have to update the 'sshd_config' file then run the following
systemctl restart sshd.serviceyum install -y gcc python3-devel python-virtualenv systemd-develapt install -y gcc libsystemd-dev pkg-config python3-dev python3-virtualenvDownload content of repo to a directory of your choosing.
Build a virtual work environment for Python and install the requirements.
cd <repo content directory>
virtualenv -p python3 venv
source venv/bin/activate
pip install -r requirements.txtCopy the existing contacts.json.example file within the settings folder of the repo content directory to a new contacts.json file.
cd <repo content directory>/settings
cp contacts.json.example contacts.jsonEdit and update the contact information within the contacts.json file, make sure the phone number is in the correct format for Twilio to understand.
Copy the existing log_file.json.example file within the settings folder of the repo content directory to a new log_file.json file.
cd <repo content directory>/settings
cp log_file.json.example log_file.jsonEdit and update the log path, depending on the distribution you're using the log file may be in a different place under a different name.
Centos/RHEL: /var/log/secure
Debian/Ubuntu: /var/log/auth.log
Copy the existing secrets.env.example file within the settings folder of the repo content directory to a new secrets.env file.
cd <repo content directory>/settings
cp secrets.env.example secrets.envChange the permissions on the new secrets.env file so that no one except you can read the content.
cd <repo content directory>/settings
chmod 0600 secrets.env| Environment Variable | Description |
|---|---|
| TWILIO_ACCOUNT_SID | This will be your Twilio Account SID which can be found on the main Twilio console page here |
| TWILIO_AUTH_TOKEN | This will be your Twilio Auth Token which can be found on the main Twilio console page here |
| TWILIO_MSG_SERVICE_SID | This will be your Twilio SMS Messaging Service SID which can be found on the programable SMS console page here |
Copy the existing ssh-login-notify.service.example file within the repo content directory to a new ssh-login-notify.service file.
cd <repo content directory>/settings
cp sh-login-notify.service.example ssh-login-notify.serviceEdit the new 'ssh-login-notify.service' file and update the relevent directory paths to point to the repo content directory you've been working in.
Create Symlink for Systemd Service, Reload Systemd Daemon, Start the Service, and Enable Start on Boot
ln -s <repo content directory>/ssh-login-notify/ssh-login-notify.service /etc/systemd/system/ssh-login-notify.service
systemctl daemon-reload
systemctl enable --now ssh-login-notify.serviceConnect to the Systemd Journal and filter by the service unit with the follow switch (-f) so the console updates as logs are written.
While connected to the Systemd Journal, login to the same server using another computer/device/session to confirm that it sends a SMS message.
journalctl -f -u ssh-login-notify.service