Page MenuHomeDevCentral
Files F3816891

D1343.diff
No OneTemporary
Actions

D1343.diff
View Options

diff --git a/roles/bastion/pam/files/pam-login-notification.py b/roles/bastion/pam/files/pam-login-notification.py
new file mode 100644
--- /dev/null
+++ b/roles/bastion/pam/files/pam-login-notification.py
@@ -0,0 +1,51 @@
+#!/usr/bin/env python3
+
+# -------------------------------------------------------------
+# Notifications center - SSH bastion login
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Author: Sébastien Santoro aka Dereckson
+# Project: Nasqueron
+# Created: 2018-02-20
+# Dependencies: PAM
+# License: BSD-2-Clause
+# -------------------------------------------------------------
+
+"""
+This module fires a notification according PAM environment.
+
+It's intended to be called through pam_exec.
+"""
+
+
+import json
+import os
+import platform
+import requests
+
+
+def get_hostname():
+ return platform.node()
+
+
+def build_notification(type, username):
+ return json.dumps({
+ "service": "SSH",
+ "type": type,
+ "group": "ops",
+ "text": "New SSH connection from " + username,
+ "link": get_hostname()
+ })
+
+
+def fire(notification):
+ url = "https://notifications.nasqueron.org/gate/Notification/Nasqueron"
+ return requests.post(url, notification)
+
+
+notification = build_notification(
+ os.environ['PAM_TYPE'],
+ os.environ['PAM_USER']
+)
+response = fire(notification)
+
+exit(response.status_code is not 200)
diff --git a/roles/bastion/pam/files/pam-login-notification.sh b/roles/bastion/pam/files/pam-login-notification.sh
new file mode 100755
--- /dev/null
+++ b/roles/bastion/pam/files/pam-login-notification.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+# -------------------------------------------------------------
+# Notifications center - SSH bastion login
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Author: Sébastien Santoro aka Dereckson
+# Project: Nasqueron
+# Created: 2018-02-20
+# Dependencies: PAM
+# License: BSD-2-Clause
+# -------------------------------------------------------------
+
+if [ "$PAM_TYPE" = "close_session" ]; then
+ exit 0
+fi
+
+url="https://notifications.nasqueron.org/gate/Notification/Nasqueron"
+content='{
+ "service": "SSH",
+ "type": "'$PAM_TYPE'",
+ "group": "ops",
+ "text": "New SSH connection from '$PAM_USER'",
+ "link": "'$(hostname -f)'"
+}'
+
+curl -X POST --data "$content" $url
diff --git a/roles/bastion/pam/files/sshd-otp-freebsd b/roles/bastion/pam/files/sshd-otp-freebsd
--- a/roles/bastion/pam/files/sshd-otp-freebsd
+++ b/roles/bastion/pam/files/sshd-otp-freebsd
@@ -34,6 +34,7 @@
# session
#session optional pam_ssh.so want_agent
+#session optional pam_exec.so /usr/local/bin/pam-login-notification
session required pam_permit.so
# password
diff --git a/roles/bastion/pam/init.sls b/roles/bastion/pam/init.sls
--- a/roles/bastion/pam/init.sls
+++ b/roles/bastion/pam/init.sls
@@ -8,6 +8,8 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
+{% from "map.jinja" import dirs with context %}
+
# -------------------------------------------------------------
# FreeBSD
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
@@ -19,3 +21,17 @@
- source: salt://roles/bastion/pam/files/sshd-otp-freebsd
{% endif %}
+
+# -------------------------------------------------------------
+# Notification
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{{ dirs.bin }}/pam-login-notification:
+ file.managed:
+ - source: salt://roles/bastion/pam/files/pam-login-notification.py
+ - mode: 755
+
+pam_login_notifications_dependencies:
+ pkg.installed:
+ - pkgs:
+ - {{ packages_prefixes.python3 }}requests

File Metadata

Mime Type
text/plain
Expires
Tue, Dec 3, 08:37 (20 h, 32 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2277320
Default Alt Text
D1343.diff (3 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator