diff --git a/.gitignore b/.gitignore index a7690f8..37316a8 100644 --- a/.gitignore +++ b/.gitignore @@ -8,4 +8,5 @@ *.sw? # Build files -target \ No newline at end of file +target +Cargo.lock diff --git a/Cargo.lock b/Cargo.lock index 5ea613f..a5e3371 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -402,9 +402,9 @@ checksum = "a3e378b66a060d48947b590737b30a1be76706c8dd7b8ba0f2fe3989c68a853f" [[package]] name = "memchr" -version = "2.3.4" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ee1c47aaa256ecabcaea351eae4a9b01ef39ed810004e298d2511ed284b1525" +checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d" [[package]] name = "mime" diff --git a/README.md b/README.md index 71c98e9..f508d36 100644 --- a/README.md +++ b/README.md @@ -26,13 +26,13 @@ You can specify config file as parameter: ```cai-watchdog /path/to/config/config ``` [main] -check_interval - Interval between checks in seconds -rules_count - Rules count to be loaded from config. Rules sections must be enumerated continuously [rule1], [rule2] ... etc +check_interval = Interval between checks in seconds +rules_count = Rules count to be loaded from config. Rules sections must be enumerated continuously [rule1], [rule2] ... etc [notifications] -email - E-mail address for system notifications. Can be empty -command - Command to send notification -service_start - Send program start notification [true | false] +email = E-mail address for system notifications. Can be empty +command = Command to send notification +service_start = Send program start notification [true | false] [rule1] service = Service name @@ -102,3 +102,39 @@ Next you need to find your Telegram Chat ID. 1. From the Telegram home screen, search for ```chatid_echo_bot```. Click Chat ID Echo to open a chat 1. Enter ```/start``` to get the bot to send you your Telegram Chat ID 1. Take note of the Telegram Chat ID returned + +## User logins monitoring (*nix) + +Watchdog can send notifications on user login. Just add to ```/etc/profile.d/sshinfo.sh``` next lines: + +- For Telegram: + 1. ```User=$(whoami)``` + 1. ```send-telegram "SSH: User ${Users} is logged in"``` +- For e-mail: + 1. ```User=$(whoami)``` + 1. ```send-mail your@mail.addr 'SSH: User ${Users} is logged in' 'SSH: User ${Users} is logged in'``` + +## User logouts monitoring (*nix) + +1. Create file ```/etc/pam.d/pam_session.sh``` with next content: + + For Telegram: + + ``` + #!/bin/sh + if [ "$PAM_TYPE" = "close_session" ]; then + send-telegram "SSH: User is logged out" + fi + ``` + + For e-mail: + + ``` + #!/bin/sh + if [ "$PAM_TYPE" = "close_session" ]; then + send-mail your@mail.addr 'SSH: User is logged out' 'SSH: User is logged out' + fi + ``` + and set executable flag on it + +1. Modify ```/etc/pam.d/sshd```, add line ```session optional pam_exec.so quiet /etc/pam.d/pam_session.sh```