# CAI-Watchdog Watchdog for monitoring web-services and running processes ## Requirements ### On \*nix - OpenSSL 1.0.1, 1.0.2, 1.1.0, or 1.1.1 with headers (see https://github.com/sfackler/rust-openssl) - Perl - Curl ### On Windows - PowerShell ## Configuration file Default configuration file location: **On \*nix:** /etc/cai-watchdog.conf **On Windows:** current directory You can specify config file as parameter: ```cai-watchdog /path/to/config/config_file.conf``` (*nix) or ```cai-watchdog.exe drive:\path\to\config\config_file.ini``` (Windows) ### Configuration file parameters ``` [main] check_interval = Interval between checks in seconds rules_count = Rules count to be loaded from config. Rules sections must be enumerated continuously [rule1], [rule2] ... etc on_start_command = Command to be executed when watchdog started [rule1] service = Service name uri = URI to be checked process = process to be checked email = E-mail address for notifications command = Command to send notification ``` In commands You can use fields ``````, ``````, ``````, ``````, ``````, `````` and `````` - `````` - E-mail address for notifications - `````` - E-mail subject - `````` - Message text - `````` - Service name - `````` - Service URI (for web services) - `````` - Process name (for OS tasks) - `````` - Service states are ```online``` and ```offline```, process states are ```running``` and ```stopped``` ### Scripts configurations #### *nix ##### send-mail **Usage:** ```send-mail recipient 'subject' 'message'``` Configuration file ```/etc/cai-watchdog/email.conf``` - ```Username:``` - Set e-mail user name here - ```Password:``` - Set e-mail password here - ```SMTP Server:``` - Set SMTP server address here - ```Port:``` - Set SMTP port here ##### send-mail-[locale] **Usage:** ```send-mail-[locale] recipient 'service' 'process-or-uri' 'state'``` Configuration file ```/etc/cai-watchdog/email.conf``` - ```Username:``` - Set e-mail user name here - ```Password:``` - Set e-mail password here - ```SMTP Server:``` - Set SMTP server address here - ```Port:``` - Set SMTP port here ##### send-telegram **Usage:** ```send-telegram 'message'``` Configuration file ```/etc/cai-watchdog/telegram.conf``` - ```Group ID:``` - Set Telegram group ID here - ```Bot token:``` - Set Telegram token here ##### send-telegram-[locale] **Usage:** ```send-telegram-[locale] 'service', 'process-or-uri', 'state'``` Configuration file ```/etc/cai-watchdog/telegram.conf``` - ```Group ID:``` - Set Telegram group ID here - ```Bot token:``` - Set Telegram token here #### Windows ##### send-mail.ps1 **Usage:** ```send-mail.ps1 recipient 'subject' 'message'``` Next lines needs to be configured: - ```$EmailFrom = "yourmailadress@somedomain.com"``` - Set sender e-mail address here - ```$SMTPServer = "smtp.somedomain.com"``` - Set SMTP-server address here - ```$SMTPClient.EnableSsl = $true``` - Set SSL flag here - ```$SMTPClient.Credentials = New-Object System.Net.NetworkCredential("usr", "pass");``` - Set user ("usr") and password ("pass") here ##### send-telegram.ps1 **Usage:** ```send-telegram.ps1 'message'``` - ```$Telegramtoken = "Your_Telegram_Token"``` - Set Telegram token here - ```$Telegramchatid = "Your_Telegram_Chat_ID"``` - Set Telegram chat ID here ### How to get Telegram token and chat ID 1. Open ```@BotFather``` bot 1. Run ```/newbot``` command and give name to your new bot 1. Enter a username for the bot 1. Take note of the API token. We will need this later. **Note:** it is case sensitive 1. Click the link to open a chat with the newly created bot Next you need to find your Telegram Chat ID. 1. From the Telegram home screen, search for ```chatid_echo_bot```. Click Chat ID Echo to open a chat 1. Enter ```/start``` to get the bot to send you your Telegram Chat ID 1. Take note of the Telegram Chat ID returned ### Service configuration (*nix) If you want to get messages when watchdog service is stopped, uncomment following line: ```ExecStopPost=/etc/cai-watchdog/on-stop``` ## User logins monitoring (*nix) Watchdog can send notifications on user login. Just add to ```/etc/profile.d/sshinfo.sh``` next lines: - For Telegram: ``` User=$(whoami) IP=$(echo $SSH_CONNECTION | awk '{ print $1 == "" ? "127.0.0.1" : $1 }') CAI_WATCHDOG_PATH=/etc/cai-watchdog source ${CAI_WATCHDOG_PATH}/inc-icons ${CAI_WATCHDOG_PATH}/send-telegram "${ICON_INFO} SSH: User ${User} is logged in from ${IP}" ``` - For e-mail: ``` User=$(whoami) IP=$(echo $SSH_CONNECTION | awk '{ print $1 == "" ? "127.0.0.1" : $1 }') CAI_WATCHDOG_PATH=/etc/cai-watchdog source ${CAI_WATCHDOG_PATH}/inc-icons ${CAI_WATCHDOG_PATH}/send-mail your@mail.addr '${ICON_INFO} SSH: User ${User} is logged in' '${ICON_INFO} SSH: User ${User} is logged in from ${IP}' ``` ## User logouts monitoring (*nix) 1. Create file ```/etc/pam.d/pam_session.sh``` with next content: For Telegram: ``` #!/bin/sh CAI_WATCHDOG_PATH=/etc/cai-watchdog if [ "$PAM_TYPE" = "close_session" ]; then ${CAI_WATCHDOG_PATH}/send-telegram "SSH: User ${PAM_USER} is logged out" fi ``` For e-mail: ``` #!/bin/sh CAI_WATCHDOG_PATH=/etc/cai-watchdog if [ "$PAM_TYPE" = "close_session" ]; then ${CAI_WATCHDOG_PATH}/send-mail your@mail.addr 'SSH: User ${PAM_USER} is logged out' 'SSH: User is logged out' fi ``` and set executable flag on it 1. Modify ```/etc/pam.d/sshd```, add line ```session optional pam_exec.so quiet /etc/pam.d/pam_session.sh``` ## Localization You can find locales in ```/etc/cai-watchdog/locales/``` in *nix and in ```locales``` subfolder in Windows. locale files must be named like locale_name.conf, for example: Russian locale is ru-RU.