CAI-Watchdog/README.md

# CAI-Watchdog

Watchdog for monitoring web-services

## Requirements

### On \*nix
- OpenSSL 1.0.1, 1.0.2, 1.1.0, or 1.1.1 with headers (see https://github.com/sfackler/rust-openssl)
- Perl
- Curl

### On Windows
- PowerShell

## Configuration file

Default configuration file location:

**On \*nix:** /etc/cai-watchdog.conf

**On Windows:** current directory

You can specify config file as parameter: ```cai-watchdog /path/to/config/config_file.conf``` (*nix) or ```cai-watchdog.exe drive:\path\to\config\config_file.ini``` (Windows)

### Configuration file parameters

```
[main]
check_interval = Interval between checks in seconds
rules_count = Rules count to be loaded from config. Rules sections must be enumerated continuously [rule1], [rule2] ... etc

[notifications]
email = E-mail address for system notifications. Can be empty
command = Command to send notification
service_start = Send program start notification [true | false]

[rule1]
service = Service name
uri = URI to be checked
email = E-mail address for notifications
command = Command to send notification
```

In commands You can use fields ```<email>```, ```<subject>``` and ```<message>```

- ```<email>``` - E-mail address for notifications
- ```<subject>``` - E-mail subject
- ```<message>``` - Message text

### Scripts configurations

#### *nix

##### send-mail

**Usage:** ```send-mail recipient 'subject' 'message'```

Configuration file ```/etc/email.conf```

- ```Username:``` - Set e-mail user name here
- ```Password:``` - Set e-mail password here
- ```SMTP Server:``` - Set SMTP server address here
- ```Port:``` - Set SMTP port here
##### send-telegram

**Usage:** ```send-telegram 'message'```

Configuration file ```/etc/telegram.conf```

- ```Group ID:``` - Set Telegram group ID here
- ```Bot token:``` - Set Telegram token here
#### Windows

##### send-mail.ps1

**Usage:** ```send-mail.ps1 recipient 'subject' 'message'```

Next lines needs to be configured:

- ```$EmailFrom = "yourmailadress@somedomain.com"``` - Set sender e-mail address here
- ```$SMTPServer = "smtp.somedomain.com"``` - Set SMTP-server address here
- ```$SMTPClient.EnableSsl = $true``` - Set SSL flag here
- ```$SMTPClient.Credentials = New-Object System.Net.NetworkCredential("usr", "pass");``` - Set user ("usr") and password ("pass") here

##### send-telegram.ps1

**Usage:** ```send-telegram.ps1 'message'```

- ```$Telegramtoken = "Your_Telegram_Token"``` - Set Telegram token here
- ```$Telegramchatid = "Your_Telegram_Chat_ID"``` - Set Telegram chat ID here

### How to get Telegram token and chat ID

1. Open ```@BotFather``` bot
1. Run ```/newbot``` command and give name to your new bot
1. Enter a username for the bot
1. Take note of the API token. We will need this later. **Note:** it is case sensitive
1. Click the link to open a chat with the newly created bot

Next you need to find your Telegram Chat ID.

1. From the Telegram home screen, search for ```chatid_echo_bot```. Click Chat ID Echo to open a chat
1. Enter ```/start``` to get the bot to send you your Telegram Chat ID
1. Take note of the Telegram Chat ID returned

## User logins monitoring (*nix)

Watchdog can send notifications on user login. Just add to ```/etc/profile.d/sshinfo.sh``` next lines:

- For Telegram:
    1. ```User=$(whoami)```
    1. ```send-telegram "SSH: User ${Users} is logged in"```
- For e-mail:
    1. ```User=$(whoami)```
    1. ```send-mail your@mail.addr 'SSH: User ${Users} is logged in' 'SSH: User ${Users} is logged in'```

## User logouts monitoring (*nix)

1. Create file ```/etc/pam.d/pam_session.sh``` with next content:

    For Telegram:

    ```
    #!/bin/sh
    if [ "$PAM_TYPE" = "close_session" ]; then
      send-telegram "SSH: User is logged out"
    fi
    ```

    For e-mail:

    ```
    #!/bin/sh
    if [ "$PAM_TYPE" = "close_session" ]; then
      send-mail your@mail.addr 'SSH: User is logged out' 'SSH: User is logged out'
    fi
    ```
    and set executable flag on it

1. Modify ```/etc/pam.d/sshd```, add line ```session     optional    pam_exec.so   quiet /etc/pam.d/pam_session.sh```