Linux服务器登录成功提醒

本文基于debian系统,理论通用,请自行测试!

WebHook提示

以钉钉为例

1.钉钉创建群聊→群设置→机器人管理→添加自定义机器人,保存WebHook地址

2.编辑/etc/pam.d/password-auth文件

1
session optional pam_exec.so /usr/local/bin/sent_login_hook.sh

3.编辑/usr/local/bin/sent_login_hook.sh

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
if [[ -z "${SENT_LOGIN_HOOK}" ]]; then
# 发送钉钉消息
webhook="替换成钉钉webhook地址"
ip=$(curl https://ddnsip.cn)
time=$(date +"%Y-%m-%d %H:%M:%S")
user=$(whoami)
loginIP=$(ifconfig eth0 | grep inet | awk '{print $2}' | cut -d: -f2)

msgContent="服务器登录提醒:${ip} 于 ${time} 通过 IP ${loginIP} 登录。登录用户为 ${user}。"
post_data="{\"msgtype\": \"text\",\"text\": {\"content\": \"${msgContent}\"}}"
wget --quiet --header "Content-Type: application/json" --post-data "${post_data}" -O - "${webhook}"

export SENT_LOGIN_HOOK=1
fi

3.提升权限

1
chmod +x /usr/local/bin/sent_login_hook.sh

邮件通知

安装fail2ban

1
sudo apt-get install curl fail2ban -y

编辑/etc/fail2ban/jail.local

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 3600 # 封禁时间,单位为秒,默认为600秒即10分钟

# 自定义action来发送邮件提醒管理员,如果不需要可以注释掉或删除此段配置。
action = %(action_mwl)s

# 发送邮件的配置信息,根据自己的情况修改。
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = curl -X POST https://api.sendcloud.net/apiv2/mail/send \
--data-urlencode "apiUser=your_api_user" \
--data-urlencode "apiKey=your_api_key" \
--data-urlencode "[email protected]" \
--data-urlencode "[email protected]" \
--data-urlencode "subject=Fail2Ban Notice: <ip> banned on <hostname>" \
--data-urlencode "html=<p>Hi Admin,</p ><p>The IP address <ip> has just been banned on <hostname> by Fail2Ban because of too many authentication failures.</p ><br/><br/><p>This message is automatically generated by Fail2Ban.</p >"
actionunban =

Linux服务器登录成功提醒

http://wxory.com/archives/31504.html

作者

Wxory

发布于

2023-06-21

更新于

2024-03-02

许可协议

CC BY 4.0