本文基于 debian 系统,理论通用,请自行测试!
WebHook 提示 钉钉通知 1.钉钉创建群聊 → 群设置 → 机器人管理 → 添加自定义机器人,保存 WebHook 地址
2.打开/etc/profile.d 文件夹
3.新建 sent_login_hook.sh
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 if [[ -z "${SENT_LOGIN_HOOK}" ]]; then # 发送钉钉消息 webhook="替换成钉钉webhook地址" ip=$(curl https://ddnsip.cn) time=$(date +"%Y-%m-%d %H:%M:%S") user=$(whoami) loginIP=$(echo $SSH_CONNECTION | awk '{print $1}') msgContent="服务器登录提醒:${ip} 于 ${time} 通过 IP ${loginIP} 登录。登录用户为 ${user}。" post_data="{\"msgtype\": \"text\",\"text\": {\"content\": \"${msgContent}\"}}" wget --quiet --header "Content-Type: application/json" --post-data "${post_data}" -O - "${webhook}" export SENT_LOGIN_HOOK=1 fi
显示 IP 属地
代码中接口有限额,求轻用
使用前需要安装 jq
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 if [[ -z "${SENT_LOGIN_HOOK}" ]]; then # 发送钉钉消息 webhook="替换为钉钉webhook" ip=$(curl https://ddnsip.cn) time=$(date +"%Y-%m-%d %H:%M:%S") user=$(whoami) loginIP=$(echo $SSH_CONNECTION | awk '{print $1}') # 获取登录IP的地理位置信息 location_data=$(curl "https://ip.wxory.com/?ip=${loginIP}") nation=$(echo "$location_data" | jq -r '.result.ad_info.nation') province=$(echo "$location_data" | jq -r '.result.ad_info.province') city=$(echo "$location_data" | jq -r '.result.ad_info.city') # 拼接消息内容 msgContent="服务器登录提醒:${ip}于${time} 通过 IP ${loginIP} 登录。登录用户为${user}。地理位置信息:国家 ${nation},省份${province},城市 ${city}。" post_data="{\"msgtype\": \"text\",\"text\": {\"content\": \"${msgContent}\"}}" # 发送钉钉消息 wget --quiet --header "Content-Type: application/json" --post-data "${post_data}" -O - "${webhook}" export SENT_LOGIN_HOOK=1 fi
飞书通知 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 if [[ -z "${SENT_LOGIN_HOOK}" ]]; then # 发送飞书消息 webhook="https://open.feishu.cn/open-apis/bot/v2/hook/****" ip=$(curl https://ddnsip.cn) time=$(date +"%Y-%m-%d %H:%M:%S") user=$(whoami) loginIP=$(echo $SSH_CONNECTION | awk '{print $1}') echo "${loginIP}" # 获取登录IP的地理位置信息 location_data=$(curl "https://ip.wxory.com/?ip=${loginIP}") nation=$(echo "$location_data" | jq -r '.result.ad_info.nation') province=$(echo "$location_data" | jq -r '.result.ad_info.province') city=$(echo "$location_data" | jq -r '.result.ad_info.city') # 拼接消息内容 msgContent="服务器登录提醒:${ip}于${time} 通过 IP ${loginIP} 登录。登录用户为${user}。地理位置信息:国家 ${nation},省份${province},城市 ${city}。" post_data="{\"msg_type\": \"text\",\"content\": {\"text\": \"${msgContent}\"}}" # 发送飞书消息 curl -X POST -H "Content-Type: application/json" \ -d "${post_data}" \ "${webhook}" export SENT_LOGIN_HOOK=1 fi
邮件通知 安装 fail2ban
1 sudo apt-get install curl fail2ban -y
编辑/etc/fail2ban/jail.local
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 [sshd] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 3 bantime = 3600 # 封禁时间,单位为秒,默认为600秒即10分钟 # 自定义action来发送邮件提醒管理员,如果不需要可以注释掉或删除此段配置。 action = %(action_mwl)s # 发送邮件的配置信息,根据自己的情况修改。 [Definition] actionstart = actionstop = actioncheck = actionban = curl -X POST https://api.sendcloud.net/apiv2/mail/send \ --data-urlencode "apiUser=your_api_user" \ --data-urlencode "apiKey=your_api_key" \ --data-urlencode "[email protected] " \ --data-urlencode "[email protected] " \ --data-urlencode "subject=Fail2Ban Notice: <ip> banned on <hostname>" \ --data-urlencode "html=<p>Hi Admin,</p ><p>The IP address <ip> has just been banned on <hostname> by Fail2Ban because of too many authentication failures.</p ><br/><br/><p>This message is automatically generated by Fail2Ban.</p >" actionunban =