Linux服务器登录成功提醒

本文基于debian系统，理论通用，请自行测试！

WebHook提示

以钉钉为例

1.钉钉创建群聊→群设置→机器人管理→添加自定义机器人，保存WebHook地址

2.编辑/etc/pam.d/password-auth文件

session optional pam_exec.so /usr/local/bin/sent_login_hook.sh

3.编辑/usr/local/bin/sent_login_hook.sh

if [[ -z "${SENT_LOGIN_HOOK}" ]]; then
    # 发送钉钉消息
    webhook="替换成钉钉webhook地址"
    ip=$(curl https://ddnsip.cn)
    time=$(date +"%Y-%m-%d %H:%M:%S")
    user=$(whoami)
    loginIP=$(ifconfig eth0 | grep inet | awk '{print $2}' | cut -d: -f2)

    msgContent="服务器登录提醒：${ip} 于 ${time} 通过 IP ${loginIP} 登录。登录用户为 ${user}。"
    post_data="{\"msgtype\": \"text\",\"text\": {\"content\": \"${msgContent}\"}}"
    wget --quiet --header "Content-Type: application/json" --post-data "${post_data}" -O - "${webhook}"

    export SENT_LOGIN_HOOK=1
fi

3.提升权限

chmod +x /usr/local/bin/sent_login_hook.sh

邮件通知

安装fail2ban

sudo apt-get install curl fail2ban -y

编辑/etc/fail2ban/jail.local

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 3600 # 封禁时间，单位为秒，默认为600秒即10分钟

# 自定义action来发送邮件提醒管理员，如果不需要可以注释掉或删除此段配置。
action = %(action_mwl)s

# 发送邮件的配置信息，根据自己的情况修改。
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = curl -X POST https://api.sendcloud.net/apiv2/mail/send \
    --data-urlencode "apiUser=your_api_user" \
    --data-urlencode "apiKey=your_api_key" \
    --data-urlencode "[email protected]" \
    --data-urlencode "[email protected]" \
    --data-urlencode "subject=Fail2Ban Notice: <ip> banned on <hostname>" \
    --data-urlencode "html=<p>Hi Admin,</p ><p>The IP address <ip> has just been banned on <hostname> by Fail2Ban because of too many authentication failures.</p ><br/><br/><p>This message is automatically generated by Fail2Ban.</p >"
actionunban =