A SSH monitoring platform with Discord !

Introduction

Two days ago, I came up with an idea : “Why not use Discord as a monitoring platform for servers I manage ?”.
I meant, we actually use GitHub’s web-hooks (pretty handful during development by the way), but Discord provides an API allowing us to do almost anything we want.

Let’s go then ! You’ll find below a short tutorial to build your first web-hook, announcing each SSH connection occurring on the server of your choice.

Features

Send a notification when a connection occurs
Announce the session opened and the server name (useful if you have many on the same Discord channel)
Display the result of a reversed DNS query on the source IP
Ability to send the same message by SMS with Free SMS API (French users)

Tutorial

Creating a Discord web-hook

That’s pretty easy actually. If you never did that in the past, just go to the settings of a channel you have rights on, click on webhooks, and on Create webhooks. You should now have a pop up like this :

Look at the URL of your new web-hook, and extract from it its identifier (first parameter), and its token (the second one).

Deploying a script hook on SSHD

A “hook” ?? Not again !

— Well… hum, yeah. Sorry.

Actually, somehow we need to make SSHD execute something to notify us when an event is occurring. This is what you have to do to get it working :

Install the requirements :
- python3
- python3-requests
- dnsutils
Fetch the Python script I wrote for the occasion
Set your Discord web-hook information (id & token) within the script
Move it to the /usr/local/bin/ folder (or anywhere else, but sshd will need to access it !), and set its permissions accordingly :
- # mv hook_SSH.py /usr/local/bin/
- # chmod 755 /usr/local/bin/hook_SSH.py
And finally :
- # echo 'python3 /usr/local/bin/hook_SSH.py &' >> /etc/ssh/sshrc
- # service sshd reload

If everything is set, your next occurring SSH connection should trigger a notification on your channel !
If not, you can contact me and we’ll figure something out
This script handles testing execution too (not within a SSH environment). You can run it out-of-the-box to check your settings (however, don’t expect any IP to show up) !

Addendum about the Free SMS API

In France we got a famous ISP, Free. We can blame them for many things, but the API they provide for SMS is just the best thing which never existed.
This script will send a SMS (with the same content) to the sys-admin who are able to use this API (coucou la France), when the post to Discord was not successful (useful when Discord is out) #backupPlan.
Other users should let SEND_SMS_ON_FAIL to False.

Some other things you need to know

This post has been mainly inspired by this article, and improved afterward with its first comment !
The funny thing is : 15 days ago, someone has come up with the same idea. I invite you to look at how he actually did this ! It’s here.
The logo I use for my web-hooks comes from here, thanks to its author !

Bye

PS : That was the first post written in Markdown on this website. I had to re-think the whole thing to get it working But it was about time, isn’t it ?