When running your own linux server, one of the more basic security recommendations I recommend is to notify admin on ssh logins. But how should we do this? I, for one, don’t let email anywhere near my servers… so I need to notify the admin without sending an email directly from the server.
Use the /etc/profile.d directory to run a command on vps login
Turns out, it’s super simple to make your linux vps run specified commands every time someone logs in. All you need to do is place a shell script into the /etc/profile.d directory.
cd
cd /etc/profile.d
touch notifyonlogin.sh
nano notifyonlogin.sh
// now the terminal will open the nano text editor,
// where you can edit your new bash file.Use Curl in a BASH script to notify admin on vps logins via ssh
If you’re on the new side, don’t be intimidated by shell scripting. It’s just a list of commands that get executed in sequence. In our case, we just want to ping the outside world and say “hey, someone just logged in!”
Thanks to the handy http tool curl, we can do this with one simple command:
curl -s "https://YOURURL.COM?user=${USER}All that’s happening here is we are pinging a remote URL and passing the linux ${USER} as a parameter.
So now we have to set up a server to receive this, you ask?
Not really. My go-to for this sort of stuff is the killer message bus / api glue Pipedream. You can set up an endpoint to receive the vps login notification with just a few clicks.
1. Create a new workflow in Pipedream
2. Select HTTP endpoint to create a new endpoint for receiving VPS login notifcations
Once you select HTTP/Webhook and save, you will be greeted right away by your new custom endpoint url for catching http requests from your vps.
Remember to hit “Deploy” in the top-right of the Pipedream editor once you reach this screen.
Now you can update your BASH script with your new endpoint. My final bash script looks like this following, and all I did was save it /etc/profile.d and name it notifyonlogin.sh.
#!/bin/bash
# onlogin curl pipedream
curl -s "https://abc123.m.pipedream.net?user=${USER}&server=phils_vps";Note how I added a parameter with the name of the server. This is so I can send vps login notifications from various VPS servers to the same Pipedream endpoint.
3. Paste that url into your browser url bar to generate a test event
Now take your url just like above and paste it into your web browser. This will give you a test event to work off of for the rest of the setup.
Once the requests hit Pipedream, they’re super easy to use for your next step in the workflow. Want to get a text message? Pipedream has twilio and other sms integrations. Usually I do email and use AWS SES. But I’m gonna keep it simple here and use Pipedream’s built-in email tool (this can only email the Pipedream account owner, which is fine for me in this case).
Look how neat the requests are to handle in Pipedream:
In my case, with the email back to myself, I can go back to the Pipedream editor and do as follows:
4. Send email notication on vps ssh login
Back in the workflow editor in the trigger section up top, select the most recent Event, your test when you visited the url in your browser.
Now click to create a new step by clicking the plus sign below the trigger box. Then select “email to self.”
Now, in the step, we can just hover over and copy the query parameters from the trigger section and paste them into the email:
Here’s how it looks when I paste the server name and user name into my email step.
That’s it! You have successfully notified yourself on all ssh logins to your linux server!
If you liked this post, follow me on Twitter @philwonski so you know when I post similar content. You can see past posts by me here.
There’s also lots of great (and less esoteric) content being produced by our team on a regular basis — be sure to find us on LinkedIn, and sign up to our newsletter in the footer of this page.
Featured image created with a Dall-E 2 prompt.
