Added source files

tejado · tejado · commit a5badbf17a59 · 2016-09-21T12:29:29.000+02:00
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+config
+*.log
diff --git a/README.md b/README.md
@@ -0,0 +1,11 @@
+# Shelltracer
+Small sh script collection for SSH User Login notifications over [pushover.net](https://pushover.net/).  
+Can also be used for other notifications, like OS startups, letsencrypt renewal, ...! Only limited by you imagination!
+
+## Installation
+Download the repo files, copy "config.sample" to "config" and adjust it. 
+Then add following line to your /etc/pam.d/sshd file:
+```
+session         optional        pam_exec.so             /root/shelltracer/exec.sh
+```
+
diff --git a/config.sample b/config.sample
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+PUSHOVER_TOKEN_APP="your_pushover_app_token"
+PUSHOVER_TOKEN_USER="your_pushover_user_token"
+
+TITLE="Shelltracer"
+
+LOGFILE=/var/log/shelltracer/log-trace.log
+
+# disables logout notifications if set to NO
+LOGOUT_NOTIFICATION="NO"
+
+DATE=/bin/date
+JOT=/usr/bin/jot
+ID=/usr/bin/id
+CURL=/usr/local/bin/curl
+NOHUP=/usr/bin/nohup
+HOST=/usr/bin/host
+HOSTNAME=/bin/hostname
+W=/usr/bin/w
+AWK=/usr/bin/awk
+
diff --git a/exec.sh b/exec.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+SCRIPT_DIR=`dirname $0`
+
+/usr/bin/nohup ${SCRIPT_DIR}/tracer.sh > ${SCRIPT_DIR}/log-error.log 2>&1 &
diff --git a/notify.sh b/notify.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+SCRIPT_DIR=`dirname $0`
+. "${SCRIPT_DIR}/config"
+
+PUSHOVER_TITLE="$1"
+PUSHOVER_MESSAGE="$2"
+PUSHOVER_URL="https://api.pushover.net/1/messages.json"
+
+${CURL} -s -F "token=${PUSHOVER_TOKEN_APP}" -F "user=${PUSHOVER_TOKEN_USER}" -F "title=${PUSHOVER_TITLE}" -F "message=${PUSHOVER_MESSAGE}" ${PUSHOVER_URL} >> ${LOGFILE} 2>&1
+echo >> ${LOGFILE}
diff --git a/tracer.sh b/tracer.sh
@@ -0,0 +1,68 @@
+#!/bin/sh
+
+SCRIPT_DIR=`dirname $0`
+. "${SCRIPT_DIR}/config"
+
+NOW_UNIX=`${DATE} +%s`
+NOW_HUMAN=`${DATE} "+%F %H:%M:%S"`
+RAND=`${JOT} -r 1 1000`
+MACHINE=`hostname`
+ 
+LOGFILE_TEMP="${LOGFILE}.${NOW_UNIX}.${RAND}"
+
+
+exit_program() {
+  ${W} >> $LOGFILE_TEMP
+  echo $1 >> $LOGFILE_TEMP
+  echo "==========================================================" >> $LOGFILE_TEMP
+  cat $LOGFILE_TEMP >> $LOGFILE
+  rm -f $LOGFILE_TEMP
+  exit
+}
+
+if [ ! -z "$PAM_USER" ]; then
+  USER=$PAM_USER
+elif [ -z "$USER" ]; then
+  USER="UKN"
+fi
+
+if [ ! -z "$PAM_SERVICE" ]; then   
+  SERVICE="$PAM_SERVICE"
+else
+  SERVICE="Manual"
+fi
+
+if [ "${PAM_SM_FUNC}" == "pam_sm_open_session" ]; then
+  ACTION="Login"
+elif [ "${PAM_SM_FUNC}" == "pam_sm_close_session" ]; then
+  ACTION="Logout"
+elif [ ! -z "${PAM_SM_FUNC}" ]; then
+  ACTION="${PAM_SM_FUNC}"
+else
+  ACTION="TERM EXEC"
+fi
+
+
+echo "Service: ${SERVICE}" >> $LOGFILE_TEMP
+echo "Action: ${ACTION}" >> $LOGFILE_TEMP
+echo "Date: ${NOW_HUMAN}" >> $LOGFILE_TEMP
+echo "Server: ${MACHINE}" >> $LOGFILE_TEMP
+echo "User: ${USER}" >> $LOGFILE_TEMP
+
+if [ ! -z "$PAM_RHOST" ]; then
+  IP=`${HOST} -W5 -t A $PAM_RHOST | ${AWK} '{ print $4 }'`
+
+  echo "User Host: ${PAM_RHOST}" >> $LOGFILE_TEMP
+  echo "User IP: $IP" >> $LOGFILE_TEMP
+fi
+
+
+if [ "${ACTION}" == "Logout" ] && [ "${LOGOUT_NOTIFICATION}" == "NO" ]; then
+  exit_program "Logout END - skipping pushover notification"
+fi
+
+PUSHOVER_TITLE=$TITLE
+PUSHOVER_MESSAGE=`cat $LOGFILE_TEMP`
+${SCRIPT_DIR}/notify.sh "${PUSHOVER_TITLE}" "${PUSHOVER_MESSAGE}"
+
+exit_program "${ACTION} END"
