sh 从Linux fail2ban,ssh auth和其他操作向Slack发送通知

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了sh 从Linux fail2ban,ssh auth和其他操作向Slack发送通知相关的知识,希望对你有一定的参考价值。

#!/bin/sh

# Display usage information
function show_usage {
  echo "Default Usage: $0 [subject] [action] [msg]"
  echo "Example: $0 DATABASE backup succefully"
  echo "Custom actions: $0 fail2brain start|stop|ban (ip)|unban (ip)"
  echo "Custom actions: $0 sshauth (use variables from pam_exec to generate msg)."
  exit
}

# Check for script arguments
if [ $# -lt 1 ]
then
  show_usage
fi

# Custom reporting
if [ "$1" = 'fail2ban' ]
then
	#slack.conf start and stop not set
	if [ "$2" = 'start' ]
	then
	  message='Fail2ban just started.'
	  echo $message | path/to/slackpost.sh
	elif [ "$2" = 'stop' ]
	then
	  message='Fail2ban just stopped.'
	  echo $message | path/to/slackpost.sh
	elif [ "$2" = 'ban' ]
	then
	  message=$([ "$2" != '' ] && echo "[$1] just banned $3" || echo 'Fail2ban just banned an ip.' )
	  echo $message | path/to/slackpost.sh
	elif [ "$2" = 'unban' ]
	then
	  message=$([ "$2" != '' ] && echo "[$1] just unbanned $3" || echo "Fail2ban just unbanned an ip." )
	  echo $message | path/to/slackpost.sh
	else
	  show_usage
	fi
# Extra check if not logout (close_session)
elif [ "$1" = "sshauth" ]
then
	#slack.conf start and stop not set
	if [ "$PAM_TYPE" != "close_session" ]
	then
	  #env is last cmd variables
	  #subject="SSH Login: $PAM_USER from $PAM_RHOST on $host"
	  # Message to send, e.g. the current environment variables.
	  message="$PAM_RHOST has just connected on $HOSTNAME with user $PAM_USER (PAM_TYPE=$PAM_TYPE)"
    	  # message="`env`"
	  echo $message | path/to/slackpost.sh
 	fi

# Default 
else
	echo "[$1] action: $2 msg: $3" | path/to/slackpost.sh
fi

以上是关于sh 从Linux fail2ban,ssh auth和其他操作向Slack发送通知的主要内容,如果未能解决你的问题,请参考以下文章

sh 安装Fail2ban以保护CentOS 6上的SSH

服务器安全神器,Linux 上安装 Fail2Ban 保护 SSH

使用fail2ban屏蔽LINUX恶意暴力破解密码

CentOS 7安装fail2ban+Firewalld防止SSH爆破

sh fail2ban centos 7

sh fail2ban报告ips