misc/ssh_tg_notify: Lookup user id of root dynamically

master
Felix Stupp 2 years ago
parent 10e2dea52a
commit 10a3e8aa9f
Signed by: zocker
GPG Key ID: 93E1BD26F6B02FB7

@ -3,6 +3,7 @@
notify_directory: "{{ global_deployment_directory }}/ssh_notify" notify_directory: "{{ global_deployment_directory }}/ssh_notify"
notify_script: "{{ notify_directory }}/telegram.sh" notify_script: "{{ notify_directory }}/telegram.sh"
notify_cache_directory: "{{ notify_directory }}/cache" notify_cache_directory: "{{ notify_directory }}/cache"
notify_users_directory: "{{ notify_directory }}/users"
# recipient_id # recipient_id
bot_key: "{{ global_telegram_server_bot_key }}" bot_key: "{{ global_telegram_server_bot_key }}"

@ -17,6 +17,15 @@
loop: loop:
- "{{ notify_directory }}" - "{{ notify_directory }}"
- "{{ notify_cache_directory }}" - "{{ notify_cache_directory }}"
- "{{ notify_users_directory }}"
- name: Configure recipient id for root user
ansible.builtin.template:
src: root_id.j2
dest: "{{ notify_users_directory }}/root"
owner: root
group: root
mode: u=rw,g=r,o=
- name: Install notify script - name: Install notify script
template: template:

@ -1,12 +1,17 @@
#!/bin/bash #!/bin/bash
# Modified version, original source: https://gitlab.com/snippets/1871482#note_188602535 # Modified version, original source: https://gitlab.com/snippets/1871482#note_188602535
USER_ID_DIR={{ notify_users_directory | quote }}
CACHE_DIR={{ notify_cache_directory | quote }} CACHE_DIR={{ notify_cache_directory | quote }}
USERID={{ recipient_id | quote }}
KEY={{ bot_key | quote }} KEY={{ bot_key | quote }}
TIMEOUT={{ timeout | quote }} TIMEOUT={{ timeout | quote }}
getUserId() {
USER_CONF="${USER_ID_DIR}/$1"
[[ -r "$USER_CONF" ]] && head -n 1 "$USER_CONF"
}
URL="https://api.telegram.org/bot$KEY/sendMessage" URL="https://api.telegram.org/bot$KEY/sendMessage"
sendMessage() { sendMessage() {
curl -s --max-time "$TIMEOUT" -H "Content-Type: application/x-www-form-urlencoded" -d "chat_id=$1" -d "disable_web_page_preview=1" -d "parse_mode=Markdown" -d "text=$2" "$URL" >/dev/null curl -s --max-time "$TIMEOUT" -H "Content-Type: application/x-www-form-urlencoded" -d "chat_id=$1" -d "disable_web_page_preview=1" -d "parse_mode=Markdown" -d "text=$2" "$URL" >/dev/null
@ -25,5 +30,6 @@ if [[ "$PAM_SERVICE" == "sshd" && "$PAM_TYPE" == "open_session" && "$PAM_USER" !
HOSTNAME=$(hostname --fqdn) HOSTNAME=$(hostname --fqdn)
TEXT="Successful login from [$IP](https://stat.ripe.net/app/$IP) for ${PAM_USER} @ ${HOSTNAME} ($(date "+%Y-%m-%d %H:%M"))" TEXT="Successful login from [$IP](https://stat.ripe.net/app/$IP) for ${PAM_USER} @ ${HOSTNAME} ($(date "+%Y-%m-%d %H:%M"))"
# send to root # send to root
sendMessage "$USERID" "$TEXT" ROOT_USER_ID="$(getUserId root)"
sendMessage "$ROOT_USER_ID" "$TEXT"
fi fi

Loading…
Cancel
Save