Bart Simons

notification

A 2 post collection


Send an SMS notification upon successful SSH authentication with Twilio

 •  Filed under ssh, sms, authentication, notification, twilio

Are your always curious about who logs into your server using SSH? Me too! Sometimes I am just a little paranoid and then I come up with these (crazy) ideas: sending an SMS when somebody successfully logs in over SSH. Why? Well: why not, right?

So, what do we need?

  • A server with an SSH daemon (duh...)
  • A Twilio account

So first of all, let me explain what Twilio is: it's an awesome company that makes placing and receiving calls, sending and receiving SMS and MMS, etcetera super simple. It operates over an API so that developers can create, integrate and automate telecommunication solutions into their applications.

Before continuing, make sure you have an account and make sure you write down your account SID and authentication token, both can be found on the Twilio console page.

Now, we need to prepare our server. Once any user successfully authenticates over SSH, we want to execute a script before any shell process gets spawned. This is how I did it:

First I created a script in the /opt directory called sshauthsms.sh with the following contents in it:

#!/bin/bash

curl -s -X POST 'https://api.twilio.com/2010-04-01/Accounts/YOURACCOUNTSIDGOESHERE/Messages.json' --data-urlencode 'To=+12345678901' --data-urlencode 'From=+15017250604' --data-urlencode 'Body=Somebody just succesfully SSHed into your server!' -u YOURACCOUNTSIDGOESHERE:YOURAUTHTOKENGOESHERE > /dev/null  

Make sure to replace the account SID and authentication token placeholders by the values stated in your Twilio console and replace the To and From phone numbers to your phone numbers. Also, don't forget to make the script executable:

chmod +x /opt/sshauthsms.sh  

There's only one more thing left to do: modifying the SSH daemon configuration file. For me (I use Ubuntu) it was located at /opt/ssh/sshd_config.

Just add the following line to the bottom of this file:

ForceCommand /opt/sshauthsms.sh; /bin/bash  

And restart your SSH server daemon with:

service sshd restart  

Try it out! For me it worked brilliantly:

It works!

Have a wonderful day! 🎉

Modifying sudo to run an executable after successful authentication

 •  Filed under sudo, ubuntu, desktop, notification

So I recently installed Ubuntu on my Intel NUC and one thing that was bugging me out was having to enter my account password everytime when using the sudo command. I already fixed it with the NOPASSWD option for the sudo group. This is not the best solution when it comes to security, as any executable could gain sudo access on my local system. That brought up an idea in my head, namely modifying the sudo codebase so that you get a graphical notification on your screen when someone successfully authenticates with sudo. Here's an example:

Libnotify Notification Test

The utility I used to create this message is notify-send, which comes pre-installed with Ubuntu. So what we want is this command to be launched from the C++ code base so that we get a nice message upon sudo access! Let's begin.

At first, you make sure that you have all necessary development packages installed on your system:

sudo apt install build-essential git

And make sure you have all deb-src sources uncommented in /etc/apt/sources.list. Afterwards make sure to update your package cache again with sudo apt update.

The next step is fetching the sudo source code:

apt source sudo

Good. So the next step is to modify the source code of sudo. More specifically, you need to change one single source code file of the sudoers plugin named sudoers.c which can be found in the following directory:

sudosourceroot/plugins/sudoers

Open the file in your favorite editor. Search for the function create_admin_success_flag and add the following code at the top of all found function blocks:

popen("/usr/bin/notify-send -i dialog-warning \"Sudo notification\" \"Someone just gained root access!\" --urgency=critical", "r");  

Go back to the sudo source code root directory and run the usual compilation commands:

./configure && make && sudo make install

Enjoy a safer Linux desktop experience!