#shell

Send a Slack Notification when SSH login detected

#!/bin/sh

# Place this file in /usr/local/bin and make executable
# sudo chmod +x /usr/local/bin/login-notify.sh
# Add line below to end of /etc/pam.d/sshd
# session optional pam_exec.so /usr/local/bin/login-notify.sh

# Trigger Notification
if [ "$PAM_TYPE" = "open_session" ]; then

SLACK_CHANNEL=""
SLACK_TOKEN=""
URL="https://slack.com/api/chat.postMessage"

HOSTNAME=$(hostname -f)
IPADDR=$(hostname -I | awk '{print $1}')
TEXT="$PAM_USER logged in to $HOSTNAME ($IPADDR) from $PAM_RHOST"
PARAMS="token=$SLACK_TOKEN&channel=$SLACK_CHANNEL&text=$TEXT"

curl -s --max-time 5 -d "$PARAMS" -X POST $URL > /dev/null

fi