Everbrent/cis
8
0
Fork 0
mirror of https://github.com/m8tin/cis.git synced 2026-06-02 14:56:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refactoring and using base.module.sh

Browse Source
This commit is contained in:
m8in
2026-05-14 13:55:17 +02:00
parent 93d2be1629
commit a59eee660d
1 changed files with 49 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files
script/host/pam/ssh-notify-root-login.sh
+49 -24
View File
@@ -1,12 +1,9 @@
#!/bin/bash #!/bin/bash
source /cis/core/base.module.sh
_FULL_SCRIPTNAME="$(readlink -f "${0}" 2> /dev/null)" _LOGFILE="/var/log/${CIS[SCRIPTNAME]?:"Missing SCRIPTNAME"}.log"
_SCRIPTNAME=${_FULL_SCRIPTNAME##*/}
_LOGFILE="/var/log/${_SCRIPTNAME?:"Missing SCRIPTNAME"}.log"
_EMAIL_ADDRESS="" _EMAIL_ADDRESS=""
_SLACK_WEBHOOK_URL="" _SLACK_WEBHOOK_URL=""
readonly _FULL_SCRIPTNAME _SCRIPTNAME
@@ -56,38 +53,66 @@ function sendSlackMessage() {
return 1 return 1
} }
function notify() {
if [ "$PAM_TYPE" != "close_session" ] && [ "${PAM_USER}" != "" ]; then
# Log root logins only
[ "${PAM_USER}" != "root" ] \
&& exit 0
# Skip logins from private IPs
echo "${PAM_RHOST}" | grep -Eq "^192\.168\..*$" \
&& exit 0
_MESSAGE="[$(date --rfc-3339=seconds)] - Login from IP: '${PAM_RHOST}' as user 'root@$(hostname)'"
log "${_MESSAGE}"
sendEMail "${_MESSAGE}"
sendSlackMessage "${_MESSAGE}"
return 0
fi
return 1
}
function setup() { function setup() {
local _COMMAND _PAM_FILE local _COMMAND _PAM_FILE
_COMMAND="session optional pam_exec.so ${_FULL_SCRIPTNAME?:"Missing FULL_SCRIPTNAME"}" _COMMAND="session optional pam_exec.so ${CIS[FULLSCRIPTNAME]?:"Missing FULL_SCRIPTNAME"} --notify"
_PAM_FILE="/etc/pam.d/sshd" _PAM_FILE="/etc/pam.d/sshd"
readonly _COMMAND _PAM_FILE readonly _COMMAND _PAM_FILE
! [ -f "${_PAM_FILE}" ] \
&& printf "FAILURE: Missing file: %s\n" "${_PAM_FILE:?"Missing PAM_FILE"}" >&2 \
&& exit 1
# Lines are already appended, so nothing is to do, therefore no setup. # Lines are already appended, so nothing is to do, therefore no setup.
grep -Fq "/${_SCRIPTNAME?:"Missing SCRIPTNAME"}" "${_PAM_FILE:?"Missing PAM_FILE"}" \ grep -q -F "/${CIS[SCRIPTNAME]?:"Missing SCRIPTNAME"}" "${_PAM_FILE}" \
&& return 1 && return 1
# Append command to call this script, which is the setup. # Append command to call this script, which is the setup.
[ -f "${_PAM_FILE}" ] \ printf "Appending the following command to file '%s':\n - %s\n" "${_PAM_FILE}" "${_COMMAND}" >&2 \
&& echo -e "\n#Call this script on each ssh-login\n${_COMMAND}" >> "${_PAM_FILE}" && printf "\n#Call this script on each ssh-login\n%s\n" "${_COMMAND}" >> "${_PAM_FILE}" \
&& printf "SUCCESS: Setup completed.\n" >&2 \
&& return 0
return 0 printf "FAILURE: Setup of '%s' failed.\n" "${CIS[SCRIPTNAME]}" >&2
exit 1
} }
if [ "$PAM_TYPE" != "close_session" ] && ! setup && [ "${PAM_USER}" != "" ]; then case "${1}" in
# Log root logins only --notify)
[ "${PAM_USER}" != "root" ] \ notify && exit 0
&& exit 0 exit 1
;;
# Skip logins from private IPs --setup)
echo "${PAM_RHOST}" | grep -Eq "^192\.168\..*$" \ setup && exit 0
&& exit 0 exit 1
;;
_MESSAGE="[$(date --rfc-3339=seconds)] - Login from IP: '${PAM_RHOST}' as user 'root@$(hostname)'" *)
echo "Run '${CIS[SCRIPTNAME]} --setup' to register this script."
exit 0
;;
log "${_MESSAGE}" esac
sendEMail "${_MESSAGE}"
sendSlackMessage "${_MESSAGE}"
fi
exit 0