Written by In this article, We are going to setup linux vps login alert based on PAM using Telegram Bot. I am assuming you already have a vps and know how to use ssh to login.
1. Create a Telegram Bot and Get the Access Token
To create a Telegram bot, we will need a telegram account.
- Download the telegram app and install it.
- Search for BotFather and send a message:
\newbot - The BotFather will ask you for your botname and bot-username
- Remeber the bot username must end with the word
_bot - After you provide the botname and bot username It will provide you an accesss-token. Example:
110201543:AAHdqTcvCH1vGWJxfSeofSAs0K5PALDsaw - Search your bot and, start a conversation with it by tapping on
\start
** The example access tokens of this article are some randomly generated character sequences, just to give you some idea. Please, remember, Access Token is a very sensitive Information. So, don’t share it publicly.
I will encourage you to read the Telegram Bot Documentation to learn more about telegram bots
2. Get your Telegram ID using GET
Now that you have your telegram account and bot ready, verify that your access token is working by making a GET request to the following url:
Send GET Request using Curl
curl "https://api.telegram.org/bot<your access_token>/getUpdates"
replace <your access_token> with the access token you got from BotFather example:
curl "https://api.telegram.org/bot110201543:AAHdqTcvCH1vGWJxfSeofSAs0K5PALDsaw/getUpdates"
Or, Send GET Request using Wget
wget -qO- "https://api.telegram.org/bot<your access_token>/getUpdates"
replace <your access_token> with the access token you got from BotFather example:
wget -qO- "https://api.telegram.org/bot110201543:AAHdqTcvCH1vGWJxfSeofSAs0K5PALDsaw/getUpdates"
Using any of the above method you will get a json response like below:
{"ok":true,"result":[{"update_id":2052820582502,
"message":{"message_id":1,"from":{"id":250235920862,"is_bot":false,"first_name":"Wasi"},"chat":{"id":250235920862,"first_name":"Your Name","type":"private"},"date":1551700380,"text":"/start","entities":[{"offset":0,"length":6,"type":"bot_command"}]}}]}
Checkout the first name and verify that it’s you. After that copy the id. In the above example my chat id is given as: 250235920862
You will get something similar just store it somewhere so that you can use it later.
Send a Test Message
Now, that we have access_token and chat_id we can easily send message using telegram bot api. All you have to do is send a post request to the \sendMessage endpoint with access_token and chat_id as payload
example:
curl -s -d "chat_id=250235920862&text=Test Message" https://api.telegram.org/bot110201543:AAHdqTcvCH1vGWJxfSeofSAs0K5PALDsaw/sendMessage
Note that we are sending a message: “Test Message” 110201543:AAHdqTcvCH1vGWJxfSeofSAs0K5PALDsaw is the access token and 250235920862 is the chat id. Obviously, you will have to replace them with your own access_token and chat_id respectively.
3. Automate an Alert Message using Bash Script
If you are using Linux you can just automate the whole thing with a pre-saved message using a bash script like below:
!/bin/bash
ACCESS_TOKEN="<access_token>"
URL="https://api.telegram.org/bot$ACCESS_TOKEN/sendMessage"
CHAT_ID="<telegram_chat_id>" # Telegram id from /getUpdates
MESSAGE="*Login Alert*: $(date '+%Y-%m-%d %H:%M:%S %Z')
username: $PAM_USER
hostname: $HOSTNAME
remote host: $PAM_RHOST
remote user: $PAM_RUSER
service: $PAM_SERVICE
tty: $PAM_TTY"
PAYLOAD="chat_id=$CHAT_ID&text=$MESSAGE&disable_web_page_preview=true&parse_mode=Markdown"
curl -s --max-time 13 --retry 3 --retry-delay 3 --retry-max-time 13 -d "$PAYLOAD" $URL > /dev/null 2>&1 &
Go ahead type nano /usr/local/bin/telegram_bot.sh in your terminal.
It will open up a text editor (You can also use your preferred text editor) and paste the above code in the text editor.
Don’t forget to replace the ACCESS_TOKEN and, CHAT_ID with yours.
Hit ctrl + x if you are using nano and save the file. This will create a `telegram_bot.sh` script in the /usr/local/bin directory. You might need root/sudo permission if you are not root. Here we are using some PAM Environment Variables so that, we can output username, remote host, remote user, service, tty etc. Feel free to customize the message the way you want.
make sure it runs properly by executing the script:
cd /usr/local/bin
./telegram_bot.sh
You will get a message in your telegram from your Bot if everything works.
4. Schedule Execution in Login Event using PAM
Now, just edit the file: /etc/pam.d/common-session and append the following line in the bottom:
session optional pam_exec.so type=open_session seteuid /usr/local/bin/telegram_bot.sh
For Redhat or similar distro you might have to edit the file: /etc/pam.d/system-auth instead!
Now, try to login using ssh and, you should receive a alert from your bot if everything works correctly! If it is not working, just go through each and every step carefully again or, let me know in the comment section. I will try to help you fix the issue.
wasi0013 