mmichaelb · October 17, 2024 08:39 · Nov 2, 2021 · Jan 31, 2021 · Jan 4, 2021 · Jan 4, 2021
diff --git a/Telegram_SSH_Login_notifier.md b/Telegram_SSH_Login_notifier.md
@@ -1,6 +1,6 @@
 # "Intelligent" Telegram SSH Login notifier on Linux using PAM
 
-This login notifier uses IP information to silent telegram notifications if the login source seem to be trustable.
+This login notifier uses IP information to send silent telegram notifications if the login source seem to be trustable.
 
 ## Telegram Bot setup
 

diff --git a/telegram-send b/telegram-send
@@ -26,4 +26,4 @@ if [ "$#" -ne 2 ]; then
     exit 0
 fi
 
-curl -s --data "text=$2" --data "chat_id=$GROUP_ID" --data "parse_mode=HTML" --data "disable_notification=$silent" 'https://api.telegram.org/bot'$BOT_TOKEN'/sendMessage' > /dev/null
+curl -s --data-urlencode "text=$2" --data "chat_id=$GROUP_ID" --data "parse_mode=HTML" --data "disable_notification=$silent" 'https://api.telegram.org/bot'$BOT_TOKEN'/sendMessage' > /dev/null
diff --git a/Telegram_SSH_Login_notifier.md b/Telegram_SSH_Login_notifier.md
@@ -21,6 +21,13 @@ After setting up the Telegram script you may now create the notify script itself
 [`login-notify.sh`](#file-login-notify-sh) file to `/etc/pam_scripts/login-notify.sh` and run `chmod +x /etc/pam_scripts/login-notify.sh` in order to make this script executable, too.
 **Make sure to replace the placeholders with your custom values**
 
+### Install JSON parser jq
+
+If not installed, you have to install the JSON parser `jq`. When using a Debian/Ubuntu system, the package can be installed by running:
+```bash
+sudo apt install jq
+```
+
 ## PAM Notification setup
 
 Finally you have to set up the PAM part by adding the following line to your `/etc/pam.d/sshd` file:

diff --git a/Telegram_SSH_Login_notifier.md b/Telegram_SSH_Login_notifier.md
@@ -8,8 +8,8 @@ First, please read [this awesome Medium tutorial](https://bogkonstantin.medium.c
 
 ## Telegram Linux setup
 
-In order to send Telegram messages, you have to copy and paste the [`telegram-send.sh`](#file-telegram-send-sh) file to `/usr/bin/telegram-send.sh` and run 
-`chmod +x /usr/bin/telegram-send.sh` in order to make the script executable. **Make sure to replace the placeholders
+In order to send Telegram messages, you have to copy and paste the [`telegram-send`](#file-telegram-send) file to `/usr/bin/telegram-send` and run 
+`chmod +x /usr/bin/telegram-send` in order to make the script executable. **Make sure to replace the placeholders
 with your custom values**
 
 After that, you can already send messages to your Telegram channel by typing `telegram-send FALSE This is a Telegram test`. 

diff --git a/telegram-send.sh → telegram-send b/telegram-send.sh → telegram-send
diff --git a/Telegram_SSH_Login_notifier.md b/Telegram_SSH_Login_notifier.md
@@ -1,4 +1,4 @@
-# "Intelligent" Telegram SSH Login notifier on Linux using PEM
+# "Intelligent" Telegram SSH Login notifier on Linux using PAM
 
 This login notifier uses IP information to silent telegram notifications if the login source seem to be trustable.
 

diff --git a/README.md → Telegram_SSH_Login_notifier.md b/README.md → Telegram_SSH_Login_notifier.md
diff --git a/README.md b/README.md
@@ -8,7 +8,7 @@ First, please read [this awesome Medium tutorial](https://bogkonstantin.medium.c
 
 ## Telegram Linux setup
 
-In order to send Telegram messages, you have to copy and paste the [`telegram-send.sh`](#file-login-notify-sh) file to `/usr/bin/telegram-send.sh` and run 
+In order to send Telegram messages, you have to copy and paste the [`telegram-send.sh`](#file-telegram-send-sh) file to `/usr/bin/telegram-send.sh` and run 
 `chmod +x /usr/bin/telegram-send.sh` in order to make the script executable. **Make sure to replace the placeholders
 with your custom values**
 
@@ -18,7 +18,7 @@ This first argument specifies whether the message should be silent or not.
 ## Script setup
 
 After setting up the Telegram script you may now create the notify script itself by copy and pasting the 
-[`login-notify.sh`](#login-notify-sh) file to `/etc/pam_scripts/login-notify.sh` and run `chmod +x /etc/pam_scripts/login-notify.sh` in order to make this script executable, too.
+[`login-notify.sh`](#file-login-notify-sh) file to `/etc/pam_scripts/login-notify.sh` and run `chmod +x /etc/pam_scripts/login-notify.sh` in order to make this script executable, too.
 **Make sure to replace the placeholders with your custom values**
 
 ## PAM Notification setup

diff --git a/README.md b/README.md
@@ -8,7 +8,7 @@ First, please read [this awesome Medium tutorial](https://bogkonstantin.medium.c
 
 ## Telegram Linux setup
 
-In order to send Telegram messages, you have to copy and paste the `telegram-send.sh` file to `/usr/bin/telegram-send.sh` and run 
+In order to send Telegram messages, you have to copy and paste the [`telegram-send.sh`](#file-login-notify-sh) file to `/usr/bin/telegram-send.sh` and run 
 `chmod +x /usr/bin/telegram-send.sh` in order to make the script executable. **Make sure to replace the placeholders
 with your custom values**
 
@@ -18,7 +18,7 @@ This first argument specifies whether the message should be silent or not.
 ## Script setup
 
 After setting up the Telegram script you may now create the notify script itself by copy and pasting the 
-`login-notify.sh` file to `/etc/pam_scripts/login-notify.sh` and run `chmod +x /etc/pam_scripts/login-notify.sh` in order to make this script executable, too.
+[`login-notify.sh`](#login-notify-sh) file to `/etc/pam_scripts/login-notify.sh` and run `chmod +x /etc/pam_scripts/login-notify.sh` in order to make this script executable, too.
 **Make sure to replace the placeholders with your custom values**
 
 ## PAM Notification setup

diff --git a/README.md b/README.md
@@ -0,0 +1,40 @@
+# "Intelligent" Telegram SSH Login notifier on Linux using PEM
+
+This login notifier uses IP information to silent telegram notifications if the login source seem to be trustable.
+
+## Telegram Bot setup
+
+First, please read [this awesome Medium tutorial](https://bogkonstantin.medium.com/send-messages-to-telegram-on-ssh-login-to-server-90622b170dc7) on how to setup the Telegram bot.
+
+## Telegram Linux setup
+
+In order to send Telegram messages, you have to copy and paste the `telegram-send.sh` file to `/usr/bin/telegram-send.sh` and run 
+`chmod +x /usr/bin/telegram-send.sh` in order to make the script executable. **Make sure to replace the placeholders
+with your custom values**
+
+After that, you can already send messages to your Telegram channel by typing `telegram-send FALSE This is a Telegram test`. 
+This first argument specifies whether the message should be silent or not.
+
+## Script setup
+
+After setting up the Telegram script you may now create the notify script itself by copy and pasting the 
+`login-notify.sh` file to `/etc/pam_scripts/login-notify.sh` and run `chmod +x /etc/pam_scripts/login-notify.sh` in order to make this script executable, too.
+**Make sure to replace the placeholders with your custom values**
+
+## PAM Notification setup
+
+Finally you have to set up the PAM part by adding the following line to your `/etc/pam.d/sshd` file:
+```bash
+# Login Telegram Notification
+session optional pam_exec.so /etc/pam_scripts/login-notify.sh
+```
+
+After you did that, you should be good to go and be notified when you login onto your Linux machine using ssh.
+
+## Credits
+
+Base articles this tutorial is based on:
+- https://bogkonstantin.medium.com/send-messages-to-telegram-on-ssh-login-to-server-90622b170dc7
+- https://www.vpsinfo.com/post/email-alert-ssh-login/
+IP Information API:
+https://ipapi.co/
diff --git a/login-notify.sh b/login-notify.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+YOUR_ISP="<YOUR ISP>"
+YOUR_CITY="<YOUR CITY>"
+
+if [ ! ${PAM_TYPE} = "open_session" ]; then
+        exit 0
+fi
+
+# prepare any message you want
+login_ip="$(echo $SSH_CONNECTION | cut -d " " -f 1)"
+login_ip_data=$(curl -s "https://ipapi.co/${login_ip}/json/")
+login_ip_city=$(echo -e $login_ip_data | jq -r ".city")
+login_ip_org=$(echo -e $login_ip_data | jq -r ".org")
+silent="FALSE"
+if [ "${login_ip_city}" == "${YOUR_CITY}" ] && [ "${login_ip_org}" == "${YOUR_ISP}" ]; then
+        silent="TRUE"
+fi
+login_date="$(date +"%e %b %Y, %a %r")"
+login_name="${PAM_USER}"
+login_hostname="$(hostname)"
+
+login_ip_country_name=$(echo -e $login_ip_data | jq -r ".country_name")
+login_ip_asn=$(echo -e $login_ip_data | jq -r ".asn")
+
+read -r -d '' message << EOM
+<b>${login_hostname}</b> ($login_name)
+IP: <b><a href="https://ipapi.co/${login_ip}">${login_ip}</a></b>
+City: ${login_ip_city} (${login_ip_country_name})
+Organization: ${login_ip_org} (${login_ip_asn})
+EOM
+
+#send it to telegram
+telegram-send $silent "$message"
diff --git a/telegram-send.sh b/telegram-send.sh
@@ -0,0 +1,29 @@
+# file located at /usr/bin/telegram-send.sh
+#!/bin/bash
+
+GROUP_ID=<TELEGRAM GROUP ID>
+BOT_TOKEN=<TELEGRAM BOT TOKEN>
+
+# this 3 checks (if) are not necessary but should be convenient
+if [ "$1" == "-h" ]; then
+  echo "Usage: `basename $0` \"text message\""
+  exit 0
+fi
+
+silent="false"
+if [ "$1" == "TRUE" ]; then
+        silent="true"
+fi
+
+if [ -z "$2" ]
+  then
+    echo "Add message text as second arguments"
+    exit 0
+fi
+
+if [ "$#" -ne 2 ]; then
+    echo "You can pass only two arguments. For string with spaces put it on quotes"
+    exit 0
+fi
+
+curl -s --data "text=$2" --data "chat_id=$GROUP_ID" --data "parse_mode=HTML" --data "disable_notification=$silent" 'https://api.telegram.org/bot'$BOT_TOKEN'/sendMessage' > /dev/null