Getting notified about SSH logins

Sep 2021

I recently finished reading Linux Hardening in Hostile Networks by Kyle Rankin. I liked the book a lot.

In chapter 3 Kyle discusses creating a syslogs server from which you might monitor authentication events on other machines. That seemed like a nice idea so I set one up and documented the process here.

There was a missing ‘notification’ component in my system though so I set about building something to close that gap. The result was this:

A Discord message I get sent whenever someone logs into one of my machines. The system for sending these runs on my syslogs machine and is based on the logs that get sent to it. All of my machines are thus covered.

As an experiment you can purchase a copy of this source code for $5. It comes with an installer script that will automatically configure the notification system on your machine. It is also open source.