Oxbian/matrix-monitoring

Fork 0

Go to file

Oxbian 16d02aa1c7 Oops forgot the actions in jail.local

2023-04-28 19:09:19 +02:00

Fail2Ban

Oops forgot the actions in jail.local

2023-04-28 19:09:19 +02:00

matrix-sender @ 217660d0cf

Adding logwatch documentation

2023-04-24 13:40:14 +02:00

.gitmodules

Adding matrix-sender submodules & logwatch.sh

2023-04-24 13:15:49 +02:00

LICENSE

Initial commit

2023-04-24 11:52:17 +02:00

Adding SSH notification script

2023-04-26 22:02:57 +02:00

logwatch.sh

Adding matrix-sender submodules & logwatch.sh

2023-04-24 13:15:49 +02:00

README.md

Adding Fail2Ban monitoring / matrix message

2023-04-28 19:03:32 +02:00

README.md

matrix-monitoring

Some scripts to monitor your server and send data to matrix. Those scripts use a matrix-sender, another script I made to send message to matrix.

Install

To install this project & load submodules, use:

git clone --recurse-submodules https://github.com/Oxbian/matrix-monitoring.git

Or you can use:

git clone https://github.com/Oxbian/matrix-monitoring.git
git submodule update --init --recursive

Update

To get the latest update from this repo, you will need to run those commands in the matrix-monitoring folder:

git stash
git pull origin main
git pull --recurse-submodules
git stash pop

Thanks to those commands you will be able to get the last update without losing your token & configurations.

Logwatch

First you need to configure matrix-sender, I recommend you to check the repo matrix-sender.

After that you need to edit logwatch.sh to add the matrix.sh absolute path.

Now you can add the script to your crontab, sudo crontab -e.

0 0 * * * /home/oxbian/matrix-monitoring/logwatch.sh

The script login-notify.sh will allow you to get a message when someone successfully open a SSH connection on your server.

First, you will need to have matrix-sender configured, then add the path of matrix.sh in the login-notify.sh script.

After that I recommand to create a symlink of this file in /etc/ssh and let the access to root only for security reason.

sudo ln -sf "$(pwd)/login-notify.sh" /etc/ssh/login-notify.sh 
sudo chown root:root /etc/ssh/login-notify.sh

After that you will need to add those lines in your pam configuration /etc/pam.d/sshd:

#Send a message on SSH connection
session optional pam_exec.so seteuid /etc/ssh/login-notify.sh

Fail2Ban

First you need to configure matrix-sender, I recommend you to check the repo matrix-sender.

After that you need to edit Fail2Ban/matrix.conf and change the absolute path to your matrix.sh script.

Once all this is done, you can copy the jail.local in your jail.d folder and matrix.conf in the action.d folder.

sudo ln -sf "$(pwd)/Fail2Ban/jail.local" /etc/fail2ban/jail.d/jail.local
sudo ln -sf "$(pwd)/Fail2Ban/matrix.conf" /etc/fail2ban/action.d/matrix.conf

After that just restart the fail2ban service and check for errors, and if you have some, fix them.

You will probably need to edit the jail.local script to your liking.

Contributing

If you want to contribute, make a pull request with your contribution.

License

This project is under the GPLv3 license, you can use it in your project but not in closed sources ones.
Sharing project is what make the world live, think about it.

README.md

matrix-monitoring

Install

Update

Logwatch

SSH Login

Fail2Ban

Contributing

License