diff --git a/ssh-notify/README.md b/ssh-notify/README.md index 985f8b7..b0314f4 100644 --- a/ssh-notify/README.md +++ b/ssh-notify/README.md @@ -29,6 +29,15 @@ vim /etc/ssh-notify/config.conf # edit in place chmod 600 /etc/ssh-notify/config.conf ``` +**Configuration Options:** + +- `EMAIL_RECIPIENT`: Email address to receive notifications +- `EMAIL_API_ENDPOINT`: API endpoint for sending emails +- `TELEGRAM_BOT_TOKEN`: Your Telegram bot token +- `TELEGRAM_CHAT_ID`: Telegram chat ID to receive notifications +- `PAM_TRANSPORTS`: Space-separated list of transports for PAM mode (e.g., `"telegram email"`, `"telegram"`, `"email"`) +- `LOG_FILE`: Path to log file (default: `/var/log/ssh-notify.log`) + ### 3. PAM configuration ```sh @@ -54,13 +63,13 @@ The `ssh-notify.logrotate` tells `logrotate` to rotate `/var/log/ssh‑notify.lo Feel free to contact me for collaboration on anything! -Yiğid BALABAN, <[fyb@fybx.dev][llmail]> +Yiğid BALABAN, <[hey@yigid.dev][llmail]> [My Website][llwebsite] • [X][llx] • [LinkedIn][lllinkedin] 2024 -[llmail]: mailto:fyb@fybx.dev -[llwebsite]: https://fybx.dev +[llmail]: mailto:hey@yigid.dev +[llwebsite]: https://yigid.dev [llx]: https://x.com/fybalaban -[lllinkedin]: https://linkedin.com/in/fybx +[lllinkedin]: https://linkedin.com/in/yigid diff --git a/ssh-notify/example.conf b/ssh-notify/example.conf index 43d34e4..962f329 100644 --- a/ssh-notify/example.conf +++ b/ssh-notify/example.conf @@ -6,5 +6,14 @@ EMAIL_API_ENDPOINT="https://mail-proxy.example.org/api/mail" TELEGRAM_BOT_TOKEN="" TELEGRAM_CHAT_ID="" +# Transport Configuration +# Space-separated list of transports to use when PAM triggers the script +# Valid options: email telegram +# Examples: +# PAM_TRANSPORTS="telegram email" # both +# PAM_TRANSPORTS="telegram" # only Telegram +# PAM_TRANSPORTS="email" # only Email +PAM_TRANSPORTS="telegram email" + # Log file for the notifier script LOG_FILE="/var/log/ssh-notify.log" \ No newline at end of file diff --git a/ssh-notify/ssh-notify.sh b/ssh-notify/ssh-notify.sh index 7e36bdf..987d16b 100644 --- a/ssh-notify/ssh-notify.sh +++ b/ssh-notify/ssh-notify.sh @@ -91,9 +91,47 @@ else exit 1 fi -# Ensure required config variables are set -if [[ -z "$EMAIL_RECIPIENT" || -z "$EMAIL_API_ENDPOINT" || -z "$TELEGRAM_BOT_TOKEN" || -z "$TELEGRAM_CHAT_ID" || -z "$LOG_FILE" ]]; then - ERR_MSG="ssh-notify Error: One or more required variables are missing in $CONFIG_FILE." +# Set default for PAM_TRANSPORTS if not specified +if [[ -z "$PAM_TRANSPORTS" ]]; then + PAM_TRANSPORTS="telegram email" +fi + +# Validate and parse PAM_TRANSPORTS +ENABLE_EMAIL=false +ENABLE_TELEGRAM=false +for transport in $PAM_TRANSPORTS; do + case "$transport" in + email) + ENABLE_EMAIL=true + ;; + telegram) + ENABLE_TELEGRAM=true + ;; + *) + ERR_MSG="ssh-notify Warning: Unknown transport '$transport' in PAM_TRANSPORTS. Valid options: email, telegram" + echo "$ERR_MSG" | systemd-cat -p warning -t 'ssh-notify' + echo "$ERR_MSG" >&2 + ;; + esac +done + +# Ensure required config variables are set based on enabled transports +if [[ "$ENABLE_EMAIL" == true && ( -z "$EMAIL_RECIPIENT" || -z "$EMAIL_API_ENDPOINT" ) ]]; then + ERR_MSG="ssh-notify Error: Email transport enabled but EMAIL_RECIPIENT or EMAIL_API_ENDPOINT missing in $CONFIG_FILE." + echo "$ERR_MSG" | systemd-cat -p err -t 'ssh-notify' + echo "$ERR_MSG" >&2 + exit 1 +fi + +if [[ "$ENABLE_TELEGRAM" == true && ( -z "$TELEGRAM_BOT_TOKEN" || -z "$TELEGRAM_CHAT_ID" ) ]]; then + ERR_MSG="ssh-notify Error: Telegram transport enabled but TELEGRAM_BOT_TOKEN or TELEGRAM_CHAT_ID missing in $CONFIG_FILE." + echo "$ERR_MSG" | systemd-cat -p err -t 'ssh-notify' + echo "$ERR_MSG" >&2 + exit 1 +fi + +if [[ -z "$LOG_FILE" ]]; then + ERR_MSG="ssh-notify Error: LOG_FILE missing in $CONFIG_FILE." echo "$ERR_MSG" | systemd-cat -p err -t 'ssh-notify' echo "$ERR_MSG" >&2 exit 1 @@ -162,8 +200,8 @@ send_telegram() { [[ "$TEST_TYPE" == "both" || "$TEST_TYPE" == "email" ]] && send_email [[ "$TEST_TYPE" == "both" || "$TEST_TYPE" == "telegram" ]] && send_telegram else - send_email - send_telegram + [[ "$ENABLE_EMAIL" == true ]] && send_email + [[ "$ENABLE_TELEGRAM" == true ]] && send_telegram fi ) &