commit 83f0e827c62deb8723d8691fdccc8d975d2905dd Author: Glenn Date: Fri Jul 12 14:38:33 2024 +0200 Initial import diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..554cc54 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +*.retry +*/__pycache__ +*.pyc +.cache diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..05d12b9 --- /dev/null +++ b/.yamllint @@ -0,0 +1,11 @@ +--- +extends: default + +rules: + line-length: + max: 120 + level: warning + +ignore: | + .github/stale.yml + .travis.yml \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..54b651a --- /dev/null +++ b/README.md @@ -0,0 +1,71 @@ + +# Ansible Role: Notify SSH Login via Ntfy + +This Ansible role automates the setup for sending notifications whenever a user logs in to your Linux servers via SSH. It intercepts successful SSH connections using PAM and triggers a script to send an HTTP request with details about the login event. + +## Features + +* Integrates with PAM to capture successful SSH login attempts. +* Uses a customizable script to send notifications via an HTTP request. +* Supports sending notifications to services like ntfy.sh (configurable). +* Includes Molecule test suite using Vagrant for automated testing. + +## Requirements + +* Ansible >= 2.9 +* Python package `requests` (for Molecule tests) + +## Role Variables + +The role utilizes the following default variables, which can be overridden in your playbook: + +* `docker_install_compose_plugin` (bool): Whether to install the Docker Compose plugin (defaults to `false`). +* `docker_compose_package` (str): Package name for Docker Compose (defaults to `docker-compose`). + +**Additional variables are defined within the role's defaults/main.yml file.** + +## Usage + +1. **Clone or copy the role directory.** +2. **Include the role in your playbook:** + +```yaml +--- +- name: Notify SSH logins + hosts: all + become: true + roles: + - notify_ssh_login +``` + +3. **Customize variables (optional):** + +Override any default variables in your playbook's `vars` section. + +4. **Run the playbook:** + +```bash +ansible-playbook your_playbook.yml +``` + +## Testing + +The role includes a Molecule test suite that utilizes Vagrant to provision a test environment. To execute the tests: + +1. Ensure Vagrant and VirtualBox are installed. +2. Navigate to the role directory. +3. Run the following commands: + +```bash +molecule init +molecule converge +molecule verify +``` + +### Contributing + +We welcome contributions to this role! Please see the contributing guidelines in the `CONTRIBUTING.md` file for details. + +### License + +This role is licensed under the MIT License. See the `LICENSE` file for details. diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..41a0a00 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,4 @@ +--- +# Variables par défaut pour le rôle de notification de connexion SSH + +ntfy_topic: "votre_sujet_ntfy" # Remplacer par votre sujet ntfy.sh diff --git a/files/notify_login.sh b/files/notify_login.sh new file mode 100644 index 0000000..22f6d5e --- /dev/null +++ b/files/notify_login.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +# Récupérer les variables d'environnement +USER=$PAM_USER +HOST=$PAM_RHOST +IPADDR=$PAM_RHOSTADDR +SESSION=$PAM_TTY + +# Envoyer une notification via ntfy.sh (remplacer "your_topic" par votre sujet ntfy) +curl -X POST https://ntfy.sh/your_topic \ + -d '{ + "title": "Connexion SSH", + "message": "Utilisateur '$USER' connecté depuis '$HOST' ($IPADDR) - Session: '$SESSION'", + "priority": 1 + }' diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/molecule/default.yml b/molecule/default.yml new file mode 100644 index 0000000..e53ac3b --- /dev/null +++ b/molecule/default.yml @@ -0,0 +1,23 @@ +--- +driver: vagrant + +verifier: + name: testinfra + +provisioner: + name: ansible + playbooks: + - provision.yml + +platforms: + - name: default + config: + vm: + box: bento/ubuntu-18.04 + network: + private_network: true + +lint: + name: ansible-lint + playbooks: + - provision.yml diff --git a/molecule/provision.yml b/molecule/provision.yml new file mode 100644 index 0000000..12b09c4 --- /dev/null +++ b/molecule/provision.yml @@ -0,0 +1,6 @@ +--- +- name: Provision SSH login notification role + hosts: all + become: true + roles: + - notify_ssh_login diff --git a/molecule/testinfra/test_login_notifications.py b/molecule/testinfra/test_login_notifications.py new file mode 100644 index 0000000..ff4ab8a --- /dev/null +++ b/molecule/testinfra/test_login_notifications.py @@ -0,0 +1,12 @@ +import os +import testinfra.utils.commands as commands + +def test_login_notification_is_sent(): + # Vérifier que la notification a été envoyée + notification_file = os.path.join('/tmp', 'login_notification.json') + assert commands.check_output('test -f {}'.format(notification_file)) == 0 + + # Vérifier le contenu du fichier de notification + notification_data = json.loads(commands.check_output('cat {}'.format(notification_file))) + assert notification_data['title'] == 'Connexion SSH' + assert notification_data['message'].startswith('Utilisateur') diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..c716834 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,26 @@ +--- +- name: Notify SSH logins + hosts: all + become: true + tasks: + - name: Install curl + apt: + name: curl + state: latest + when: not ansible_facts['packages']['curl'] is defined + + - name: Copy PAM module + copy: + src: files/pam_ssh_auth.conf + dest: /etc/pam.d/ssh + owner: root + group: root + mode: 0644 + + - name: Copy notification script + copy: + src: tasks/notify_login.sh + dest: /usr/local/bin/notify_login.sh + owner: root + group: root + mode: 0755