Initial import

2024-07-12 14:38:33 +02:00 · 2024-07-12 14:38:33 +02:00 · 83f0e827c6
commit 83f0e827c6
10 changed files with 172 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,4 @@
 *.retry
 */__pycache__
 *.pyc
 .cache
--- a/.yamllint
+++ b/.yamllint
@ -0,0 +1,11 @@
 ---
 extends: default
 rules:
  line-length:
    max: 120
    level: warning
 ignore: |
  .github/stale.yml
  .travis.yml
--- a/README.md
+++ b/README.md
@ -0,0 +1,71 @@
 # Ansible Role: Notify SSH Login via Ntfy
 This Ansible role automates the setup for sending notifications whenever a user logs in to your Linux servers via SSH. It intercepts successful SSH connections using PAM and triggers a script to send an HTTP request with details about the login event.
 ## Features
 * Integrates with PAM to capture successful SSH login attempts.
 * Uses a customizable script to send notifications via an HTTP request.
 * Supports sending notifications to services like ntfy.sh (configurable).
 * Includes Molecule test suite using Vagrant for automated testing.
 ## Requirements
 * Ansible >= 2.9
 * Python package `requests` (for Molecule tests)
 ## Role Variables
 The role utilizes the following default variables, which can be overridden in your playbook:
 * `docker_install_compose_plugin` (bool): Whether to install the Docker Compose plugin (defaults to `false`).
 * `docker_compose_package` (str): Package name for Docker Compose (defaults to `docker-compose`).
 **Additional variables are defined within the role's defaults/main.yml file.**
 ## Usage
 1. **Clone or copy the role directory.**
 2. **Include the role in your playbook:**
 ```yaml
 ---
 - name: Notify SSH logins
  hosts: all
  become: true
  roles:
    - notify_ssh_login
 ```
 3. **Customize variables (optional):**
 Override any default variables in your playbook's `vars` section.
 4. **Run the playbook:**
 ```bash
 ansible-playbook your_playbook.yml
 ```
 ## Testing
 The role includes a Molecule test suite that utilizes Vagrant to provision a test environment. To execute the tests:
 1. Ensure Vagrant and VirtualBox are installed.
 2. Navigate to the role directory.
 3. Run the following commands:
 ```bash
 molecule init
 molecule converge
 molecule verify
 ```
 ### Contributing
 We welcome contributions to this role! Please see the contributing guidelines in the `CONTRIBUTING.md` file for details.
 ### License
 This role is licensed under the MIT License. See the `LICENSE` file for details.
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -0,0 +1,4 @@
 ---
 # Variables par défaut pour le rôle de notification de connexion SSH
 ntfy_topic: "votre_sujet_ntfy"  # Remplacer par votre sujet ntfy.sh
--- a/files/notify_login.sh
+++ b/files/notify_login.sh
@ -0,0 +1,15 @@
 #!/bin/bash
 # Récupérer les variables d'environnement
 USER=$PAM_USER
 HOST=$PAM_RHOST
 IPADDR=$PAM_RHOSTADDR
 SESSION=$PAM_TTY
 # Envoyer une notification via ntfy.sh (remplacer "your_topic" par votre sujet ntfy)
 curl -X POST https://ntfy.sh/your_topic \
  -d '{
    "title": "Connexion SSH",
    "message": "Utilisateur '$USER' connecté depuis '$HOST' ($IPADDR) - Session: '$SESSION'",
    "priority": 1
  }'
--- a/meta/main.yml
+++ b/meta/main.yml
--- a/molecule/default.yml
+++ b/molecule/default.yml
@ -0,0 +1,23 @@
 ---
 driver: vagrant
 verifier:
  name: testinfra
 provisioner:
  name: ansible
  playbooks:
    - provision.yml
 platforms:
  - name: default
    config:
      vm:
        box: bento/ubuntu-18.04
      network:
        private_network: true
 lint:
  name: ansible-lint
  playbooks:
    - provision.yml
--- a/molecule/provision.yml
+++ b/molecule/provision.yml
@ -0,0 +1,6 @@
 ---
 - name: Provision SSH login notification role
  hosts: all
  become: true
  roles:
    - notify_ssh_login
--- a/molecule/testinfra/test_login_notifications.py
+++ b/molecule/testinfra/test_login_notifications.py
@ -0,0 +1,12 @@
 import os
 import testinfra.utils.commands as commands
 def test_login_notification_is_sent():
    # Vérifier que la notification a été envoyée
    notification_file = os.path.join('/tmp', 'login_notification.json')
    assert commands.check_output('test -f {}'.format(notification_file)) == 0
    # Vérifier le contenu du fichier de notification
    notification_data = json.loads(commands.check_output('cat {}'.format(notification_file)))
    assert notification_data['title'] == 'Connexion SSH'
    assert notification_data['message'].startswith('Utilisateur')
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,26 @@
 ---
 - name: Notify SSH logins
  hosts: all
  become: true
  tasks:
    - name: Install curl
      apt:
        name: curl
        state: latest
      when: not ansible_facts['packages']['curl'] is defined
    - name: Copy PAM module
      copy:
        src: files/pam_ssh_auth.conf
        dest: /etc/pam.d/ssh
        owner: root
        group: root
        mode: 0644
    - name: Copy notification script
      copy:
        src: tasks/notify_login.sh
        dest: /usr/local/bin/notify_login.sh
        owner: root
        group: root
        mode: 0755