Initial import

2024-07-12 14:38:33 +02:00 · 2024-07-12 14:38:33 +02:00 · 83f0e827c6
commit 83f0e827c6
10 changed files with 172 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,4 @@
+*.retry
+*/__pycache__
+*.pyc
+.cache
--- a/.yamllint
+++ b/.yamllint
@ -0,0 +1,11 @@
+---
+extends: default
+
+rules:
+  line-length:
+    max: 120
+    level: warning
+
+ignore: |
+  .github/stale.yml
+  .travis.yml
--- a/README.md
+++ b/README.md
@ -0,0 +1,71 @@
+
+# Ansible Role: Notify SSH Login via Ntfy
+
+This Ansible role automates the setup for sending notifications whenever a user logs in to your Linux servers via SSH. It intercepts successful SSH connections using PAM and triggers a script to send an HTTP request with details about the login event.
+
+## Features
+
+* Integrates with PAM to capture successful SSH login attempts.
+* Uses a customizable script to send notifications via an HTTP request.
+* Supports sending notifications to services like ntfy.sh (configurable).
+* Includes Molecule test suite using Vagrant for automated testing.
+
+## Requirements
+
+* Ansible >= 2.9
+* Python package `requests` (for Molecule tests)
+
+## Role Variables
+
+The role utilizes the following default variables, which can be overridden in your playbook:
+
+* `docker_install_compose_plugin` (bool): Whether to install the Docker Compose plugin (defaults to `false`).
+* `docker_compose_package` (str): Package name for Docker Compose (defaults to `docker-compose`).
+
+**Additional variables are defined within the role's defaults/main.yml file.**
+
+## Usage
+
+1. **Clone or copy the role directory.**
+2. **Include the role in your playbook:**
+
+```yaml
+---
+- name: Notify SSH logins
+  hosts: all
+  become: true
+  roles:
+    - notify_ssh_login
+```
+
+3. **Customize variables (optional):**
+
+Override any default variables in your playbook's `vars` section.
+
+4. **Run the playbook:**
+
+```bash
+ansible-playbook your_playbook.yml
+```
+
+## Testing
+
+The role includes a Molecule test suite that utilizes Vagrant to provision a test environment. To execute the tests:
+
+1. Ensure Vagrant and VirtualBox are installed.
+2. Navigate to the role directory.
+3. Run the following commands:
+
+```bash
+molecule init
+molecule converge
+molecule verify
+```
+
+### Contributing
+
+We welcome contributions to this role! Please see the contributing guidelines in the `CONTRIBUTING.md` file for details.
+
+### License
+
+This role is licensed under the MIT License. See the `LICENSE` file for details.
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -0,0 +1,4 @@
+---
+# Variables par défaut pour le rôle de notification de connexion SSH
+
+ntfy_topic: "votre_sujet_ntfy"  # Remplacer par votre sujet ntfy.sh
--- a/files/notify_login.sh
+++ b/files/notify_login.sh
@ -0,0 +1,15 @@
+#!/bin/bash
+
+# Récupérer les variables d'environnement
+USER=$PAM_USER
+HOST=$PAM_RHOST
+IPADDR=$PAM_RHOSTADDR
+SESSION=$PAM_TTY
+
+# Envoyer une notification via ntfy.sh (remplacer "your_topic" par votre sujet ntfy)
+curl -X POST https://ntfy.sh/your_topic \
+  -d '{
+    "title": "Connexion SSH",
+    "message": "Utilisateur '$USER' connecté depuis '$HOST' ($IPADDR) - Session: '$SESSION'",
+    "priority": 1
+  }'
--- a/meta/main.yml
+++ b/meta/main.yml
--- a/molecule/default.yml
+++ b/molecule/default.yml
@ -0,0 +1,23 @@
+---
+driver: vagrant
+
+verifier:
+  name: testinfra
+
+provisioner:
+  name: ansible
+  playbooks:
+    - provision.yml
+
+platforms:
+  - name: default
+    config:
+      vm:
+        box: bento/ubuntu-18.04
+      network:
+        private_network: true
+
+lint:
+  name: ansible-lint
+  playbooks:
+    - provision.yml
--- a/molecule/provision.yml
+++ b/molecule/provision.yml
@ -0,0 +1,6 @@
+---
+- name: Provision SSH login notification role
+  hosts: all
+  become: true
+  roles:
+    - notify_ssh_login
--- a/molecule/testinfra/test_login_notifications.py
+++ b/molecule/testinfra/test_login_notifications.py
@ -0,0 +1,12 @@
+import os
+import testinfra.utils.commands as commands
+
+def test_login_notification_is_sent():
+    # Vérifier que la notification a été envoyée
+    notification_file = os.path.join('/tmp', 'login_notification.json')
+    assert commands.check_output('test -f {}'.format(notification_file)) == 0
+
+    # Vérifier le contenu du fichier de notification
+    notification_data = json.loads(commands.check_output('cat {}'.format(notification_file)))
+    assert notification_data['title'] == 'Connexion SSH'
+    assert notification_data['message'].startswith('Utilisateur')
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,26 @@
+---
+- name: Notify SSH logins
+  hosts: all
+  become: true
+  tasks:
+    - name: Install curl
+      apt:
+        name: curl
+        state: latest
+      when: not ansible_facts['packages']['curl'] is defined
+
+    - name: Copy PAM module
+      copy:
+        src: files/pam_ssh_auth.conf
+        dest: /etc/pam.d/ssh
+        owner: root
+        group: root
+        mode: 0644
+
+    - name: Copy notification script
+      copy:
+        src: tasks/notify_login.sh
+        dest: /usr/local/bin/notify_login.sh
+        owner: root
+        group: root
+        mode: 0755