SSH Login notification using Telegram bot

Using Telepot and pam.d we can set a simple script that notifies any successful login on our Linux box thru Telegram.

Bot setup

BotFather is the Telegram Bot to create Bots. Call it and create a new bot using /newbot. Grab the token. We will use it in a while

Notification script

I wrote it on Python, you may want to set your chat_id and your Telegram Bot ID.

Create a folder at /etc/pam.scripts

sudo mkdir /etc/pam.scripts

And place the Python code inside

sudo cp notify.py /etc/pam.scripts/

And grant execution permissions

sudo chmod +x /etc/pam.scripts/notify.py

Pam.d configuration

Edit sshd pam.d config file

sudo vim /etc/pam.d/sshd

And append the following line

session   required  pam_exec.so         /etc/pam.script/notify.py

Testing

Elasticsearch Kibana authentication using SAML and Okta

As we’re running Elasticsearch inside a VPC, everyone at the office could access directly to the Kibana endpoint and do nasty things. For now we just wanted to limit the access to certain people/groups we analyzed several options as

  • Make a SSH tunnel – Nasty solution, doesn’t scale at all, hard to configure, need user knowledge on how SSH tunnels works
  • Authentication using just Cognito – Limited to Cognito user pools, cannot be linked to IAM users, need to maintain 3 user groups (IAM, LDAP/Okta and Cognito), doesn’t scale at all.
  • Authentication using SAML and Okta: the preferred way. We have Okta for most of our applications, it works well with SAML so we gave a try
Continue reading Elasticsearch Kibana authentication using SAML and Okta