aboutsummaryrefslogtreecommitdiff
path: root/README.txt
blob: a6fd356530c9b6defa9532e176f3b9a9ebd53473 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
sshblame - Notify to xmpp when ssh command executed on server
-------------------------------------------------------------


About
-----
sshblame is a shellscript for ssh hardening. Every time an ssh command is 
executed on server, the script sends a message to an xmpp recipient, wether
user or chatroom, notifying about with detailed info about client connected
and command executed.


Requirements
------------
- sendxmpp >= 1.24


Installation
------------
Download script and place it into any directory you want (for usefull reasons,
preferably '/usr/local/bin'). Remember give execution permissions. If you
prefer, you can also download example 'config' file within repository.


~$ git clone https://git.p4g.club/git/sshblame.git sshblame

~$ su -c "cp sshblame/sshblame.sh /usr/local/bin/sshblame"

~$ su -c "chmod +x /usr/local/bin/sshblame


Configuration
-------------
As sshblame is intended to perform actions when ssh connection is established,
'ForceCommand' directive must be defined in ssh server configuration. First,
edit script 'config' file with proper xmpp information. Then, edit ssh server 
configuration ('/etc/ssh/sshd_config') and add directive. Finally restart
ssh server.


~$ vim sshblame/config

----------------
JID=user@server.im;         # notification sender jid
JIDPASS=sEcrEt;             # notification sender password
RECIPIENT=recp@server.im    # recipient xmpp jid

----------------


~$ su -c "vim /etc/ssh/sshd_config"

----------------
# Put this line anywhere you want
# ForceCommand /path/to/script /path/to/configdir/configfile
# i.e.

ForceCommand /usr/local/bin/sshblame /home/me/sshblame/config

----------------


~$ service sshd restart

(edit accordingly to your *nix distribution)


Testing
-------
Proper function comes inside script to test functionality. To test, run
from host other than server (i.e. your home computer):


~$ ssh -p PORT user@server blametest

----------------
user@server's password:
sshblame version --
  by ziggys
  License: The Drunken BEER License v 1.1
  (https://git.p4g.club/git/beer/about)

sshblame is a shellscript for ssh hardening. Every time an ssh
  command is executed on server, the script sends a message to an xmpp
  recipient, wether user or chatroom, notifying about with detailed
  info about client connected and command executed.

For help configurint and more details about this script go to
  Official Repository: https://git.p4g.club/git/sshblame
  Mirror Repository: https://gitgud.io/ziggys/sshblame

----------------


Examples
--------

~$ ssh me@myserver cat some_file

----------------
me@myserver's password: 
executing 'cat some_file' in 'myserver'...
Some text inside some_file

----------------


~$ ssh me@myserver

----------------
me@myserver's password: 
executing '/bin/sh' in 'myserver'...
~$ _

----------------


This two last ssh commands (cat and session) will send a notification
message from my xmpp jid to a chatroom:

~$ cat sshblame/config

----------------
JID=ziggys@myxmppserver.io;
JIDPASS=mypassword;
RECIPIENT=-c privatechat@rooms.myxmppserver.io;

----------------


----------------
16-06 15:04
ssh command executed in 'myserver'
ssh command: 'cat some_file'
client info: 190.211.420.112, isp_info, city, country

----------------

----------------
16-06 15:05
ssh command executed in 'myserver'
ssh command: '/bin/sh'
client info: 190.211.420.112, isp_info, city, country

----------------