Overview
- As a Linux System Admin I’m always need to monitor system logs for any unauthorized activity like brute force attack or co-worker trying to guess the server passwords.
- In this kind of situation system generate a special message in
/var/log/auth.log
file calledauthentication failure
.
Installation
Debian/Ubuntu Linux
[mitesh@shah ~]$ sudo apt-get install ruby-dev
Redhat/CentOS Linux
[mitesh@shah ~]$ sudo yum install ruby-devel
Twitter Setup
Create New Twitter Account For Servers
- Personal Twitter Account
- We need one Personal and one Private Twitter account.
- All the security alert messages posted on Private Twitter Account (MiteshAlert)
- I’m (MiteshShah05) the only follower of Private Twitter Account (MiteshAlert) so our security messages only display for me.
Install Twitter CommandLine Client t
- For More Detailed Information about Install and Configure t Click Here
[mitesh@shah ~]$ gem install t
Configure t
[mitesh@shah ~]$ t authorize
Welcome! Before you can use t, you'll first need to register an
application with Twitter. Just follow the steps below:
1. Sign in to the Twitter Application Management site and click
"Create New App".
2. Complete the required fields and submit the form.
Note: Your application must have a unique name.
3. Go to the Permissions tab of your application, and change the
Access setting to "Read, Write and Access direct messages".
4. Go to the API Keys tab to view the consumer key and secret,
which you'll need to copy and paste below when prompted.
Press [Enter] to open the Twitter Developer site.
Open: https://apps.twitter.com
Enter your API key: 94g0557bTTNMQPSQf6DJYyrFG
Enter your API secret: j9H5dY0croAFiXJvmB2YjPZ32cawiqsqiCBeegOTtrTEy2bRhN
In a moment, you will be directed to the Twitter app authorization page.
Perform the following steps to complete the authorization process:
1. Sign in to Twitter.
2. Press "Authorize app".
3. Copy and paste the supplied PIN below when prompted.
Press [Enter] to open the Twitter app authorization page.
Open: https://api.twitter.com/oauth/authorize?oauth_callback=oob&oauth_consumer_key=xxxxxxxxxx
Enter the supplied PIN: 1945192
Authorization successful.
Security Alert
- You should need to create a crontab entry for the following shell script.
- So the following shell script runs every 10 minutes automatically.
Sample Tweet
12:01:47 sshd[32239]: authentication failures; uid=0 tty=ssh ruser= rhost=X.XX.XX.XX
— Mitesh Shah (@MiteshAlert) June 29, 2015
Get SMS UpdateFor Above Tweets
- Open Serever Private Twitter Account Page from your Personal Twitter Account
- Click on Settings
- Click on Turn on mobile notifications.
<img alt “Security Alert” src=”https://cloud.githubusercontent.com/assets/1223371/8515662/02129d2e-23c5-11e5-8e84-45eb20a9ced2.png”>
- Feel free to comment below in case you face any problem.