chris-x86-64/aliases

## aliases
# Add the following line to /etc/aliases

slack: |"/usr/bin/python /path/to/post-to-slack.py"

## login-hook.sh
#!/bin/bash
(
    echo "ALERT - Shell Access ($(hostname)) on: `date` `who`"
) | /usr/sbin/sendmail slack

## post-to-slack.py
import sys
import urllib
import urllib2 as urlrequest
import json
import mail

SLACK_POST_URL = "https://hooks.slack.com/services/[TOKEN]"

def build_attachment():
    b = email.message_from_string(sys.stdin.read())
    post_json = {"text": b.get_payload()}
    return post_json

def post(payload):
    payload_json = json.dumps(payload)
    data = urllib.urlencode({"payload": payload_json})
    req = urlrequest.Request(SLACK_POST_URL)
    response = urlrequest.build_opener(urlrequest.HTTPHandler()).open(req, data.encode('utf-8')).read()
    return response.decode('utf-8')

post(build_attachment())

## sshd
# Add the following line to /etc/pam.d/sshd

session    optional     pam_exec.so /bin/bash /path/to/login-hook.sh
	# Add the following line to /etc/aliases

	slack: \|"/usr/bin/python /path/to/post-to-slack.py"
	#!/bin/bash
	(
	echo "ALERT - Shell Access ($(hostname)) on: `date` `who`"
	) \| /usr/sbin/sendmail slack
	import sys
	import urllib
	import urllib2 as urlrequest
	import json
	import mail

	SLACK_POST_URL = "https://hooks.slack.com/services/[TOKEN]"

	def build_attachment():
	b = email.message_from_string(sys.stdin.read())
	post_json = {"text": b.get_payload()}
	return post_json

	def post(payload):
	payload_json = json.dumps(payload)
	data = urllib.urlencode({"payload": payload_json})
	req = urlrequest.Request(SLACK_POST_URL)
	response = urlrequest.build_opener(urlrequest.HTTPHandler()).open(req, data.encode('utf-8')).read()
	return response.decode('utf-8')

	post(build_attachment())
	# Add the following line to /etc/pam.d/sshd

	session optional pam_exec.so /bin/bash /path/to/login-hook.sh