Skip to content
PAM module performing some checks and logs before ssh login
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src
LICENSE
README.md
build.sh
logsentinel.conf

README.md

logsentinel-PAM

PAM module performing some checks and logs before ssh login

  • checks if logsentinel application is alive (if not, allows access)
  • checks configurable list of domains for their certificates to be valid (Ethereum, time stamping service). If some of them are not valid there is a possibility of malicious actions, so access is not allowed
  • logs login attempts in logsentinel
  • allows access if everything is ok

Usage

  1. install git, pam-devel (on ubuntu it's libpam-dev), gcc

  2. run build.sh or commands in it (different linux distributions have different paths, so check it)

    • compile gcc -fPIC -fno-stack-protector -c src/pam_logsentinel.c
    • build module sudo ld -x --shared -o /lib/i386-linux-gnu/security/pam_logsentinel.so pam_logsentinel.o or (for CentOS) sudo ld -x --shared -o /lib64/security/pam_logsentinel.so pam_logsentinel.o
    • copy config file cp logsentinel.conf /etc/security/logsentinel.conf
    • edit logsentinel.conf with appropriate properties:
      • aliveUrl - url which will be hit to check if logsentinel app is working
      • checkDomainCerts - domains certificates to check before login (ex Ethereum, timestamping service etc.)
      • authorizationHeader - base64(organizationId:organizationSecret) can be found in logsentinel dashboard
      • applicationId - can be found in logsentinel dashboard
      • logUrl - url of the API where logs will be sent
      • pushTo - one ore more (comma separated) of the following: ETHEREUM, QTSA, EMAIL, TWITTER
  3. The PAM config files are located in /etc/pam.d/

    • open /etc/pam.d/sshd and append at the end of it session requisite pam_logsentinel.so /etc/security/logsentinel.conf /etc/security/logsentinel.conf is the path to the conf file (change it if it is somewhere else)
    • try to ssh

NOTE: if you use ssh to do this, always keep one terminal with root logged in, in case something goes wrong. It's possible to lock yourself out and you won't be able to ssh even with correct root credentials

You can’t perform that action at this time.