Supervises pfSense SSH service status and admin credentials, deploy SSH public key and sends alerts through Telegram and Discord webhooks.
Verify SSH service status performing restart of service if not runnig, detect changes on admin user credentials (password hash modification), perform deployment, verification and rollback of your SSH public key in admin user's authorized_keys file, send all alerts through Telegram and Discord webhooks.
Running as a FreeBSD daemon on pfSense.
- Run as a FreeBSD daemon.
- Detect admin password changes.
- Deploy and verify SSH public key.
- Monitor and restart SSH service.
- Send alerts through Discord webhook and Telegram bot.
Access your pfSense and clone this repo with bellow git or curl commands.
# Clone repo using git.
git clone https://github.com/usrbinbrain/pfstalker.git
# Clone repo using curl.
curl -L -O https://github.com/usrbinbrain/pfstalker/archive/refs/heads/master.zip && unzip -d ./pfstalker/ -j master.zipThe install.sh script will create a service configuration file to run pfstalker.py as a FreeBSD daemon.
Access repo directory and exec this install script to create pfstalker service, run bellow command on your pfSense.
# Access dir and exec install.sh script.
cd pfstalker/ && /bin/sh install.shSet your SSH public key, webhook Discord, Telegram bot token and chat id in the config.json file.
The SSH public key configured in this file will be implemented and verified in the admin authorized_keys file.
You can choose to receive alerts via Discord or Telegram, but pfstalker can send alerts using both platforms together.
- Discord webhook.
For recive alerts through Discord channel, configure your Discord webhook url on discord_url_webhook key value.
"discord_url_webhook": "https://discord.com/api/webhooks/0000/YOUR_DISCORD_WEBHOOK_FULL_URL"- Telegram bot.
For recive alerts through Telegram, create your bot using Botfather and add your bot token on telegram_bot_token key value and your bot chat id on telegram_chat_id value key.
"telegram_bot_token": "00000000:YOUR_TELEGRAM_BOT_TOKEN",
"telegram_chat_id": "0000_YOUR_BOT_CHAT_ID_0000"- SSH key.
Set your SSH public key inside ssh_public_key list to pfstalker perform deploy and rollback on authorized_keys file.
origkey = 'ssh-rsa AAAAB3N__YOUR_SSH_PUBLIC_KEY___Y07JYLSD yourname@yourhostname'After configured config.json file, just restart pfstalker service created by install.sh script on install step.
Now you can manage pfstalker service as a FreeBSD daemon service, performing start, stop, restart and status about this daemon.
To start supervisor of pfstalker on your pfSense firewall, just restart the service with bellow command.
# Restarting service on pfSense firewall.
/usr/local/etc/rc.d/pfstalker restartThere are currently 3 different alerts sent by pfstalker to Discord and Telegram.
You can see this alerts on bellow pictures.
- Admin user password change!
This alert is send if pfstalker identify any change on admin user hash on /etc/master.passwd.
- SSH public key was deploy!
This alert is send if pfstalker perform deploy or rollback of SSH public key on authorized_keys file.
- Service SSH was started!
If pfstalker restart SSH service on pfSense firewall, this alert is send.
