Powered By GitBook
send-connect-notification-to-slack-from-google-compute-engine
Learn how to send notifications to Slack with incoming webhooks from Compute Engine.
Tim Swast | Developer Programs Engineer | Google
Contributed by Google employees.
This tutorial demonstrates how to send a Slack notification when someone connects to a Compute Engine instance with SSH.
Compute Engine provides virtual machine instances with support for Linux and Windows operating systems, billed at minute-level increments.
Slack is a messaging application for working with teams, and it provides a rich set of APIs to integrate with your applications.

Objectives

Before you begin

    1.
    Create a Linux Compute Engine instance. You can follow the Compute Engine Linux quickstart guide to create one.
    When choosing a machine size, note that the Google Cloud free tier includes 1 f1-micro instance per month. This tutorial requires very little CPU or memory resources.
    2.
    Create a new Slack team, or use an team where
    you have permissions to add integrations.

Costs

This tutorial uses billable components of Google Cloud including Compute Engine. Use the Pricing Calculator to estimate the costs for your usage.
Slack is free for up to 10 apps and integrations. Check the Slack pricing page for details.

Connect to your instance

​Connect to your Compute Engine instance. The easiest way to do this is to use the SSH button from Cloud Console.

Get the sample code

From the instance, clone the sample code repository and change to the notify directory.
1
git clone https://github.com/GoogleCloudPlatform/slack-samples.git
2
cd slack-samples/notify
Copied!
If git is not installed, download and extract the code.
1
# Alternative if git is not installed.
2
wget https://github.com/GoogleCloudPlatform/slack-samples/archive/master.tar.gz
3
tar -xzf master.tar.gz
4
cd slack-samples-master/notify
Copied!

Creating a Slack incoming webhook

An incoming webhook creates an HTTPS endpoint where you can send messages. These messages will post the the configured channel or direct message.
    1.
    Create a new Slack app.
      1.
      Give the app a name, such as "SSH Notifier".
      2.
      Choose the Slack team where you want it installed.
    2.
    Select the Slack incoming webhook feature in the **Add
    features and functionality** section.
      1.
      Click the Off switch in the upper right-hand corner to activate the
      incoming webhooks feature. The switch will turn green to indicate the
      feature is now On.
    3.
    Click the Add new webhook to team button at the bottom of the incoming
    webhooks feature page.
      1.
      In the authorization dialog, select the channel where you want the SSH
      notifications to appear, such as #cloud or #botdev.
    4.
    You should now see a webhook URL, like
    https://hooks.slack.com/services/T000000/B00000/XXXXXXXX. Copy it to your
    clipboard by clicking the Copy button.
    5.
    Switch back to the SSH connection on the Compute Engine instance. 1. Write the webhook URL to a file called slack-hook in the notify directory.
    1
    echo 'https://hooks.slack.com/services/T000000/B00000/XXXXXXXX' > slack-hook
    Copied!
​Be careful with your webhook URL. Treat it like you would any other secret token. Do not store tokens in version control or share them publicly.

Examining the notification script

This section explains the script used to send notifications to Slack. It should be easy to understand if you are familiar with Bash syntax. You may skip to the Testing the notification script section if you only wish to try out the code.
First, it sets a variable with the location of this script. This will allow it to load the slack-hook file so long as it is in the same directory as the script.
1
script_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
Copied!
Then it checks to see what kind of authentication event is happening. The script notifies on all events except closing an SSH connection.
1
if [[ $PAM_TYPE != "close_session" ]] ; then
Copied!
Then it constructs a plain-text message to send. The message include the username and remote IP address.
1
host=$(hostname)
2
message="SSH Login: ${PAM_USER} from ${PAM_RHOST} on ${host}"
Copied!
It reads the webhook URL from the slack-hook file.
1
hook=$(cat "${script_dir}/slack-hook")
Copied!
Finally, it send a POST HTTP request with the message to the Slack webhook.
1
curl -X POST --data-urlencode "payload={\"text\": \"${message}\"}" "${hook}"
2
fi
Copied!

Testing the notification script

Test the script by setting the PAM_USER and PAM_RHOST variables and running the script from the Compute Engine instance SSH terminal.
1
PAM_USER=$USER PAM_RHOST=testhost ./login-notify.sh
Copied!
You should receive a Slack message notifying you that there as a login from testhost.

Adding the PAM hook.

A PAM hook can run a script to run whenever someone SSHs into the machine.
    1.
    Verify that SSH is using PAM by making sure there is a line UsePAM yes in the /etc/ssh/sshd_config file.
    1
    grep UsePAM /etc/ssh/sshd_config
    Copied!
    If you do not see UsePAM yes or it is commented out with a #, you can use whatever text editor you would like to edit the file. This tutorial uses nano.
    1
    sudo nano /etc/ssh/sshd_config
    Copied!
    2.
    Use the install.sh script to set up the PAM hook.
    1
    sudo ./install.sh
    Copied!
    3.
    Keep this SSH window open in case something went wrong.
    4.
    Verify that you can login from another SSH terminal.
You should receive another notification on Slack, indicating that you just connected.

Cleaning up

To prevent unnecessary charges, clean up the resources created for this tutorial.
    2.
    Remove the [custom integration from

Next steps

Last modified 7mo ago