Blog Categories Application Security Cloud Security Compliance Container Security & Orchestration DevSecOps General Professional Development SOC Threat Intel Threat Stack Uncategorized Subscribe Now x Subscribe to Our Blog! DevSecOps 2 Min Read VPNNotify: A VPN Notification bot for Slack Pat Cable September 5, 2017 In an earlier post, we talked about how we implemented centralized authentication at Threat Stack. This project initially allowed us to create clearer access control for our servers. A side benefit of this work has allowed us to write tooling around common authentication processes. One thing we’ve wanted to do is create an alert when folks are using a VPN to connect to one of our environments. In the event of a stolen laptop and stolen credentials, a user could be alerted to someone logging in with their credentials. With OpenVPN, performing actions on a client connect is possible using a client-connect script, so in the tradition of writing small Go applications to improve visibility, we did just that. For the last few months our Slack bot VPN Notifier has been letting our engineers know when they connect into a Threat Stack environment. We’ve now done the work to open source the tool so that others can use and improve on it. We specifically mention improve, because our tool has limitations: The current version does extremely basic environment checking, and extremely basic alert suppression. Our hope is that we can collaborate with others who want to take this tool the extra mile. Using VPNNotify Our README.md has full instructions on using the tool, along with requirements. In summary, you will: Use a configuration management tool to place a configuration file (/etc/vpnnotify.json is the default) on your OpenVPN host. Use a configuration management tool to distribute a VPNnotify package. (We use FPM to make our own.) Set the client-connect option in your OpenVPN Server configuration to where you installed VPNNotify — it will read in the VPN/user details over environment variables that OpenVPN provides. Wrapping up… Getting visibility into when VPN sessions are opened on your behalf helps you know if your credentials are being misused. VPNNotify helps you do just that. We look forward to hearing how you’ll use it! Interested in VPNNotify? Check it out on GitHub. Star Additional Open Source Tools From Threat Stack If you’re interested in other open sources tools developed by Threat Stack, take a look at the following blog posts. Each provides information on how to use the tool along with a link to download it: Authkeys: Making Key-Based LDAP Authentication Faster Authkeys performs LDAP lookups of SSH keys without the need for using scripts or other interpreted code. Balancing Security and Your On-Call Rotation Using Deputize This is the tool we created and use to manage our on-call rotation at Threat Stack. Deputize uses PagerDuty’s API to get the email addresses of the engineers on call, then compares that to the named users in the on-call group, and updates accordingly. Tags:Open Source Security ToolsSecurityVPN Access NotificationVPNNotify You Might Also Like... Authkeys: Making Key-Based LDAP Authentication Faster Balancing Security and Your On-Call Rotation Using Deputize About Pat Cable Patrick Cable is Director of Platform Security at Threat Stack. As an infrastructure security engineer, Patrick focuses on ensuring the security of the Threat Stack Platform by collaborating with other departments, implementing security tools, and building new technology to make security easier for everyone in the organization. Prior to working at Threat Stack he was Associate Staff in the Secure and Resilient Systems Group at MIT Lincoln Laboratory where he worked on improving cloud security in research environments. View more posts by Pat Cable Request a Demo Share this Blog