it wasn't working, now does. also log if server fails

2024-09-18 00:47:04 +03:00 · 2024-09-18 00:47:04 +03:00 · 6922e7ca06
commit 6922e7ca06
parent c3497a7a2a
1 changed files with 12 additions and 5 deletions
--- a/mailer.sh
+++ b/mailer.sh
@ -1,11 +1,13 @@
 #!/bin/bash
 #
-#     Yigid BALABAN, <fyb@fybx.dev>
+#     Yiğid BALABAN, <fyb@fybx.dev>
 #     login mailer
 #

 # set env var EMAIL and ENDPOINT
 LOG_FILE="/var/log/auth.log"
+LAST_LINE_FILE="/tmp/last_line_checked"
+LOG_OUTPUT="/var/log/server-toolkit/login-mailer.log"
 HOSTNAME=$(hostname)

 if [[ ! -f "$LAST_LINE_FILE" ]]; then
@ -18,9 +20,14 @@ NEW_LINES=$(sed -n "$((LAST_LINE + 1)),\$p" "$LOG_FILE")
 if echo "$NEW_LINES" | grep "sshd.*Accepted"; then
  LOGIN_INFO=$(echo "$NEW_LINES" | grep "sshd.*Accepted" | awk '{print $9 " from " $11}')

-  curl -H "content-type: application/json" \
-    -d "{\"subject\": \"New login on $HOSTNAME\", \"text\": \"SSH login detected: $LOGIN_INFO\", \"recipient\": \"$EMAIL\"}" \
-    "$ENDPOINT"
+  RESPONSE_CODE=$(curl -s -o /dev/null -w "%{http_code}" -H "content-type: application/json" \
+    -d "$(jq -n --arg subject "New login on $HOSTNAME" --arg text "SSH login detected: $LOGIN_INFO" --arg recipient "$EMAIL" \
+      '{subject: $subject, text: $text, recipient: $recipient}')" \
+    "$ENDPOINT")
+
+  if [[ "$RESPONSE_CODE" -ne 200 ]]; then
+    echo "$(date '+%Y-%m-%d %H:%M:%S') - Failed to send login alert. Response code: $RESPONSE_CODE" >>"$LOG_OUTPUT"
+  fi
 fi

-wc -l <"$LOG_FILE" >"$LAST_LINE_FILE"
+wc -l "$LOG_FILE" | awk '{print $1}' >"$LAST_LINE_FILE"