diff --git a/login mailer.sh b/login mailer.sh index 1cbc53c..ac4f428 100755 --- a/login mailer.sh +++ b/login mailer.sh @@ -1,11 +1,13 @@ #!/bin/bash # -# Yigid BALABAN, +# Yiğid BALABAN, # login mailer # # set env var EMAIL and ENDPOINT LOG_FILE="/var/log/auth.log" +LAST_LINE_FILE="/tmp/last_line_checked" +LOG_OUTPUT="/var/log/server-toolkit/login-mailer.log" HOSTNAME=$(hostname) if [[ ! -f "$LAST_LINE_FILE" ]]; then @@ -18,9 +20,14 @@ NEW_LINES=$(sed -n "$((LAST_LINE + 1)),\$p" "$LOG_FILE") if echo "$NEW_LINES" | grep "sshd.*Accepted"; then LOGIN_INFO=$(echo "$NEW_LINES" | grep "sshd.*Accepted" | awk '{print $9 " from " $11}') - curl -H "content-type: application/json" \ - -d "{\"subject\": \"New login on $HOSTNAME\", \"text\": \"SSH login detected: $LOGIN_INFO\", \"recipient\": \"$EMAIL\"}" \ - "$ENDPOINT" + RESPONSE_CODE=$(curl -s -o /dev/null -w "%{http_code}" -H "content-type: application/json" \ + -d "$(jq -n --arg subject "New login on $HOSTNAME" --arg text "SSH login detected: $LOGIN_INFO" --arg recipient "$EMAIL" \ + '{subject: $subject, text: $text, recipient: $recipient}')" \ + "$ENDPOINT") + + if [[ "$RESPONSE_CODE" -ne 200 ]]; then + echo "$(date '+%Y-%m-%d %H:%M:%S') - Failed to send login alert. Response code: $RESPONSE_CODE" >>"$LOG_OUTPUT" + fi fi -wc -l <"$LOG_FILE" >"$LAST_LINE_FILE" +wc -l "$LOG_FILE" | awk '{print $1}' >"$LAST_LINE_FILE"