From c3497a7a2a2c17c9307d6ddca79550e050bf6158 Mon Sep 17 00:00:00 2001
From: Yigid BALABAN <fyb@fybx.dev>
Date: Wed, 18 Sep 2024 00:23:17 +0300
Subject: [PATCH] Initial commit

---
 login mailer.sh | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100755 login mailer.sh

diff --git a/login mailer.sh b/login mailer.sh
new file mode 100755
index 0000000..1cbc53c
--- /dev/null
+++ b/login mailer.sh	
@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+#     Yigid BALABAN, <fyb@fybx.dev>
+#     login mailer
+#
+
+# set env var EMAIL and ENDPOINT
+LOG_FILE="/var/log/auth.log"
+HOSTNAME=$(hostname)
+
+if [[ ! -f "$LAST_LINE_FILE" ]]; then
+  echo "0" >"$LAST_LINE_FILE"
+fi
+
+LAST_LINE=$(cat "$LAST_LINE_FILE")
+NEW_LINES=$(sed -n "$((LAST_LINE + 1)),\$p" "$LOG_FILE")
+
+if echo "$NEW_LINES" | grep "sshd.*Accepted"; then
+  LOGIN_INFO=$(echo "$NEW_LINES" | grep "sshd.*Accepted" | awk '{print $9 " from " $11}')
+
+  curl -H "content-type: application/json" \
+    -d "{\"subject\": \"New login on $HOSTNAME\", \"text\": \"SSH login detected: $LOGIN_INFO\", \"recipient\": \"$EMAIL\"}" \
+    "$ENDPOINT"
+fi
+
+wc -l <"$LOG_FILE" >"$LAST_LINE_FILE"