#!/bin/bash # # Yiğid BALABAN, # login mailer # # set env var EMAIL and ENDPOINT LOG_FILE="/var/log/auth.log" LAST_LINE_FILE="/tmp/last_line_checked" LOG_OUTPUT="/var/log/server-toolkit/login-mailer.log" HOSTNAME=$(hostname) if [[ ! -f "$LAST_LINE_FILE" ]]; then echo "0" >"$LAST_LINE_FILE" fi LAST_LINE=$(cat "$LAST_LINE_FILE") NEW_LINES=$(sed -n "$((LAST_LINE + 1)),\$p" "$LOG_FILE") if echo "$NEW_LINES" | grep "sshd.*Accepted"; then LOGIN_INFO=$(echo "$NEW_LINES" | grep "sshd.*Accepted" | awk '{print $9 " from " $11}') RESPONSE_CODE=$(curl -s -o /dev/null -w "%{http_code}" -H "content-type: application/json" \ -d "$(jq -n --arg subject "New login on $HOSTNAME" --arg text "SSH login detected: $LOGIN_INFO" --arg recipient "$EMAIL" \ '{subject: $subject, text: $text, recipient: $recipient}')" \ "$ENDPOINT") if [[ "$RESPONSE_CODE" -ne 200 ]]; then echo "$(date '+%Y-%m-%d %H:%M:%S') - Failed to send login alert. Response code: $RESPONSE_CODE" >>"$LOG_OUTPUT" fi fi wc -l "$LOG_FILE" | awk '{print $1}' >"$LAST_LINE_FILE"