#!/bin/bash
#
#     Yigid BALABAN, <fyb@fybx.dev>
#     login mailer
#

# set env var EMAIL and ENDPOINT
LOG_FILE="/var/log/auth.log"
HOSTNAME=$(hostname)

if [[ ! -f "$LAST_LINE_FILE" ]]; then
  echo "0" >"$LAST_LINE_FILE"
fi

LAST_LINE=$(cat "$LAST_LINE_FILE")
NEW_LINES=$(sed -n "$((LAST_LINE + 1)),\$p" "$LOG_FILE")

if echo "$NEW_LINES" | grep "sshd.*Accepted"; then
  LOGIN_INFO=$(echo "$NEW_LINES" | grep "sshd.*Accepted" | awk '{print $9 " from " $11}')

  curl -H "content-type: application/json" \
    -d "{\"subject\": \"New login on $HOSTNAME\", \"text\": \"SSH login detected: $LOGIN_INFO\", \"recipient\": \"$EMAIL\"}" \
    "$ENDPOINT"
fi

wc -l <"$LOG_FILE" >"$LAST_LINE_FILE"