52 lines
1.3 KiB
Bash
Executable File
52 lines
1.3 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# Yiğid BALABAN, <fyb@fybx.dev>
|
|
# login mailer
|
|
#
|
|
|
|
LOG_FILE="/var/log/auth.log"
|
|
LAST_LINE_FILE="/tmp/last_line_checked"
|
|
LOG_OUTPUT="/var/log/server-toolkit/login-mailer.log"
|
|
HOSTNAME=$(hostname)
|
|
|
|
if [[ -z "$EMAIL" || -z "$ENDPOINT" ]]; then
|
|
echo "Error: EMAIL and ENDPOINT environment variables must be set." >&2
|
|
exit 1
|
|
fi
|
|
|
|
mkdir -p "$(dirname "$LOG_OUTPUT")"
|
|
|
|
if [[ ! -f "$LAST_LINE_FILE" ]]; then
|
|
echo "0" >"$LAST_LINE_FILE"
|
|
fi
|
|
|
|
log_message() {
|
|
echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" >>"$LOG_OUTPUT"
|
|
}
|
|
|
|
LAST_LINE=$(cat "$LAST_LINE_FILE")
|
|
NEW_LINES=$(tail -n +$((LAST_LINE + 1)) "$LOG_FILE")
|
|
|
|
if echo "$NEW_LINES" | grep -q "sshd.*Accepted"; then
|
|
LOGIN_INFO=$(echo "$NEW_LINES" | grep "sshd.*Accepted" | awk '{print $9 " from " $11}')
|
|
|
|
JSON_PAYLOAD=$(jq -n \
|
|
--arg subject "New login on $HOSTNAME" \
|
|
--arg text "SSH login detected: $LOGIN_INFO" \
|
|
--arg recipient "$EMAIL" \
|
|
'{subject: $subject, text: $text, recipient: $recipient}')
|
|
|
|
RESPONSE_CODE=$(curl -s -o /dev/null -w "%{http_code}" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$JSON_PAYLOAD" \
|
|
-L "$ENDPOINT")
|
|
|
|
if [[ "$RESPONSE_CODE" -ne 200 ]]; then
|
|
log_message "Failed to send login alert. Response code: $RESPONSE_CODE"
|
|
else
|
|
log_message "Login alert sent successfully for: $LOGIN_INFO"
|
|
fi
|
|
fi
|
|
|
|
wc -l <"$LOG_FILE" >"$LAST_LINE_FILE"
|