3a14fd2736
- 18 comprehensive monitoring checks - 5 systemd timers (5min, 15min, hourly, daily, weekly) - Complete documentation - NTFY secure notification system - Fixed debianvm disk space (91% to 57%) - Fixed CloudReve integration - Date: 2026-01-07
23 lines
839 B
Bash
Executable File
23 lines
839 B
Bash
Executable File
#!/bin/bash
|
||
# Monitor failed login attempts
|
||
set -u
|
||
|
||
SEND_NTFY="/usr/local/bin/send-ntfy.sh"
|
||
|
||
# Count failures
|
||
FAILED_SSH=$(journalctl -u ssh --since "1 hour ago" 2>/dev/null | grep -c "Failed password" || true)
|
||
FAILED_WEB=$(journalctl --since "1 hour ago" 2>/dev/null | grep -c "authentication failure.*pvedaemon" || true)
|
||
|
||
FAILED_SSH=${FAILED_SSH:-0}
|
||
FAILED_WEB=${FAILED_WEB:-0}
|
||
|
||
TOTAL_FAILED=$((FAILED_SSH + FAILED_WEB))
|
||
|
||
if [ $TOTAL_FAILED -gt 20 ]; then
|
||
$SEND_NTFY warning "Brute Force Attack" "🟡 WARNING: $TOTAL_FAILED failed logins!\nSSH: $FAILED_SSH, Web: $FAILED_WEB" "warning,lock"
|
||
elif [ $TOTAL_FAILED -gt 10 ]; then
|
||
$SEND_NTFY info "Failed Logins" "ℹ️ INFO: $TOTAL_FAILED failed logins\nSSH: $FAILED_SSH, Web: $FAILED_WEB" "lock,info"
|
||
fi
|
||
|
||
logger -t login-monitor "Failed logins: SSH=$FAILED_SSH, Web=$FAILED_WEB"
|