https://github.com/jsfraz/lucian

Monitoring SSH login attempts and geolocating remote hosts.
https://github.com/jsfraz/lucian

geolocation golang postgres redis ssh ssh-login ssh-logs ssh-monitoring unauthorized-access valkey

Last synced: 4 months ago
JSON representation

Monitoring SSH login attempts and geolocating remote hosts.

• Host: GitHub
• URL: https://github.com/jsfraz/lucian
• Owner: jsfraz
• Created: 2024-02-15T20:06:34.000Z (over 1 year ago)
• Default Branch: master
• Last Pushed: 2025-02-11T00:40:28.000Z (4 months ago)
• Last Synced: 2025-02-11T01:27:08.951Z (4 months ago)
• Topics: geolocation, golang, postgres, redis, ssh, ssh-login, ssh-logs, ssh-monitoring, unauthorized-access, valkey
• Language: Go
• Homepage:
• Size: 42 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# lucian

L.U.C.I.A.N (Location-based Unauthorized Connection Investigation and Analysis Network) as the (very cool) name suggests is intended for monitoring SSH login attempts and geolocating remote hosts who failed to login and gathering used credentials.

## How it works

The main idea is that you don't use default SSH port to connect to your remote server/VPS. This Docker Compose configuration maps fake server's port 22 to Docker host's public IP and stores unsuccesful login details in Postgres database:

| id    | ip_version | ip_address     | latitude  | longitude  | country_name | country_code | time_zone0 | zip_code | city_name | region_name | is_proxy | continent | continent_code | user | password  | timestamp                     |

|:-----:|:----------:|:--------------:|:---------:|:----------:|:------------:|:------------:|:----------:|:--------:|:---------:|:-----------:|:--------:|:---------:|:--------------:|:----:|:---------:|:-----------------------------:|

| 35086 | 4          | 180.101.88.252 | 31.311365 | 120.617691 | China        | CN           | +08:00     | 215003   | Suzhou    | Jiangsu     | false    | Asia      | AS             | root | nathalie  | 2024-02-28 14:31:56.356 +0100 |

| 35085 | 4          | 180.101.88.252 | 31.311365 | 120.617691 | China        | CN           | +08:00     | 215003   | Suzhou    | Jiangsu     | false    | Asia      | AS             | root | dfvgbh    | 2024-02-28 14:31:56.043 +0100 |

| 35084 | 4          | 180.101.88.252 | 31.311365 | 120.617691 | China        | CN           | +08:00     | 215003   | Suzhou    | Jiangsu     | false    | Asia      | AS             | root | jlo       | 2024-02-28 14:30:55.356 +0100 |

| 35083 | 4          | 180.101.88.252 | 31.311365 | 120.617691 | China        | CN           | +08:00     | 215003   | Suzhou    | Jiangsu     | false    | Asia      | AS             | root | egk       | 2024-02-28 14:30:53.744 +0100 |

| 35082 | 4          | 180.101.88.252 | 31.311365 | 120.617691 | China        | CN           | +08:00     | 215003   | Suzhou    | Jiangsu     | false    | Asia      | AS             | root | 1qaz2wsx@ | 2024-02-28 14:30:53.397 +0100 |

## Deploy

Change database passwords and public IP address in `.env` file and run `sudo ./compose.sh` to build the image and compose the project.

.env example:

```env

POSTGRES_PASSWORD=hard_password

VALKEY_PASSWORD=hard_password

PUBLIC_IP=127.0.0.1

```

## Future plans

Frontend coming soon! (soon is relative)