https://github.com/jsfraz/lucian
Monitoring SSH login attempts and geolocating remote hosts.
https://github.com/jsfraz/lucian
geolocation golang postgres redis ssh ssh-login ssh-logs ssh-monitoring unauthorized-access valkey
Last synced: 4 months ago
JSON representation
Monitoring SSH login attempts and geolocating remote hosts.
- Host: GitHub
- URL: https://github.com/jsfraz/lucian
- Owner: jsfraz
- Created: 2024-02-15T20:06:34.000Z (over 1 year ago)
- Default Branch: master
- Last Pushed: 2025-02-11T00:40:28.000Z (4 months ago)
- Last Synced: 2025-02-11T01:27:08.951Z (4 months ago)
- Topics: geolocation, golang, postgres, redis, ssh, ssh-login, ssh-logs, ssh-monitoring, unauthorized-access, valkey
- Language: Go
- Homepage:
- Size: 42 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# lucian
L.U.C.I.A.N (Location-based Unauthorized Connection Investigation and Analysis Network) as the (very cool) name suggests is intended for monitoring SSH login attempts and geolocating remote hosts who failed to login and gathering used credentials.
## How it works
The main idea is that you don't use default SSH port to connect to your remote server/VPS. This Docker Compose configuration maps fake server's port 22 to Docker host's public IP and stores unsuccesful login details in Postgres database:
| id | ip_version | ip_address | latitude | longitude | country_name | country_code | time_zone0 | zip_code | city_name | region_name | is_proxy | continent | continent_code | user | password | timestamp |
|:-----:|:----------:|:--------------:|:---------:|:----------:|:------------:|:------------:|:----------:|:--------:|:---------:|:-----------:|:--------:|:---------:|:--------------:|:----:|:---------:|:-----------------------------:|
| 35086 | 4 | 180.101.88.252 | 31.311365 | 120.617691 | China | CN | +08:00 | 215003 | Suzhou | Jiangsu | false | Asia | AS | root | nathalie | 2024-02-28 14:31:56.356 +0100 |
| 35085 | 4 | 180.101.88.252 | 31.311365 | 120.617691 | China | CN | +08:00 | 215003 | Suzhou | Jiangsu | false | Asia | AS | root | dfvgbh | 2024-02-28 14:31:56.043 +0100 |
| 35084 | 4 | 180.101.88.252 | 31.311365 | 120.617691 | China | CN | +08:00 | 215003 | Suzhou | Jiangsu | false | Asia | AS | root | jlo | 2024-02-28 14:30:55.356 +0100 |
| 35083 | 4 | 180.101.88.252 | 31.311365 | 120.617691 | China | CN | +08:00 | 215003 | Suzhou | Jiangsu | false | Asia | AS | root | egk | 2024-02-28 14:30:53.744 +0100 |
| 35082 | 4 | 180.101.88.252 | 31.311365 | 120.617691 | China | CN | +08:00 | 215003 | Suzhou | Jiangsu | false | Asia | AS | root | 1qaz2wsx@ | 2024-02-28 14:30:53.397 +0100 |## Deploy
Change database passwords and public IP address in `.env` file and run `sudo ./compose.sh` to build the image and compose the project.
.env example:
```env
POSTGRES_PASSWORD=hard_password
VALKEY_PASSWORD=hard_password
PUBLIC_IP=127.0.0.1
```## Future plans
Frontend coming soon! (soon is relative)