Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mgla96/ssh-watcher

Monitor SSH logs and publish notifications to Slack
https://github.com/mgla96/ssh-watcher

observability security-audit ssh

Last synced: about 1 month ago
JSON representation

Monitor SSH logs and publish notifications to Slack

Host: GitHub
URL: https://github.com/mgla96/ssh-watcher
Owner: Mgla96
License: mit
Created: 2023-12-16T17:23:44.000Z (about 1 year ago)
Default Branch: main
Last Pushed: 2024-09-08T20:30:01.000Z (4 months ago)
Last Synced: 2024-09-08T21:42:26.286Z (4 months ago)
Topics: observability, security-audit, ssh
Language: Go
Homepage:
Size: 43.9 KB
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# ssh-watcher

[![Run Tests](https://github.com/Mgla96/ssh-watcher/actions/workflows/main.yml/badge.svg?branch=main)](https://github.com/Mgla96/ssh-watcher/actions/workflows/main.yml)
[![License](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)
[![Go Report Card](https://goreportcard.com/badge/github.com/Mgla96/ssh-watcher)](https://goreportcard.com/report/github.com/Mgla96/ssh-watcher)
![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/mgla96/ssh-watcher?sort=semver)

**SSH Watcher** monitors SSH logs and sends alerts to Slack for quick incident response. It is open for extension to send alerts to other notification services beyond Slack.

This project is still a work in progress.

## Installation

### Download Binary

Currently, `ssh-watcher` supports only the `AMD64` architecture, although binaries for other architectures can be built in the future. The binary to run ssh-watcher can be found under the `Assets` section of a release. To programmatically download the binary, follow the instructions below:

Downloading latest version of ssh-watcher. To download the latest version with the provided command, you need `curl` and `jq` installed on your system.

```bash
curl -L $(curl -s https://api.github.com/repos/Mgla96/ssh-watcher/releases/latest | \
jq -r '.assets[] | select(.name == "ssh-watcher-linux-amd64") | .browser_download_url') \
-o ssh-watcher-linux && \
chmod +x ssh-watcher-linux && \
sudo mv ssh-watcher-linux /usr/local/bin/ssh-watcher
```

Alternatively, you can install a specific release with the following command and replacing `v0.1.0` with the version of
`ssh-watcher` you would like to install.

```bash
curl -L -o ssh-watcher-linux https://github.com/Mgla96/ssh-watcher/releases/download/v0.1.0/ssh-watcher-linux-amd64 && \
chmod +x ssh-watcher-linux && \
sudo mv ssh-watcher-linux /usr/local/bin/ssh-watcher
```

### Prepare the Systemd Service File

1. Copy the `ssh-watcher.service` file and populate the environment variables. Save this file in `/etc/systemd/system/`.

2. Update the `ExecStart` field in `ssh-watcher.service` file to point to the location of the ssh-watcher binary.

### Start the Service

1. **Reload systemd**: to make systemd aware of the new service file.

```bash
sudo systemctl daemon-reload
```

2. **Enable the Service**: to ensure `ssh-watcher` starts automatically at boot.

```bash
sudo systemctl enable ssh-watcher.service
```

3. **Start the Service**: Start service immediately without rebooting.

```bash
sudo systemctl start ssh-watcher.service
```

4. **Check the Service Status**: Verify that the service is active and running.

```bash
sudo systemctl status ssh-watcher.service
```