Simple SSH Attempt Monitoring using Go and PHP
The concept is simple, this is not a monolithic application. This is more like Client-Server apps.
The client built using Go, the client will listen and tail the log that contain ssh login, in this case on CentOS the log is on /var/log/secure and then if there is an invalid or Accepted message on logs, it will send a POST request to Master apps.
The server built using PHP native, without a framework or whatsoever. it just accepts POST request from Client / Node and then writes it on the database, then show it using Query from MySQL.
- Go installed on your PC
- PHP
- Apache / Nginx ( up to you )
- MySQL
You need to build the binary from this repository, because currently the client still beta and the config need to write directly to the source code.
- Clone this repository
git clone https://gitlab.com/mamazary/atlanta-ssh-attempt-monitor.git - Create database on MySQL and assign user to it.
- Import the sql into your MySQL database.
- Change directory
cd atlanta-ssh-attempt-monitor - Copy the files on master folder to your accessible webroot, ex:
/var/www/htlml - Change the database configuration in the
database.phpfile$dbHost = '127.0.0.1'; // Database Host $dbName = 'atlanta'; // Database Name $dbUser = 'atlanta'; // Database Username $dbPass = 'v3PZ2F6r9enJXzz'; // Database Password $dbPort = '3306'; // Database port - Make sure the website is running by visiting your ip or host.
- You can
truncatethe database content, for start fresh. - Get tail package for Go on github
go get github.com/hpcloud/tail - Change the parameter on client based on your environment.
// Host for master either IP or Domain masterHost := "atlanta.local" // Port for master masterPort := "8888" // Node name nodeName := "nodeABC" // Log file path logFilePath := "/var/log/secure" - Run build command 'go build'
- Run the executeable files
./atlanta - So, every SSH attempt that happened on Client will reported to the Master.
- The client is not running on background, so use another Terminal or use the
screenapp to run it on background. Next release will be fixed using a daemon function. - The client need to recompile on every node, you can compile using one computer and then copy the executable files to a desired node. Next release will be fixed using daemon function with setup command, so no need to change the config on source code or recompile the executable file.
- The Master did not have any authentication. You can used
htpasswdfor temporary solution. But Next release will have a login function.
- Add daemon function to the client
- Add OS detection, to automatically detect logs location for SSH
- Add Authentication on Master dashboard
- Add styling on Master dashboard so its pleasing on eye
- Auto Deployment support
- Container support
Because this is an opensource project, you are freely to add feature or function, I will be very grateful. I know this app is far from perfect, so I need your help to make this app awesome.
This work is under MIT license.