ssh-alert

This Docker container monitors /var/log/auth.log for suspicious logins and creates Zammad tickets if a successful login was detected.

Prerequisites

Debian 12 does not write sshd logs to /var/log/auth.log by default:

Install rsyslog: apt install rsyslog.
Update /etc/ssh/sshd_config:
```
SyslogFacility AUTH
LogLevel INFO
```
Restart sshd: service ssh restart

Environment Variables

# Comma-separated list of IP addresses
# Ranges or wildcards are currently not supported
ALLOWED_IPS='1.2.3.4,2.3.4.5'

ZAMMAD_URL='https://your-zammad-instance.com'

# Token with 'ticket.agent' scope
ZAMMAD_TOKEN=''

# This is used inside the created tickets to identify the machine
ZAMMAD_TICKET_HOSTNAME='hostname'

# Group in Zammad (default: "Support")
ZAMMAD_GROUP='Support'

How to test and develop

docker compose up -d --build
# TODO: docker compose watch support
docker compose logs -f

Deployment

-> deploy/ssh-alert.yml

Name		Name	Last commit message	Last commit date
Latest commit History 13 Commits
.github/workflows		.github/workflows
deploy		deploy
.gitignore		.gitignore
Dockerfile		Dockerfile
README.md		README.md
docker-compose.yml		docker-compose.yml
requirements.txt		requirements.txt
ssh-alert.py		ssh-alert.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

ssh-alert

Prerequisites

Environment Variables

How to test and develop

Deployment

About

Uh oh!

Releases

Packages

Uh oh!

Contributors 2

Uh oh!

Languages

datamate-rethink-it/ssh-alert

Folders and files

Latest commit

History

Repository files navigation

ssh-alert

Prerequisites

Environment Variables

How to test and develop

Deployment

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors 2

Uh oh!

Languages

Packages