Skip to content

feat: add ssh-login-monitor module to store#1

Open
pxivory-max wants to merge 1 commit into
profullstack:masterfrom
pxivory-max:feat/ssh-login-monitor-module
Open

feat: add ssh-login-monitor module to store#1
pxivory-max wants to merge 1 commit into
profullstack:masterfrom
pxivory-max:feat/ssh-login-monitor-module

Conversation

@pxivory-max
Copy link
Copy Markdown

@pxivory-max pxivory-max commented May 19, 2026

Summary

  • Adds a new free/MIT-licensed SSH Login Monitor module to boilerplates/
  • Monitors /var/log/auth.log for SSH login events, detects brute-force patterns, and emits ThreatEvents
  • Follows the same structure as existing boilerplates (mod.toml, src/index.ts, package.json, etc.)

Module Details

Field Value
Name ssh-login-monitor
Category Security / Monitoring
License MIT
Pricing Free
OS Support Linux

What it does

  1. Tails auth log file for SSH events (configurable path)
  2. Parses failed password attempts and successful logins
  3. Emits high/critical severity events when brute-force patterns exceed threshold
  4. Emits info events for successful SSH logins (audit trail)
  5. Persists file offset via ctx.setState to avoid re-processing on restart

Related

Test plan

  • Verify module structure matches existing boilerplate conventions
  • Confirm TypeScript compiles with pnpm build
  • Review mod.toml metadata is complete and correct

@claude
feat: add ssh-login-monitor module boilerplate
f6df3cc 
Adds a new community module that monitors SSH authentication logs for
brute-force patterns and emits ThreatEvents. Follows the same structure
as the existing free-module boilerplate (mod.toml, src/, package.json).

Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
github-advanced-security[bot]
github-advanced-security AI found potential problems May 19, 2026
View reviewed changes
Comment thread boilerplates/ssh-login-monitor/src/index.ts

let content: string;
try {
const buf = await readFile(logPath, { encoding: 'utf8' });
@ralyodio
Copy link
Copy Markdown
Contributor

ralyodio commented May 19, 2026

YOu have a blocking file system race condition. Otherwise looks good to me! I'll merge as soon as the checks pass.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ralyodio ralyodio ralyodio approved these changes

+1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pxivory-max @ralyodio @github-advanced-security