Skip to content

feat: add ssh-login-monitor module to store#1

Merged
ralyodio merged 1 commit into
profullstack:masterfrom
pxivory-max:feat/ssh-login-monitor-module
May 21, 2026
Merged

feat: add ssh-login-monitor module to store#1
ralyodio merged 1 commit into
profullstack:masterfrom
pxivory-max:feat/ssh-login-monitor-module

Conversation

@pxivory-max

@pxivory-max pxivory-max commented May 19, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Adds a new free/MIT-licensed SSH Login Monitor module to boilerplates/
  • Monitors /var/log/auth.log for SSH login events, detects brute-force patterns, and emits ThreatEvents
  • Follows the same structure as existing boilerplates (mod.toml, src/index.ts, package.json, etc.)

Module Details

Field Value
Name ssh-login-monitor
Category Security / Monitoring
License MIT
Pricing Free
OS Support Linux

What it does

  1. Tails auth log file for SSH events (configurable path)
  2. Parses failed password attempts and successful logins
  3. Emits high/critical severity events when brute-force patterns exceed threshold
  4. Emits info events for successful SSH logins (audit trail)
  5. Persists file offset via ctx.setState to avoid re-processing on restart

Related

Test plan

  • Verify module structure matches existing boilerplate conventions
  • Confirm TypeScript compiles with pnpm build
  • Review mod.toml metadata is complete and correct

@claude
feat: add ssh-login-monitor module boilerplate
f6df3cc 
Adds a new community module that monitors SSH authentication logs for
brute-force patterns and emits ThreatEvents. Follows the same structure
as the existing free-module boilerplate (mod.toml, src/, package.json).

Co-Authored-By: Claude Opus 4 <noreply@anthropic.com>
github-advanced-security[bot]
github-advanced-security AI found potential problems May 19, 2026
View reviewed changes
Comment thread boilerplates/ssh-login-monitor/src/index.ts

let content: string;
try {
const buf = await readFile(logPath, { encoding: 'utf8' });
@ralyodio

ralyodio commented May 19, 2026

Copy link
Copy Markdown
Contributor

YOu have a blocking file system race condition. Otherwise looks good to me! I'll merge as soon as the checks pass.

@ralyodio ralyodio mentioned this pull request May 20, 2026
Open
@ralyodio

ralyodio commented May 20, 2026

Copy link
Copy Markdown
Contributor

@pxivory-max can you address this please with a commit? https://github.com/profullstack/threatcrush/pull/1/checks?check_run_id=76721697762

@ralyodio ralyodio merged commit 785bf5f into profullstack:master May 21, 2026
7 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ralyodio ralyodio ralyodio approved these changes

+1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pxivory-max @ralyodio @github-advanced-security