Carlostkd โœ…

๐Ÿ“Œ HAMAS TIP

May 21, 2025โ€ข225 words

๐Ÿ”ง Hacker-Style Linux System Reporter using HMAS

โœ… Overview

This project provides a Bash script to send system status reports.

It avoids input errors by using the send= or share= endpoints, and it provides

flexibility to send messages either to another user (via API key) or to an email address.

๐Ÿงพ Bash Script: login_alert.sh

#!/bin/bash

# === CONFIG ===
API_KEY="your_api_key"
RECIPIENT_KEY="admin_api_key"
API_URL="https://carlostkd.ch/hmas/api.php"
LOG_FILE="/var/log/auth.log"
FAIL_THRESHOLD=5
TIME_FRAME=60  # Seconds

# === Analyze Log ===
NOW=$(date +%s)
RECENT_FAILS=$(grep "Failed password" "$LOG_FILE" | tail -n 100 | awk -v now=$NOW '
    {
        cmd = "date -d "" $1 " " $2 " " $3 "" +%s"
        cmd | getline logtime
        close(cmd)
        if ((now - logtime) < 60) print
    }' | wc -l)

# === Trigger Alert if Threshold Exceeded ===
if [ "$RECENT_FAILS" -ge "$FAIL_THRESHOLD" ]; then
    HOST=$(hostname)
    TIME=$(date)
    MESSAGE="โš ๏ธ Security Alert on $HOST at $TIME\n\n$RECENT_FAILS failed login attempts detected within the last $TIME_FRAME seconds. Possible brute-force attack in progress."

    ENCODED_MSG=$(echo -e "$MESSAGE" | jq -sRr @uri)

    curl -G "$API_URL" \
        --data-urlencode "send=$ENCODED_MSG" \
        --data-urlencode "rec=$RECIPIENT_KEY" \
        --data-urlencode "selfdestruct=1" \
        --data-urlencode "apikey=$API_KEY"
fi

๐Ÿ“Œ Deployment Suggestions

  • Use as a scheduled job (cron) or integrate with log monitoring tools.
  • Alert system administrators of intrusion attempts in real-time.
  • No need to set your own email or notifications system.
React to this post
๐Ÿ‘โค๏ธ๐Ÿซถ๐Ÿ‘๐Ÿ‘Œ๐Ÿคฏ๐Ÿค”๐Ÿ˜‚๐Ÿ˜๐Ÿ˜ญ๐Ÿ˜ข๐Ÿ˜ก๐Ÿ˜ฎ

You'll only receive email when they publish something new.

More from Carlostkd โœ…
All posts