#!/bin/bash
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
source "$SCRIPT_DIR/lib/common-functions.sh"

print_banner "SSH Attack Monitor"
echo ""
echo "Monitoring SSH authentication attempts in real-time..."
echo "Press Ctrl+C to exit"
echo ""

tail -f /var/log/secure | grep --line-buffered -i "failed\|authentication failure" | while read line; do
    timestamp=$(echo "$line" | awk '{print $1, $2, $3}')
    ip=$(echo "$line" | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1)
    printf "[%s] \033[1;31m%-15s\033[0m %s\n" "$timestamp" "$ip" "$(echo $line | cut -c50-)"
done