Updates to the x86_64 image creation.

2025-12-17 16:09:22 -05:00
parent 3f2dc0b492
commit f4e91f7ee2
9 changed files with 524 additions and 3 deletions
--- a/x86_64/airootfs/usr/share/fenrirscreenreader/scripts/ssh-login-monitor.sh
+++ b/x86_64/airootfs/usr/share/fenrirscreenreader/scripts/ssh-login-monitor.sh
@@ -0,0 +1,185 @@
+#!/usr/bin/env bash
+
+# SSH Login Monitor for Fenrir Screen Reader
+# Monitors SSH logins and announces them via Fenrir's speech system
+
+# Configuration
+fenrirSocket="/tmp/fenrirscreenreader-deamon.sock"
+logFile="/var/log/auth.log"
+stateFile="/tmp/fenrir-ssh-monitor.state"
+checkInterval=2  # seconds between checks
+
+# Voice settings
+announceUser=true
+announceIp=true
+announceHostname=true
+announceLogout=false  # Announce SSH disconnections (disabled by default - may not work reliably on all systems)
+
+# Function to send message to Fenrir
+fenrirSay() {
+    local message="$1"
+    # Only announce if Fenrir socket exists (silently skip if not)
+    if [[ -S "$fenrirSocket" ]]; then
+        echo "command say ${message}" | socat - UNIX-CLIENT:"${fenrirSocket}" 2>/dev/null
+    fi
+}
+
+# Function to get last processed line number
+getLastLine() {
+    if [[ -f "$stateFile" ]]; then
+        cat "$stateFile"
+    else
+        echo "0"
+    fi
+}
+
+# Function to save last processed line number
+saveLastLine() {
+    echo "$1" > "$stateFile"
+}
+
+# Function to parse SSH login and announce
+processLogin() {
+    local logLine="$1"
+    local user=""
+    local ip=""
+    local hostname=""
+
+    # Parse different SSH login patterns
+    # Pattern 1: "Accepted publickey for USER from IP"
+    # Pattern 2: "Accepted password for USER from IP"
+    if [[ "$logLine" =~ Accepted\ (publickey|password|keyboard-interactive/pam)\ for\ ([^[:space:]]+)\ from\ ([^[:space:]]+) ]]; then
+        user="${BASH_REMATCH[2]}"
+        ip="${BASH_REMATCH[3]}"
+
+        # Try to resolve hostname
+        if command -v host &> /dev/null && [[ "$announceHostname" == "true" ]]; then
+            hostname="$(host "$ip" 2>/dev/null | grep -oP 'domain name pointer \K[^.]+' | head -1)"
+        fi
+
+        # Build announcement message (concise format)
+        local message=""
+
+        if [[ "$announceUser" == "true" ]]; then
+            message+="${user} "
+        fi
+
+        message+="S S H login"
+
+        if [[ "$announceIp" == "true" ]]; then
+            message+=" from ${ip}"
+        fi
+
+        if [[ -n "$hostname" ]] && [[ "$announceHostname" == "true" ]]; then
+            message+=" ${hostname}"
+        fi
+
+        fenrirSay "$message"
+        return 0
+    fi
+
+    return 1
+}
+
+# Function to parse SSH logout and announce
+processLogout() {
+    local logLine="$1"
+    local user=""
+
+    # Parse SSH disconnect patterns
+    # Pattern: "pam_unix(sshd:session): session closed for user USER"
+    if [[ "$logLine" =~ session\ closed\ for\ user\ ([^[:space:]]+) ]]; then
+        user="${BASH_REMATCH[1]}"
+
+        if [[ "$announceLogout" == "true" ]]; then
+            local message=""
+
+            if [[ "$announceUser" == "true" ]]; then
+                message+="${user} "
+            fi
+
+            message+="disconnected from S S H"
+
+            fenrirSay "$message"
+        fi
+        return 0
+    fi
+
+    return 1
+}
+
+# Function to monitor auth.log
+monitorAuthLog() {
+    local lastLine
+    lastLine=$(getLastLine)
+
+    # Get total lines in log
+    local totalLines
+    totalLines=$(wc -l < "$logFile" 2>/dev/null || echo "0")
+
+    # If log was rotated, reset
+    if [[ $totalLines -lt $lastLine ]]; then
+        lastLine=0
+    fi
+
+    # Process new lines
+    if [[ $totalLines -gt $lastLine ]]; then
+        local newLines=$((totalLines - lastLine))
+
+        # Read only new lines
+        tail -n "$newLines" "$logFile" 2>/dev/null | while IFS= read -r line; do
+            if [[ "$line" =~ sshd.*Accepted ]]; then
+                processLogin "$line"
+            elif [[ "$line" =~ sshd.*session\ closed ]]; then
+                processLogout "$line"
+            fi
+        done
+
+        saveLastLine "$totalLines"
+    fi
+}
+
+# Function to monitor journalctl (alternative for systemd systems)
+monitorJournalctl() {
+    # Follow journalctl for SSH logins and logouts
+    journalctl -u sshd -u ssh -f -n 0 --no-pager 2>/dev/null | while IFS= read -r line; do
+        if [[ "$line" =~ Accepted ]]; then
+            processLogin "$line"
+        elif [[ "$line" =~ session\ closed ]]; then
+            processLogout "$line"
+        fi
+    done
+}
+
+# Check if running as root
+if [[ "$(id -u)" -ne 0 ]]; then
+    echo "Error: This script must be run with sudo privileges to access system logs."
+    exit 1
+fi
+
+# Note: We don't require Fenrir to be running at startup
+# The script will silently skip announcements when Fenrir socket doesn't exist
+
+# Determine monitoring method
+if command -v journalctl &> /dev/null && systemctl is-active --quiet sshd 2>/dev/null; then
+    echo "Starting SSH login monitor (using journalctl)..."
+    fenrirSay "SSH login monitor started."
+
+    # Use journalctl for real-time monitoring
+    trap 'fenrirSay "SSH login monitor stopped."; exit 0' INT TERM
+    monitorJournalctl
+elif [[ -f "$logFile" ]]; then
+    echo "Starting SSH login monitor (using auth.log)..."
+    fenrirSay "SSH login monitor started."
+
+    # Use auth.log polling
+    trap 'fenrirSay "SSH login monitor stopped."; rm -f "$stateFile"; exit 0' INT TERM
+
+    while true; do
+        monitorAuthLog
+        sleep "$checkInterval"
+    done
+else
+    echo "Error: Cannot find SSH logs. Neither journalctl nor ${logFile} is available."
+    exit 1
+fi