Real-Time OS Security Event Logger 🚨🔒

Welcome to the Real-Time OS Security Event Logger! 🎉 This is a cool little project built with Python 🐍 to keep an eye on your Linux system’s security. It watches for sneaky stuff like failed login attempts, analyzes them, and shows you what’s up in a neat window—all in real time! Perfect for beginners like me (and you!) to dip our toes into coding, Linux, and security. Let’s dive in! 🌊

What’s This All About? 🤔

Imagine you’re a security guard for your computer! 🛡️ This tool:

1. Monitors: Spies on /var/log/auth.log (Linux’s security diary) for failed logins.
2. Analyzes: Counts how many times someone messes up and flags anything fishy (like >3 tries—uh-oh!).
3. Visualizes: Pops up a window to show logs and screams “ALERT!” if trouble’s brewing.

It’s simple, hands-on, and a great way to learn Python and Linux basics. Built with love and a little help from Grok (xAI). 💡

What You’ll Need 🛠️

Before we get started, here’s the gear you need:

• Operating System: Linux (I tested on Ubuntu 22.04—works like a charm! 🌟)
• Python: Version 3.8 or higher (it’s the magic behind the scenes 🎩)
• Libraries: pandas (for number-crunching) and tkinter (for the pretty window)
• Superpowers: Root access with sudo (to peek at secret logs 🔐)
• Optional Fun: SSH server (openssh-server) to fake some login fails for testing

Setting It Up: Step-by-Step 🏃‍♂️

Don’t worry—I’ve got your back! Let’s set this up together. Open your terminal (Ctrl+Alt+T) and follow along:

1. Install the Goodies 🎁:

   sudo apt update
   sudo apt install python3 python3-pip python3-tk openssh-server -y  # System tools
   cd security-logger                                          # Go to your project folder
   python3 -m venv myenv                                       # Create a virtual environment
   source myenv/bin/activate                                   # Activate it (your prompt changes!)
   pip install pandas                                          # Install pandas in the venv
   sudo systemctl start ssh                                    # Start SSH for testing

   • Pro Tip: When you’re done, type deactivate to exit the virtual environment. Easy peasy! 😎

2. Get the Code 📥:

   • With Git (if you’re feeling fancy):

     git clone https://github.com/anandku06/security-logger.git
     cd security-logger

   • Manually: Download the zip, unzip it, and cd into the folder.

3. What’s Inside the Box? 📦:

   security-logger/
   ├── logger.py          # The watcher 👀—grabs security events
   ├── analyzer.py        # The thinker 🧠—checks for trouble
   ├── interface.py       # The show-off 🎬—displays everything
   ├── security_logs.txt  # Where events hide (created when you run it)
   ├── myenv/             # Your virtual environment (ignored by Git!)
   ├── .gitignore         # Keeps the junk out of Git
   ├── README.md          # This guide you’re reading! 📖
   

How to Use It 🚀

Ready to catch some bad guys? Here’s how to play:

1. Start the Watcher 👀:

   source myenv/bin/activate  # Activate the venv first
   sudo python3 logger.py

   • What’s Happening?: It spies on /var/log/auth.log for “Failed password” lines and saves them to security_logs.txt.
   • Stop It: Hit Ctrl+C when you’re done.
   • Why sudo?: That log file is top-secret—only admins can peek!

2. Watch Live 📺:

   source myenv/bin/activate  # Activate the venv
   python3 interface.py

   • What’s Happening?: A window pops up showing logs, refreshing every 2 seconds. If >3 fails happen, a big red “ALERT” yells at you! 🚨
   • Cool Factor: Run this while logger.py is on to see action live!

3. Dig Into the Details 🕵️:

   source myenv/bin/activate  # Activate the venv
   python3 analyzer.py

   • What’s Happening?: Reads the logs, counts fails per user, and warns if someone’s up to no good (>3 attempts = trouble!).

4. Make Some Noise 🎤:

   • Open another terminal and try this:

     ssh wronguser@localhost

   • Type a wrong password a few times. Watch logger.py catch it and interface.py light up!

What You’ll See: Examples 🌈

Here’s a sneak peek at what happens:

• logger.py Output:

  Monitoring started... Press Ctrl+C to stop.
  2025-03-22 14:30:45 - Suspicious: Mar 22 14:30:45 ubuntu sshd[1234]: Failed password for wronguser from 127.0.0.1 port 22 ssh2
  

• analyzer.py Output:

  Total failed attempts: 4
  Attempts by user:
  wronguser: 4
  ALERT: Possible attack on wronguser!
  

• interface.py Output:

  • A window with logs scrolling and a red “ALERT: Too many failed attempts!” when things get spicy (after 4 fails).

Troubleshooting: Don’t Panic! 😅

• “Permission denied” on logger.py?
  • Fix: Use sudo—it’s a security thing! 🔑
• No events showing up?
  • Fix: Ensure SSH is on (sudo systemctl start ssh) and try more ssh wronguser@localhost attempts.
• GUI not opening?
  • Fix: Reinstall tkinter: sudo apt install python3-tk -y.
• Still stuck?
  • Drop a note in the Issues tab (if on GitHub) or ask your friendly neighborhood coder! 🤝

Cool Ideas for Later ✨

This is just the start! Here’s what we could add:

• More Events: Watch for file changes or weird processes. 📁
• Better Storage: Swap the text file for a database. 🗄️
• Fancier GUI: Add charts or buttons to make it pop! 📊

Why This Rocks 🎸

• Beginner-Friendly: Python’s easy, and this project teaches you real stuff without overwhelming you.
• Real-World Use: Spotting failed logins is legit security work!
• Fun to Show Off: The GUI and alerts make it demo-ready for presentations. 🎤

Credits 🙌

• Inspired by a love for learning and a bit of curiosity about keeping systems safe. 💻

Happy coding, and enjoy catching those sneaky login fails! 🎉🔍