Introduction
If you've ever operated a VPS, you're likely familiar with the barrage of SSH brute-force attacks that hit your server daily. Typically, these attempts are buried in logs like:
Mar 02 03:14:07 sshd: Failed password for root from 185.220.101.45 port 54321
This constant noise prompted me to create PewPew, a tool designed to transform these log entries into meaningful data through a real-time dashboard built with Go and Vue 3.
Features Overview
Deploying PewPew couldn't be simpler. By running a single binary on your server and accessing it via localhost:9090, you gain access to:
- Live Attack Map: Displays animated lines from the attacker's location to your server, powered by WebSockets.
- Top Attackers: A leaderboard highlighting the most persistent attackers, complete with one-click UFW ban functionality.
- Open Ports: Provides a risk assessment of exposed services.
- Hardening Recommendations: Offers tailored security advice based on your server's current setup.
- System Status: Shows firewall backend status, database size, and server uptime.
Innovative Implementation
Embedding Vue 3 SPA
One of my favorite aspects of PewPew is the incorporation of the Vue 3 Single Page Application directly into the Go binary. This is achieved using:
//go:embed static/dist
var staticFiles embed.FS
This results in a compact, single-file solution—approximately 20MB in size—that requires no additional Node.js, Docker, or configuration files. Simply execute:
./bin/pewpew start
Efficient SSH Log Processing
PewPew stands out by using a streaming reader to handle SSH logs. Unlike typical solutions that load entire log files into memory, PewPew:
- Accesses
auth.logand immediately seeks the end-of-file to only process new entries. - Detects log rotation by monitoring file size and inode changes, ensuring no data is lost.
- Batches events every 500ms before writing to SQLite, reducing unnecessary write operations.
The log parser efficiently extracts key details such as event type, IP address, username, and port using regex. It processes events like "Failed password", "Invalid user", "Accepted publickey", kex errors, and disconnects seamlessly.
WebSocket Broadcasting
PewPew employs a goroutine to tail the logs, with multiple dashboard clients connecting through WebSocket. The broadcaster pattern distributes events via channels, eliminating the need for mutexes to manage client lists.
Technical Stack
- Languages & Tools: Go 1.22, Vue 3 + Vite, SQLite, WebSocket
- Security Integration: UFW
- Architecture: Clean Architecture, ~20MB RAM
- License: MIT
Download and Future Plans
You can explore PewPew on GitHub. Although still in its early stages, I'm actively developing new features like GeoIP integration with MaxMind GeoLite2, authentication enhancements, and automated ban rules.
What additional monitoring capabilities would you like to see in a VPS dashboard? Join the conversation and share your thoughts!