SSH Alert Agent

ssh-alert-agent is a lightweight Linux agent that monitors SSH login sessions in real time and sends instant alerts to multiple notification channels. Designed for servers, VPS, and production environments with a focus on security, reliability, and low overhead.

🌐 Languages: English | Tiếng Việt

Installation

SSH Alert Agent provides pre-built packages for multiple Linux distributions and architectures.

Quick Install

Debian/Ubuntu:

# Download and install .deb package
wget https://github.com/anhtuank7c/ssh-alert-agent/releases/latest/download/ssh-alert-agent_VERSION_amd64.deb
sudo dpkg -i ssh-alert-agent_VERSION_amd64.deb
sudo systemctl enable --now ssh-alert-agent

Fedora/RHEL/CentOS:

# Download and install .rpm package
wget https://github.com/anhtuank7c/ssh-alert-agent/releases/latest/download/ssh-alert-agent-VERSION-1.x86_64.rpm
sudo dnf install ssh-alert-agent-VERSION-1.x86_64.rpm  # or: sudo yum install
sudo systemctl enable --now ssh-alert-agent

Alpine Linux (Static Binary):

# Download and extract static binary tarball
wget https://github.com/anhtuank7c/ssh-alert-agent/releases/latest/download/ssh-alert-agent-alpine-VERSION-x86_64.tar.gz
tar xzf ssh-alert-agent-alpine-VERSION-x86_64.tar.gz
cd ssh-alert-agent-VERSION
sudo ./install.sh

Arch Linux:

# Download and extract tarball
wget https://github.com/anhtuank7c/ssh-alert-agent/releases/latest/download/ssh-alert-agent-arch-VERSION-x86_64.tar.gz
tar xzf ssh-alert-agent-arch-VERSION-x86_64.tar.gz
cd ssh-alert-agent-VERSION
sudo ./install.sh

Supported Platforms

• Architectures: x86_64 (amd64), ARM64 (aarch64)
• Distributions:
  • Debian 11+ / Ubuntu 20.04+
  • Fedora 38+ / RHEL 8+ / CentOS 8+
  • Alpine Linux 3.18+
  • Arch Linux (current)

Full Installation Guide

For detailed installation instructions, platform-specific notes, and troubleshooting, see INSTALL.md.

How It Works - Sequence Diagram

sequenceDiagram
    participant Agent as SSH Alert Agent
    participant Config as Config File
    participant LogFile as /var/log/auth.log
    participant Parser as Log Parser
    participant Telegram as Telegram API
    participant Slack as Slack Webhook
    participant Webhook as Custom Webhook

    Note over Agent: Startup Phase
    Agent->>Config: Load configuration
    Config-->>Agent: Return settings (channels, retry config, polling interval)
    Agent->>LogFile: Open log file
    LogFile-->>Agent: File descriptor
    Agent->>LogFile: Seek to end (skip past events)

    Note over Agent,Webhook: Continuous Monitoring Loop
    loop Every polling_interval
        Agent->>LogFile: Read new log entries
        LogFile-->>Parser: Raw log lines
        Parser->>Parser: Parse SSH login events
        Parser-->>Agent: Array of SSH events

        alt SSH Events Detected
            Note over Agent,Webhook: Parallel Alert Processing
            par Send to Telegram
                Agent->>Telegram: POST /sendMessage
                alt Success
                    Telegram-->>Agent: HTTP 200 OK
                else Failure
                    Telegram-->>Agent: Error (timeout/4xx/5xx)
                    loop Retry (up to retry_count)
                        Agent->>Agent: Wait retry_delay_seconds
                        Agent->>Telegram: POST /sendMessage (retry)
                        alt Success
                            Telegram-->>Agent: HTTP 200 OK
                        else Still Failing
                            Telegram-->>Agent: Error
                        end
                    end
                end
            and Send to Slack
                Agent->>Slack: POST webhook URL
                alt Success
                    Slack-->>Agent: HTTP 200 OK
                else Failure
                    Slack-->>Agent: Error
                    loop Retry (independent)
                        Agent->>Agent: Wait retry_delay_seconds
                        Agent->>Slack: POST webhook URL (retry)
                    end
                end
            and Send to Webhook
                Agent->>Webhook: POST/GET with Bearer token
                alt Success
                    Webhook-->>Agent: HTTP 200 OK
                else Failure
                    Webhook-->>Agent: Error
                    loop Retry (independent)
                        Agent->>Agent: Wait retry_delay_seconds
                        Agent->>Webhook: POST/GET (retry)
                    end
                end
            end
            Note over Agent,Webhook: All channels process independently<br/>Total time = slowest channel
        end

        Agent->>LogFile: Check file inode
        alt Log Rotation Detected
            Agent->>LogFile: Close old file
            Agent->>LogFile: Open new file
            LogFile-->>Agent: New file descriptor
        end

        Agent->>Agent: Sleep for log_pulling_interval
    end

Loading

Key Points:

• Single-threaded loop: One iteration at a time, no overlapping polls
• Parallel alert sending: All notification channels receive alerts simultaneously using pthreads
• Independent retries: Each channel retries on its own without blocking others
• Log rotation handling: Automatically detects and reopens rotated log files
• Self-pacing: If alert sending takes longer than polling interval, next poll waits until current batch completes

Overview

SSH Alert Agent provides real-time monitoring of SSH authentication attempts and successful logins on your Linux servers. When an SSH event is detected, the agent immediately sends notifications to your configured channels, helping you maintain awareness of who is accessing your systems.

Features

Multi-Channel Notifications

• Telegram: Send alerts to Telegram channels or groups via Bot API
• Slack: Integrate with Slack via incoming webhooks
• Generic Webhook: Send alerts to any custom webhook endpoint with Bearer token authentication
• Parallel Processing: All notifications are sent simultaneously in separate threads for maximum speed

Flexible Configuration

• Configure one, two, or all three notification channels simultaneously
• Alerts are sent to all configured channels in parallel for faster delivery
• Optional Bearer token authentication for webhook security
• Support for both GET and POST HTTP methods

Reliability Features

• Automatic Retry: Configurable retry attempts for failed notifications (per channel)
• Independent Retry Logic: Each channel retries independently without blocking others
• Retry Delay: Customizable delay between retry attempts
• Timeout Handling: 10-second timeout for all HTTP requests
• Error Logging: Detailed error messages for troubleshooting

Lightweight & Efficient

• Written in C for minimal resource usage
• Minimal runtime dependencies (only libcurl and pthread)
• Unity test framework included as vendored dependency
• Fast compilation and execution
• Low memory footprint

How It Works

1. The agent monitors the system's authentication log (typically /var/log/auth.log)
2. When an SSH login event is detected, it extracts relevant information
3. The alert is formatted and sent to all configured notification channels in parallel
4. Each channel operates independently with its own retry mechanism
5. If a channel fails, it automatically retries without blocking other channels
6. Success/failure status is logged for monitoring

Why Parallel Processing?

Traditional sequential alert sending can be slow, especially when:

• Multiple channels are configured
• One channel has network latency or requires retries
• You need the fastest possible notification delivery

With parallel processing:

• All channels receive alerts simultaneously
• Total time = slowest channel (not sum of all channels)
• One slow/failing channel doesn't delay others
• Maximum reliability with minimum latency

Development

This section guides developers who want to build, test, and contribute to the project.

Development Prerequisites

Target Platform

• Linux operating system (required for runtime and recommended for development)
• macOS or Windows (supported for development/cross-compilation)
• SSH authentication log file (typically /var/log/auth.log) for testing on Linux

Required Libraries

Build Dependencies (Required):

• GCC compiler (or compatible C compiler)
• Make build tool
• libcurl development library (for HTTP requests)
• pthread library (usually included with GCC on Linux/macOS)

Testing Dependencies (Included):

• Unity test framework (vendored in vendor/unity/, no installation required)

Setting Up Your Development Environment

Linux

Debian/Ubuntu:

sudo apt-get update
sudo apt-get install gcc make libcurl4-openssl-dev

RHEL/CentOS/Fedora:

sudo yum install gcc make libcurl-devel

Arch Linux:

sudo pacman -S gcc make curl

macOS

Using Homebrew:

brew install gcc make curl

Notes for macOS:

• Xcode Command Line Tools includes gcc and make
• Install with: xcode-select --install
• libcurl is pre-installed on macOS

Windows (Development/Cross-compilation)

Option 1: WSL (Windows Subsystem for Linux) - Recommended

# Enable WSL and install Ubuntu, then follow Ubuntu instructions above
wsl --install

Option 2: MinGW-w64

# Install via Chocolatey
choco install mingw

# Install libcurl
# Download from https://curl.se/windows/
# Extract and add to system PATH

Option 3: Cygwin

• Download installer from https://cygwin.com/
• During installation, select packages:
  • gcc-core
  • make
  • libcurl-devel

Note: While you can build on Windows using the above methods, the agent is designed to run on Linux as it monitors SSH authentication logs which are Linux-specific. Unity test framework is included as a vendored dependency and requires no separate installation.

Cloning the Repository

# Clone the repository
git clone https://github.com/anhtuank7c/ssh-alert-agent.git
cd ssh-alert-agent

Building the Project

# Standard build
make

# Debug build with debug symbols and DEBUG=1 flag
make debug

# Optimized release build with DEBUG=0 flag
make release

Versioning

The project automatically extracts version information from git tags during build and displays it on startup:

# Create a version tag (format: vX.Y.Z)
git tag v1.0.0

# Build the project
make

# The version is displayed when you run the agent
./ssh-alert-agent

Version output format:

Version v1.0.0
Reading config ssh-alert-agent.conf

Version extraction rules:

• With git tag: Uses the tag (e.g., v1.0.0)
• Without tag: Uses commit hash (e.g., a1b2c3d)
• Uncommitted changes: Adds -dirty suffix (e.g., v1.0.0-dirty)
• No git repository: Shows unknown

Config file location by build type:

• Debug build (make debug): Uses /etc/ssh-alert-agent/ssh-alert-agent.conf
• Release build (make release or make): Uses local ssh-alert-agent.conf

Running Tests

# Run all unit tests (Unity framework is included)
make test

Other Build Commands

# Clean build files
make clean

# Rebuild from scratch
make rebuild

# Install to system (for deployment)
sudo make install

Configuration

The configuration file is located at ssh-alert-agent.conf. Copy the example configuration and customize it:

cp ssh-alert-agent.conf /etc/ssh-alert-agent/ssh-alert-agent.conf

General Settings

[general]
# Infrastructure provider name
provider=DigitalOcean

# Server description
description=Production Server

# Path to auth log file
log_path=/var/log/auth.log

# Log file polling interval in microseconds (μs)
# Controls how frequently the agent checks the auth log for new events
# Lower values = more responsive but higher CPU usage
# Higher values = less CPU usage but slower detection
# Recommended: 100000-500000 (100ms-500ms)
# Example: 500000μs = 500ms = 0.5s (default: 500000)
log_pulling_interval=500000

# Number of retry attempts for failed notifications (default: 3)
retry_count=3

# Delay in seconds between retry attempts (default: 2)
retry_delay_seconds=2

Telegram Configuration

To use Telegram notifications:

1. Create a bot via @BotFather
2. Get your chat ID from @userinfobot
3. Configure the settings:

[telegram]
# Telegram bot token from @BotFather
bot_token=YOUR_BOT_TOKEN_HERE

# Telegram channel/chat ID
channel_id=YOUR_CHANNEL_ID_HERE

Slack Configuration

To use Slack notifications:

1. Create an Incoming Webhook
2. Configure the settings:

[slack]
# Slack incoming webhook URL
webhook_url=https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK_URL_HERE

# Optional: Override default channel
channel=#ssh-alerts

Webhook Configuration

For custom webhook endpoints:

[webhook]
# Webhook URL
url=https://your-api.com/alerts

# HTTP method (POST or GET)
method=POST

# Optional: Bearer token for authentication
bearer_token=YOUR_SECRET_TOKEN_HERE

Webhook Payload:

• POST: Sends JSON {"message": "alert text"}
• GET: Sends URL parameter ?message=alert%20text

Authentication: When bearer_token is configured, requests include:

Authorization: Bearer your-secret-token-here

Usage

Running the Agent

# Run the agent (version is displayed on startup)
./ssh-alert-agent

# Run as a service (see systemd section below)
sudo systemctl start ssh-alert-agent

Setting up as a System Service

Create a systemd service file /etc/systemd/system/ssh-alert-agent.service:

[Unit]
Description=SSH Alert Agent
After=network.target

[Service]
Type=simple
User=root
ExecStart=/usr/local/bin/ssh-alert-agent
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target

Enable and start the service:

sudo systemctl daemon-reload
sudo systemctl enable ssh-alert-agent
sudo systemctl start ssh-alert-agent
sudo systemctl status ssh-alert-agent

Example Notifications

Successful SSH Login:

🔐 SSH Login Detected

Server: Production Server (DigitalOcean)
User: admin
IP: 192.168.1.100
Time: 2025-12-20 14:30:45 UTC

Retry Mechanism

The agent includes built-in retry logic for handling temporary failures. Each channel retries independently and in parallel:

retry_count=5           # Try up to 5 times per channel
retry_delay_seconds=3   # Wait 3 seconds between attempts

Example Output (Parallel Processing):

=== Sending alerts in parallel ===
[Telegram] Sending alert to channel -xxxxxxxxxxxx
[Slack] Sending alert to webhook
[Webhook] Sending POST request to https://your-api.com/alerts
[Slack] Alert sent successfully
[Webhook] Alert sent successfully (HTTP 200)
[Telegram] Request failed: Timeout was reached
[Telegram] Retry attempt 2/5 (waiting 3 seconds)...
[Telegram] Request failed: Timeout was reached
[Telegram] Retry attempt 3/5 (waiting 3 seconds)...
[Telegram] Alert sent successfully
=== Alerts sent to 3/3 service(s) ===

Notice how Slack and Webhook complete successfully while Telegram continues retrying - they don't wait for each other!

Security Notes

SSH Security Best Practices

This agent monitors SSH login attempts. To maximize security, follow these SSH configuration recommendations:

Option 1: Using a Separate User Account (Recommended)

This is the most secure approach - disable direct root login and use a separate user with sudo privileges:

1. Configure SSH to deny root login:

Edit /etc/ssh/sshd_config:

PermitRootLogin no
PasswordAuthentication no  # Force key-based authentication
PubkeyAuthentication yes

2. Create a dedicated admin user:

# Create user
sudo adduser admin

# Add to sudo group
sudo usermod -aG sudo admin  # Debian/Ubuntu
# OR
sudo usermod -aG wheel admin  # RHEL/CentOS/Fedora

# Set up SSH key authentication
sudo mkdir -p /home/admin/.ssh
sudo chmod 700 /home/admin/.ssh
sudo nano /home/admin/.ssh/authorized_keys  # Add your public key
sudo chmod 600 /home/admin/.ssh/authorized_keys
sudo chown -R admin:admin /home/admin/.ssh

3. Login workflow:

# Connect as regular user
ssh admin@your-server

# Switch to root when needed
sudo su -
# OR use sudo for specific commands
sudo systemctl restart nginx

Benefits:

• ✅ Prevents brute-force attacks on root account
• ✅ Provides audit trail (you know which user performed actions)
• ✅ Reduces attack surface
• ✅ Forces key-based authentication
• ✅ Alert shows actual user who logged in

Alerts you'll receive:

🔐 SSH Login Detected

Server: Production Server (DigitalOcean)
User: admin  ← Shows the actual user
IP: 192.168.1.100
Auth method: publickey
Time: 2025-12-20 14:30:45 UTC

Option 2: Allowing Root Login (Not Recommended)

If you must allow root login, implement these security measures:

1. Configure SSH with strict security:

Edit /etc/ssh/sshd_config:

PermitRootLogin prohibit-password  # Allow root but ONLY with SSH keys
PasswordAuthentication no           # Disable password authentication
PubkeyAuthentication yes
PermitEmptyPasswords no
MaxAuthTries 3                      # Limit login attempts
ClientAliveInterval 300             # Disconnect idle sessions after 5 min
ClientAliveCountMax 2
AllowUsers root@specific.ip.here    # Restrict by IP if possible

2. Use SSH key authentication:

# Generate SSH key pair (on your local machine)
ssh-keygen -t ed25519 -C "your_email@example.com"
# OR for compatibility
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

# Copy public key to server
ssh-copy-id root@your-server
# OR manually
cat ~/.ssh/id_ed25519.pub | ssh root@your-server "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

# Set correct permissions on server
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

3. Additional hardening:

# Install and configure fail2ban
sudo apt-get install fail2ban  # Debian/Ubuntu
sudo yum install fail2ban      # RHEL/CentOS

# Configure fail2ban for SSH
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

# Change default SSH port (optional but recommended)
# Edit /etc/ssh/sshd_config
Port 2222  # Use non-standard port

# Restart SSH service
sudo systemctl restart sshd

Risks:

• ⚠️ Root account is a known target for attackers
• ⚠️ No audit trail of which admin performed actions
• ⚠️ Single point of failure
• ⚠️ Higher risk if keys are compromised

Alerts you'll receive:

🔐 SSH Login Detected

Server: Production Server (DigitalOcean)
User: root  ← Direct root access
IP: 192.168.1.100
Time: 2025-12-20 14:30:45 UTC

Additional Security Recommendations

1. Two-Factor Authentication (2FA):

   # Install Google Authenticator
   sudo apt-get install libpam-google-authenticator
   
   # Configure 2FA for your user
   google-authenticator
   
   # Edit /etc/pam.d/sshd, add:
   # auth required pam_google_authenticator.so
   
   # Edit /etc/ssh/sshd_config, add:
   # ChallengeResponseAuthentication yes

2. IP Whitelisting:

   # Using firewall (UFW)
   sudo ufw allow from YOUR.IP.ADDRESS to any port 22
   sudo ufw deny 22
   
   # OR using iptables
   sudo iptables -A INPUT -p tcp -s YOUR.IP.ADDRESS --dport 22 -j ACCEPT
   sudo iptables -A INPUT -p tcp --dport 22 -j DROP

3. Monitor Failed Login Attempts:

   # View recent failed attempts
   sudo grep "Failed password" /var/log/auth.log
   
   # View recent successful logins
   sudo grep "Accepted" /var/log/auth.log

4. Keep System Updated:

   # Regular updates
   sudo apt-get update && sudo apt-get upgrade -y  # Debian/Ubuntu
   sudo yum update -y                               # RHEL/CentOS

Application Security

File Permissions

Protect your configuration file as it contains sensitive tokens:

sudo chmod 600 /etc/ssh-alert-agent/ssh-alert-agent.conf
sudo chown root:root /etc/ssh-alert-agent/ssh-alert-agent.conf

Best Practices

1. Use Environment Variables: For production, consider storing tokens in environment variables
2. Rotate Tokens: Regularly rotate your API tokens and webhook URLs
3. Monitor Logs: Regularly check agent logs for suspicious activity
4. Least Privilege: Run the agent with minimum required permissions
5. HTTPS Only: Ensure all webhook URLs use HTTPS
6. Firewall Rules: Restrict outbound connections to necessary endpoints only

Log Access

The agent needs read access to authentication logs. On most systems:

# Grant read access to auth.log
sudo usermod -a -G adm ssh-alert-agent-user

Or run as root (recommended for production environments).

Troubleshooting

Common Issues

Error: "Failed to load config file"

• Check file path and permissions
• Verify config file syntax

Error: "At least one notification service must be configured"

• Configure at least one of: Telegram, Slack, or Webhook
• Ensure all required fields are filled for chosen service

Telegram: "API returned error code: 404"

• Verify bot token is correct
• Check that bot is added to the channel
• Confirm channel ID is correct (negative for groups)

Webhook: "Request failed: Timeout was reached"

• Check webhook URL is accessible
• Verify firewall allows outbound HTTPS
• Increase timeout if needed

Webhook: "Server returned error code: 401"

• Verify Bearer token is correct
• Check token hasn't expired
• Ensure Authorization header is required by endpoint

Debug Mode

Build with debug symbols for troubleshooting:

make debug
./ssh-alert-agent

Performance

Resource usage (typical):

• CPU: < 0.1% (minimal overhead from threading)
• Memory: ~2-5 MB
• Disk I/O: Minimal (log reading only)
• Network: Minimal (only when sending alerts)

Alert Delivery Speed:

With parallel processing, alert delivery time is dramatically improved:

• Sequential (old approach):

  • 3 channels × 2 seconds each = 6 seconds minimum
  • If one channel needs retries: up to 15-30 seconds

• Parallel (current approach):

  • All 3 channels simultaneously = ~2 seconds (time of slowest channel)
  • Independent retries don't block other channels
  • 3x faster in typical scenarios, even more when retries are needed

Project Structure

ssh-alert-agent/
├── main.c                          # Main entry point
├── main.h                          # Main header
├── Makefile                        # Build configuration
├── ssh-alert-agent.conf            # Configuration file
├── ssh-alert-agent.conf.example    # Example configuration
├── .github/                        # GitHub configuration
│   ├── release.yml                # Release changelog configuration
│   └── workflows/                 # GitHub Actions workflows
├── utils/                          # Utility modules
│   ├── config_util.c              # Configuration parser
│   ├── config_util.h
│   ├── communication_util.c       # Notification handlers
│   ├── communication_util.h
│   ├── host_util.c                # Host information utilities
│   ├── host_util.h
│   ├── log_parser_util.c          # Auth log parser
│   └── log_parser_util.h
├── test/                           # Unit tests
│   ├── config_util_test.c         # Config utility tests
│   ├── communication_util_test.c  # Communication utility tests
│   ├── host_util_test.c           # Host utility tests
│   └── log_parser_util_test.c     # Log parser tests
├── vendor/                         # Third-party dependencies
│   └── unity/                     # Unity test framework (vendored)
├── README.md                       # English documentation
└── README.vi.md                   # Vietnamese documentation

Test Coverage

The test suite includes comprehensive test files built with Unity Test Framework:

Config Util Tests (21 tests):

• File loading and parsing tests
• Required field validation (log_path, provider, description)
• Service configuration tests (Telegram, Slack, Webhook)
• Default value tests (retry settings, webhook method, log_pulling_interval)
• Parsing tests (comments, whitespace, empty lines)
• Multi-service configuration tests

Communication Util Tests (14 tests):

• Configuration validation tests (Telegram, Slack, Webhook)
• Alert sending behavior tests
• Null/empty message handling tests
• Service configuration validation
• Parallel alert sending tests

Host Util Tests:

• Hostname retrieval tests
• IPv4 and IPv6 address list retrieval tests
• Memory management and cleanup tests

Log Parser Util Tests:

• SSH login event detection and parsing
• Username, IP address, and authentication method extraction
• Multiple log entry parsing
• Edge case handling (malformed logs, empty files)

Test Output:

utils/config_util_test.c:552:test_load_config_fails_when_file_not_found:PASS
utils/config_util_test.c:553:test_load_config_succeeds_with_valid_config:PASS
utils/config_util_test.c:556:test_load_config_fails_when_log_path_missing:PASS
utils/config_util_test.c:557:test_load_config_fails_when_provider_missing:PASS
utils/config_util_test.c:558:test_load_config_fails_when_description_missing:PASS
utils/config_util_test.c:561:test_load_config_fails_when_no_services_configured:PASS
utils/config_util_test.c:562:test_load_config_succeeds_with_telegram_only:PASS
utils/config_util_test.c:563:test_load_config_succeeds_with_slack_only:PASS
utils/config_util_test.c:564:test_load_config_succeeds_with_webhook_only:PASS
utils/config_util_test.c:565:test_load_config_fails_when_telegram_incomplete:PASS
utils/config_util_test.c:568:test_load_config_sets_default_retry_count:PASS
utils/config_util_test.c:569:test_load_config_uses_custom_retry_settings:PASS
utils/config_util_test.c:570:test_load_config_sets_default_webhook_method:PASS
utils/config_util_test.c:571:test_load_config_uses_custom_webhook_method:PASS
utils/config_util_test.c:574:test_load_config_handles_comments:PASS
utils/config_util_test.c:575:test_load_config_handles_empty_lines:PASS
utils/config_util_test.c:576:test_load_config_handles_whitespace:PASS
utils/config_util_test.c:577:test_load_config_parses_all_telegram_fields:PASS
utils/config_util_test.c:578:test_load_config_parses_all_slack_fields:PASS
utils/config_util_test.c:579:test_load_config_parses_all_webhook_fields:PASS
utils/config_util_test.c:580:test_load_config_parses_multiple_services:PASS

-----------------------
21 Tests 0 Failures 0 Ignored
OK

utils/communication_util_test.c:200:test_telegram_not_configured_when_empty:PASS
utils/communication_util_test.c:201:test_telegram_not_configured_when_only_token:PASS
utils/communication_util_test.c:202:test_telegram_not_configured_when_only_channel:PASS
utils/communication_util_test.c:203:test_telegram_configured_when_both_set:PASS
utils/communication_util_test.c:204:test_slack_not_configured_when_empty:PASS
utils/communication_util_test.c:205:test_slack_configured_when_webhook_url_set:PASS
utils/communication_util_test.c:206:test_webhook_not_configured_when_empty:PASS
utils/communication_util_test.c:207:test_webhook_configured_when_url_set:PASS
utils/communication_util_test.c:210:test_send_telegram_alert_returns_0_when_not_configured:PASS
utils/communication_util_test.c:211:test_send_slack_alert_returns_0_when_not_configured:PASS
utils/communication_util_test.c:212:test_send_webhook_alert_returns_0_when_not_configured:PASS
utils/communication_util_test.c:213:test_send_alert_returns_0_when_message_is_null:PASS
utils/communication_util_test.c:214:test_send_alert_returns_0_when_message_is_empty:PASS
utils/communication_util_test.c:215:test_send_alert_returns_0_when_no_services_configured:PASS

-----------------------
14 Tests 0 Failures 0 Ignored
OK

Overall: 35+ tests across all utilities, 0 failures, 100% pass rate

Unity Test Framework: https://github.com/ThrowTheSwitch/Unity

Integration Testing:

The communication_util test file includes commented-out integration tests that make real network calls. To enable them:

1. Edit test/communication_util_test.c
2. Uncomment the integration test functions
3. Add your actual API credentials
4. Run make test

Note:

• All test files create temporary test files in /tmp/ and clean them up automatically
• Communication_util unit tests run without network calls by default
• All tests are fast and don't require API credentials for the default test suite
• Run make test to execute all test suites

Contributing

Contributions are welcome! Please:

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Test thoroughly
5. Submit a pull request

Acknowledgments

This project was developed with the assistance of Claude Code, Anthropic's AI-powered development tool. While AI accelerated the development process and helped with implementation details, all architectural decisions, design choices, and project direction were made and controlled by the maintainer.

AI tools like Claude Code can significantly speed up development, but they work best as assistants under human guidance and oversight.

License

MIT License - see LICENSE file for details

Support

• Issues: GitHub Issues
• Discussions: GitHub Discussions

Changelog

Version 0.0.1 (Current)

• Initial release
• Multi-channel notification support (Telegram, Slack, Webhook)
• Parallel alert processing using pthreads for maximum speed
• Independent retry mechanism for each channel
• Configurable retry attempts and delays
• Bearer token authentication for webhooks
• Support for GET and POST HTTP methods
• Thread-safe alert delivery with automatic synchronization

---

Made with ❤️ for server security