Here are all the files necessary to setup a beacon to monitor bad logins on Linu

1. Here are all the files necessary to setup a beacon to monitor bad logins on Linux machines
2.  
3.  
4. BEACON SETUP
5.  
6. 1. Copy "badlogins.sls" to /srv/pillar
7.  
8. 2. Update your pillar top file to include the information from "top.sls"
9.  
10. -- You might need to restart the salt-minion agent for the beacon to start immediatly otherwise it could take a few hours.
11. -- At this point your minions should generate events when a bad login happens
12. ---> Example event: "event example"
13.  
14. REACTOR SETUP
15.  
16. 1. Copy "logins.sls" to /srv/reactors
17.  
18. 2. Copy "reactors.conf" to /etc/salt/master.d
19.  
20. 3. Restart the master service salt-master restart
21.  
22. -- At this point (if you have slack configured) when a badlogin happens a message will be sent to the "security" slack channel.