# Alertes de sécurité (Échec login)
FAILED=$(journalctl _SYSTEMD_UNIT=ssh.service --since "24 hours ago" | grep -c "Failed password")
if [ $FAILED -gt 0 ]; then
    echo -e "${GREEN}======================================================================${NONE}"
    echo -e " ${R1}⚡ ATTENTION : ${FAILED} tentatives de connexion SSH échouées ces dernières 24h !${NONE}"
fi

OTHER_USERS=$(who | wc -l)
if [ "$OTHER_USERS" -gt 1 ]; then
    echo -e "${GREEN}======================================================================${NONE}"
    echo -e "   ${R1}⚡ Attention :${NC} Il y a actuellement $(($OTHER_USERS - 1)) autre(s) session(s) active(s).${NC}"
    echo -e "${R1}   ╔════════════════════════════════════════════════╗"
printf "   ║ %-10s %-10s %-8s %-15s ║\n" "USER" "DATE" "HEURE" "IP"
    echo "   ╠════════════════════════════════════════════════╣"

who | awk '{
    user=$1

    # Cas avec IP (dernier champ contient des parenthèses)
    if ($NF ~ /^\(.*\)$/) {
        ip=$NF
        gsub(/[()]/,"",ip)

        time=$(NF-1)
        date=$(NF-2)
    } else {
        ip="console locale"

        time=$NF
        date=$(NF-1)
    }

    printf "   ║ %-10s %-10s %-8s %-15s ║\n", user, date, time, ip
}'

    echo -e "   ╚════════════════════════════════════════════════╝${NC}"
fi