I have a working python program that sets IP/gateway/broadcast addresses for different devices using pySerial.
The basic idea would be that the user enters the addresses themselves and the program does the rest
IP = 'x.x.x.x'
broadcast = 'x.x.x.x'
gateway = 'x.x.x.x'
My initial thought was just to have the user open up the python program and change the addresses to whatever they want and then run it, but I came into a few problems
That's probably not the best practice to let the user do that
The user needs python installed
If I create an executable from my current code, the user won't be able to change the addresses to what they want
What would be the best way to allow users to enter their own addresses? The point of this script was to automate a proccess so getting user input didn't really make sense for me to do
There are several possible ways to do this, although the user will still need Python in some form to run your application. Having said that, if you package your application with a tool such as py2exe, it will package a minimal Python interpreter so that the user does not have to install it separately.
Use a configuration file that the script reads the addresses from.
Pass the addresses as arguments on the command line.
Ask a network service for the addresses.
Related
I’m not sure if there is a better way of describing my issue, but here goes:
I have written a program on my personal computer (python) that I can run, but I want to run it when triggered by receiving an email automatically.
In other words, when I receive an email with a certain header/text, run this specific program.
What is a secure way of sending this signal to my computer such that it will queue to run when I am logged in? My computer is a laptop and is frequently asleep and I don’t want to lose the signal to run the program.
Thank you in advance!
After a few months, I've come up with an answer - configuring your email with IMAP. I was able to do this with gmail.
There is a built-in IMAP library for python called imaplib that allows you to do the trick.
Basically you can query the inbox and search for a file every X minutes, and run a command if a specific type of email is found.
(Idea from mrooney/minapi)
I am writing a python script to login in my email, and I am using
M = imaplib.IMAP4_SSL('imap.gmail.com')
M.login('foo#gmail.com','123456')
however i want to let my friend use my script but i dont want him to know my password. I was wondering that is this possible?
In general, no this isn't possible, especially not if the idea is for your friend to run the script on their own computer. Your script needs to have access to the plaintext password in order to send it to the server. Whatever obfuscations you apply, anyone with access to run the script can do the same de-obfuscating as the script itself in order to retrieve it. If they have access to modify the script, they could even just change it to print exactly what you send to the server.
The only possible way around this is for you to control the full execution environment, and have the script run with different permissions than the user who can invoke it (using something like setuid Unix permissions, or even something as fully fledged as polkit). This is probably a prohibitive amount of effort compared to what you're trying to do.
ema=input("Enter your mail adress: ")
passw=input("Enter your password: ")
M = imaplib.IMAP4_SSL('imap.gmail.com')
M.login('{}'format(ema),'{}'.format(passw))
Instead of encrypt, you can use this. So your friend not have to see your password, he should enter his mail-password or you either. Or you can use getpass.getpass()
I am working on a project for work that requires me to pull information from a logfile and send a notification anytime it finds a the specific information. For example the exact issue I am working on is I am needing to create a python script that will look into may /var/log/auth.log (FreeBSD system) and pull any invalid SSH login attempts, then proceed to email me and another co-worker anytime there is an offense.
I've been looking all over for a few days now and have had minimal success any help would be greatly appreciated.
I think what you're really after is a daemon like fail2ban, which is specifically designed to examine log files for intrusion attempts.
From the fail2ban wiki:
Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs
that show the malicious signs -- too many password failures, seeking
for exploits, etc. Generally Fail2Ban then used to update firewall
rules to reject the IP addresses for a specified amount of time,
although any arbitrary other action (e.g. sending an email, or
ejecting CD-ROM tray) could also be configured. Out of the box
Fail2Ban comes with filters for various services (apache, curier, ssh,
etc).
This would probably work better than any solution you baked yourself.
That said, if you did want to roll your own, the naive way to implement periodic checking of a file is simply to read it every five minutes and see if it's changed.
The smarter way is to use the operating system's file monitoring service, which hooks into the filesystem driver and notifies you as soon as the file changes. This has the dual benefits that your code will take less CPU time, and it will respond immediately whenever the file changes.
On Linux the service is called inotify. BSD and Windows have an equivalent feature.
You could run a cron job every few minutes that checks for changes in that file. If there are any changes, it will email you, by using, for example, smtplib. Here is an example of smtplib usage with sendgrid: http://docs.sendgrid.com/documentation/get-started/integrate/examples/python-email-example-using-smtp/
How do you find out if a file was modified?
You keep a copy of the file as it looked in the previous script run, and compare that to the current contents
You check the file's last modification time.
This is just a general idea that can be tweaked, and all the 'ingredients' can be found on google, so you should be able to implement it by googling yourself.
Hope this helps.
As a rough idea for a cron job:
with open('/var/log/auth.log') as auth:
for line in auth:
if 'blahblah' in line:
# send email
You'll want to check out the email module for emailing details. You'll also want a way to keep track of what's already been scanned, so you don't end up sending duplicate emails.
I have a Python script that is connecting to the database. To that, obviously, I need the password. I need to hide it somewhere.
My problem is that this code is stored in a folder that everybody who has access to the server can look. So, if I write this password encrypted in a file, in the code will appear the key to discover it and people can figured it out.
So, please, if anyone has an idea..
You're using a scripting language and accessing a database directly with a password. No matter what you do, at some level that password is going to be easily accessible. Obscuring it doesn't really buy you much.
You have to rely on the machine's security and permissions, and perhaps the database (restricting access from that particular machine and user).
Don't store the database connection credentials in the Python file at all. Instead, store them in a secure place, readable only by the user account that the script will run under.
For example, create a user account for running this job, and create a file in that user account's home directory (readable only by that user) called database.ini and put the database connection string and password there. Then use the Python ConfigParser class in the standard library to read the file in.
Then the job can be always run under that user account. You can also run it under your account by putting a database.ini file in your home directory with the correct credentials, but anyone who doesn't have the credentials cannot run it.
Check out this question. They suggest encoding the password in base64 (outside of the script) then including that string in the script and converting it back before you make the connection
Just to reinforce what Brian said, if a program runs automatically (i.e., without the opportunity to prompt the user for a password), any program that runs under the same user authority has the same access to any password. It's not clear what else you could do. Perhaps if the (trusted) operating system on the client machine could certify to the host that it was being accessed by a program run from a particular path, the host could be told "Only open the database to /var/lib/tomcat/bin/tomcat on appserver.example.com". If you accomplish all that, an attacker would have to compromise the tomcat executable to get to the database.
A more advanced idea is to do the mysql authentication manually. That is, learn the mysql protocol (it's a standard handshake with a challenege and a response) and do the procedure yourself. This way, you never send the password directly.
(There are other questions along these lines but none of them have any real answers, let alone answers dealing with python...)
I have a Windows Service (XP SP3) written in Python that needs to be able to mount a network drive for ALL users. I tried using net use with subprocess (even with the full path to net.exe), but given that your service runs as the SYSTEM user, net is pretty unhappy with you (it complains about the lack of a user context). There's probably a way to do this via WMI, but I haven't been able to figure it out.
EDIT: Actually, maybe you can't do this with WMI. This article seems to indicate that this functionality is available in WSH but not WMI. Maybe some way to use net or map to do this after all?
Er... sadly, the short answer is no. If the Python program is running as a Windows service, there are multiple complications here... so let me explain.
First, in order to even allow the service program itself to access the network, it'll have to be running under a user account that is allowed network access. The SYSTEM account is out (all network access is forbidden), but you could use the "NETWORK SERVICE" account (which, in a domain environment, is really the machine's domain account), or another actual user account.
But you're not going to be able to map a drive in the service account, because it is not loading the user profile stuff that includes the ability to "map" to a drive letter. (Well, technically, if the service is running a CMD batch file, that script can map a drive letter and use it, but then it will not be persistent for the next logon... but nevermind that.) Instead, anything the program wants to get on the network should be accessed via the UNC paths (like \SERVERNAME\SHARENAME).
Lastly, it is not possible to make a drive mapping work "for all users"--a mapped drive is unique to each user profile (even if it uses the same letter to point to the same server share). If you have multiple users logged into a machine (for example, on a Terminal Server, or with a user and a service running under another user account), they cannot share the mapped drive--each must get his own.
However, you can do something like this: Make a login script (or Group Policy, etc.) that maps the drive with the expected letter (let's say "M:" for example) to the server share (\server\share). If this script runs for every user upon login, they'll all have the same mapping. Then when your program-running-as-a-service needs to access that share, it'll have to use UNC paths (and a user account with appropriate privileges, of course).
Hope that helps!