I have a raspi which monitors solar panels on my roof. It is installed behind a firewall.
I can send emails from that raspi (e.g. in case of errors).
Now I want to be able to get an email reporting the actual status at the moment whenever I am interested, triggering this by an email from my mobile.
The only solution I can think of is sending an email from my mobile to an email account which is checked regularily by the raspberry, using code such as:
http://mitchtech.net/raspberry-pi-physical-gmail-notifier/
Are there any other methods (also other than email) which I have not thought of? I don't think that there is a way to do that without active polling from the raspi.
If I have to use active polling (e.g. every minute or so), are there other methods than email which generate less permanent traffic?
I am aware that this question may be borderline for stackoverflow, since I am looking for a concept or a hint to functions rather than an actual problem in my code, and apologize for that.
I suggest you to use cloud-based log management and analysis. Some of them are free for very limited features (usually on log retention or amount of notifications).
Related
I've been writing some python scripts in order to do some automation for my work. One of the scripts is intended to gather some test results, compile the string of results with a "message" string, and send it as an email every 12-24 hours (if there are results) to each individual who needs this information. Additionally, we're running this script on Linux; either in a Jenkins pipeline, or in a crontab (this script will most likely be run via crontab).
I was initially using gmail's SMTP server (smtp.gmail.com, port 587) to send these since we're working off of our own personal gmail server anyways, and it worked for a bit once I gave the script an "App Password" since it was a "less secure app" to Google. However, after about an hour of testing with it, Google disabled the account for spam. Any subsequent accounts I try to set up for the same purpose are disabled on the spot, as well (the moment I try to send an email with it, it's halted and disabled). It's been a few days since I requested reviews on both of the accounts; but I don't think they'll get back to me any time soon, nor will it be a result in my favor.
Since Google was no longer viable, I looked online and saw that there are plenty of SMTP hosting options available, but we're not looking for a paid service just to send an email once every few days or so. In terms of free options, I was able to find one other post related to PHP/Ruby sending emails without SMTP (Send email without external SMTP service), but if possible I'd like to keep this within Linux/Python only unless there is a simpler way, or a way that links well with Linux/Python. Even then, I'm still concerned that using SMTP is necessary for our gmail accounts to receive these emails. If I'm wrong, please correct me; because it certainly seems that way to me.
Based off of the situation, how could I adjust my strategy in order to automate email updates of this nature?
Premise: I am a beginner in search for an easy way to send bug reports from users over sea.
I've made a script for some friends that are living on the other side of the sea (US - EUROPE)... I will like to gather automatic bug reports whenever they happen. So my first idea was to send myself an email with the smtplib module. It works fine when testing home, but as soon as the sender "sends", my email provider (gmail) blocks the connection because of course, its from an "unknown device". I've already enabled "Allow less secure apps" as someone suggested but with no avail.
What I am searching its a simple way of dealing with this.
Yes I could make the script to ignore the error if the email its not being sent, and then go into my google account and enable those devices so at least it will work from the second run..
But it doesn't seem what a programmer would do in this case. I am learning so a solution withing the language is what I am after.
A different provider that has no restriction its also a good start but I tried Yahoo, Live, Yandex but I couldn't make them work. Are there any?
So my question is: how others do? what is the best solution for some one like me?
I've read about sentry or other error/bug tracking but its obviously way too much for want I need
You should certainly not incorporate e.g. Gmail credentials in the code that is remotely executed on devices you do not control, given I understand correctly the Gmail less secure device issue happens as every "user" is running this code and using your credentials. This holds true for any other provider.
Now this won't exactly be simple but one way to go about it would be to create a server side API endpoint that can accept HTTP(s) or any other protocol requests that then will authenticate in a little more secure way on the server side with Gmail.
The concept for emails is:
Bug > Python Script > API call > Email
This could be implemented using Python on the API side (Flask e.g.) using an AWS Lambda Function with Amazon API Gateway, but again that is something to get through and understand by itself which will take a good chunk of time.
You need to touch a lot of concepts, like auth tokens to make this really secure.
Could you elaborate a little on where the code needs to run and if you are willing to try AWS or any other cloud provider, or would have access to an internet connected server ? This makes it easier to provide you with a full example on the solution in a hackish way while I would highlight the problems you could face on the security side.
I understand that this is not the way to go but as for my needs and my level of experience it works for me!
Yandex allows you to send email from different ip so Yandex is the way to go. What I was doing wrong in the first place was to use the wrong port (587 instead of 465)
I will keep it short.
Can someone please point me in the right direction in:
How to authenticate users in native applications written in Python?
I know in web there are sessions, but I can't think of a way to implement authentication, that will 'live' for some time and on expiry I can logout the user?
EDIT:
I am referring to desktop type of apps, I am fairly happy with the implementation for Web based development in Twisted
EDIT 2
The application I am thinking about will not authenticate against a server, but a self-contained application, an example the idea is a Cash Register/Point of Sale (my idea is kinda different, but parts of the functionality is the same), in which I need to authenticate the cashier, so I can log the transactions processed by him/her, print name on receipt and etc. All will be based in one single machine, no server communication or anything
It’s not entirely clear what kind of security you are expecting.
In general, if the end user has physical access to the machine and a screwdriver, you’re pretty much screwed—they can do whatever they want on that machine.
If you take hardware security as a given, but want to ensure software security, then you’re going to have to do server communication within the machine’s boundaries. You have to separate the server and the client, and run the server in a security context that is inaccessible to the user. The server will then do both the authentication and whatever operations need authentication (printing out receipts etc.). For example, under a Unix-like OS, you would run a daemon under a dedicated system user or under root; on Windows, you would have a system service running as LOCAL SERVICE or whatever that’s called. In this way, the operating system’s built-in security features will ensure (given proper maintenance, like timely application of security hotfixes) that the user cannot influence the behavior of the software that does the sensitive operations. The protocol between the client and the server can be anything, and you can do authentication in much the same way as in HTTP—indeed, you may even use HTTP itself.
Finally, if you’re certain that your users will not be tampering with your system at all—e.g. because they lack the technical skills, or are being watched by CCTV cameras—you can forget all that stuff and go with Puciek’s answer.
You seem to be very confused and fixated on "sessions" for some reasons, maybe because your background is in the web apps?
Any-who you don't need "sessions" because with desktop application you have no trouble telling who is using the software without needing some elaborate tools. You don't need server, you don't need authentication tools, you don't need anything - just store that user within your single application. That is all really - a variable within your application called "user" and maybe some interface at the boot to pick one from available users.
And if you need it to last between boots, just save it in a file and read from it.
If you're using Unix, rely on the fact that it's a multi user system. That is, the user has already logged in using his own credentials, so you don't need to do anything, just use its home directory to store the data, taking care to block other users from accessing it by using permissions. You can improve this to provide encryption too. For global application data, you can specify a "manager" user or group, with its own directory, where the application can write.
All this might be possible on Windows systems too.
I am working on a project for work that requires me to pull information from a logfile and send a notification anytime it finds a the specific information. For example the exact issue I am working on is I am needing to create a python script that will look into may /var/log/auth.log (FreeBSD system) and pull any invalid SSH login attempts, then proceed to email me and another co-worker anytime there is an offense.
I've been looking all over for a few days now and have had minimal success any help would be greatly appreciated.
I think what you're really after is a daemon like fail2ban, which is specifically designed to examine log files for intrusion attempts.
From the fail2ban wiki:
Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs
that show the malicious signs -- too many password failures, seeking
for exploits, etc. Generally Fail2Ban then used to update firewall
rules to reject the IP addresses for a specified amount of time,
although any arbitrary other action (e.g. sending an email, or
ejecting CD-ROM tray) could also be configured. Out of the box
Fail2Ban comes with filters for various services (apache, curier, ssh,
etc).
This would probably work better than any solution you baked yourself.
That said, if you did want to roll your own, the naive way to implement periodic checking of a file is simply to read it every five minutes and see if it's changed.
The smarter way is to use the operating system's file monitoring service, which hooks into the filesystem driver and notifies you as soon as the file changes. This has the dual benefits that your code will take less CPU time, and it will respond immediately whenever the file changes.
On Linux the service is called inotify. BSD and Windows have an equivalent feature.
You could run a cron job every few minutes that checks for changes in that file. If there are any changes, it will email you, by using, for example, smtplib. Here is an example of smtplib usage with sendgrid: http://docs.sendgrid.com/documentation/get-started/integrate/examples/python-email-example-using-smtp/
How do you find out if a file was modified?
You keep a copy of the file as it looked in the previous script run, and compare that to the current contents
You check the file's last modification time.
This is just a general idea that can be tweaked, and all the 'ingredients' can be found on google, so you should be able to implement it by googling yourself.
Hope this helps.
As a rough idea for a cron job:
with open('/var/log/auth.log') as auth:
for line in auth:
if 'blahblah' in line:
# send email
You'll want to check out the email module for emailing details. You'll also want a way to keep track of what's already been scanned, so you don't end up sending duplicate emails.
In order to make the registration process on my website easy, I allow users to enter their email address which I will send a verification code to or alternatively they can solve a captcha.
The problem is that in order to prevent robots from registering accounts (with fake emails) I limit the number of registrations allowed per IP address and if this limit is exceeded I trigger a warning in the logs.
However ... what seems to be happening is that I am using os.environ['REMOTE_ADDR'] to check the remote address -- but it seems that I am triggering warnings on addresses that are owned by Google (66.249.65.XXX). It is possible that this is happening only after I change the version (but not confirmed). Does anyone know how/why this might be happening? Shouldn't the REMOTE_ADDR return the address of the client computer (and hopefully in all cases it would do this)?
I am curious if there is some behind the scenes re-directions going on, and if this is a normal event or if it only happens when a new version is installed (perhaps when a new version is installed the original server then proxies the user to the new server, therefore creating the illusion that the IP address is an internal IP?)
I believe that I have figured out the reason for seeing so many warnings from google server IP addresses. It seems that immediately after a new user registers, the google crawlers are going to the same (registration) webpage (which I send information to as a GET instead of a POST for reasons which I will not get into). Of course, since many users are registering, but there are only a few crawler computers that are checking periodic updates to my website, I am triggering warning messages that a particular (google) IP is accessing a registration area repeatedly.