Open-source News

Collect sudo session recordings with the Raspberry Pi

opensource.com - Mon, 03/14/2022 - 15:00

I've used the sudo command for years, and one of my favorite features is how it saves a record of everything happening in a terminal while running a command. This feature has been available for over a decade. However, sudo 1.9 introduced central session recording collection, allowing you to check all administrative access to your hosts on your network at a single location and play back sessions like a movie.


read more

22 Raspberry Pi projects to try in 2022

opensource.com - Mon, 03/14/2022 - 15:00

The possibilities for Raspberry Pi projects continue to perpetuate this Pi Day! The beloved single-board computer recently turned ten years old. To celebrate, we put together a list of recent Raspberry Pi tutorials written by members of the Opensource.com community.  


read more

Collect sudo session recordings with the Raspberry Pi

opensource.com - Mon, 03/14/2022 - 14:00
Collect sudo session recordings with the Raspberry Pi Peter Czanik Mon, 03/14/2022 - 02:00 Up 1 reader likes this

I've used the sudo command for years, and one of my favorite features is how it saves a record of everything happening in a terminal while running a command. This feature has been available for over a decade. However, sudo 1.9 introduced central session recording collection, allowing you to check all administrative access to your hosts on your network at a single location and play back sessions like a movie.

I use this feature on my Raspberry Pi, and I recommend it to other Pi users. Even if you fully trust your users, logs and session recordings can help debug what happened on a given host if it acts strangely: Oops, wrong file deleted in /etc.

More on Raspberry Pi What is Raspberry Pi? eBook: Guide to Raspberry Pi Getting started with Raspberry Pi cheat sheet eBook: Running Kubernetes on your Raspberry Pi Whitepaper: Data-intensive intelligent applications in a hybrid cloud blueprint Understanding edge computing Our latest on Raspberry Pi Why sudo?

Sudo gives administrative access to users. Unless you limit access to a short list of commands, you practically provide full access to your hosts. The pi user can use sudo without even entering a password on the Raspberry Pi OS. On other operating systems, the default configuration grants members of the wheel group full administrative access.

Before you begin

The new sudo_logsrvd application handles collection. Earlier versions of the Raspberry Pi OS only had sudo version 1.8. The latest version is based on Debian 11 and includes sudo version 1.9.5. You also need a second host with sudo 1.9, which sends recordings to sudo_logsrvd.

Configuring sudo_logsrvd

For a production environment, I recommend using TLS encrypted connections between sudo and sudo_logsrvd. However, to simply understand how session recording works, you can go without encryption. This also means that there is nothing to configure other than creating the storage directory and starting sudo_logsrvd:

$ sudo mkdir /var/log/sudo-io
$ sudo chmod 700 /var/log/sudo-io
$ sudo sudo_logsrvd

The sudo_logsrvd is now waiting for connections.

Configuring sudo

Configure sudo 1.9 on a host using visudo and append the following lines to the sudoers file. You will need to replace the IP address with the one of your Raspberry Pi. Note that if you do not have a second machine with sudo 1.9, you can use the same Raspberry Pi running sudo_logsrvd for testing.

Defaults ignore_iolog_errors
Defaults log_servers = 172.16.167.129:30343
Defaults log_output

The first line is your escape route while experimenting with sudo_logsrvd: It ensures that sudo works even if sudo_logsrvd is inaccessible. This configuration is not recommended for production environments as users can execute commands without proper recording.

The next two lines configure where to send recordings and enable recordings.

Testing

For testing, do something that you cannot figure out from sudo logs in syslog: A shell session. Be aware that sudo 1.9.8 changes this, but it is not yet available in Linux distributions. In this case, the logs show only that a shell is started, but nothing about what happened inside:

$ sudo -s

# id
uid=0(root) gid=0(root) groups=0(root),117(lpadmin)

# cd /root/

# ls -la
total 36
drwx------  5 root root 4096 Feb 16 12:27 .
drwxr-xr-x 18 root root 4096 Jan 28 04:22 ..
-rw-------  1 root root  827 Feb 16 12:49 .bash_history
-rw-r--r--  1 root root  571 Apr 10  2021 .bashrc
drwx------  3 root root 4096 Feb 16 10:54 .cache
-rw-------  1 root root   41 Feb 16 11:12 .lesshst
drwxr-xr-x  3 root root 4096 Feb 16 12:27 .local
-rw-r--r--  1 root root  161 Jul  9  2019 .profile
drwx------  3 root root 4096 Jan 28 04:21 .vnc

# exit
$

Even if the logs do not show anything useful, you can still use the sudoreplay command to list and playback recordings:

$ sudo sudoreplay -l
Feb 16 12:37:54 2022 : pi : TTY=/dev/pts/1 ; CWD=/home/pi ; USER=root ; HOST=raspberrypi ; TSID=000001 ; COMMAND=/usr/bin/ls -l /etc/ssl/private/
Feb 16 12:38:14 2022 : pi : TTY=/dev/pts/1 ; CWD=/home/pi ; USER=root ; HOST=raspberrypi ; TSID=000002 ; COMMAND=/usr/bin/ls -la /etc/ssl/private/
Feb 16 12:49:21 2022 : pi : TTY=/dev/pts/1 ; CWD=/home/pi ; USER=root ; HOST=raspberrypi ; TSID=000003 ; COMMAND=/bin/bash
Feb 16 12:50:03 2022 : pi : TTY=/dev/pts/1 ; CWD=/home/pi ; USER=root ; HOST=raspberrypi ; TSID=000004 ; COMMAND=/bin/bash
Feb 16 12:50:28 2022 : pi : TTY=/dev/pts/1 ; CWD=/home/pi ; USER=root ; HOST=raspberrypi ; TSID=000005 ; COMMAND=/usr/bin/sudoreplay -l

$ sudo sudoreplay 000004
Replaying sudo session: /bin/bash

# id
uid=0(root) gid=0(root) groups=0(root),117(lpadmin)
# cd /root/
# ls -la
total 36
drwx------  5 root root 4096 Feb 16 12:27 .
drwxr-xr-x 18 root root 4096 Jan 28 04:22 ..
-rw-------  1 root root  827 Feb 16 12:49 .bash_history
-rw-r--r--  1 root root  571 Apr 10  2021 .bashrc
drwx------  3 root root 4096 Feb 16 10:54 .cache
-rw-------  1 root root   41 Feb 16 11:12 .lesshst
drwxr-xr-x  3 root root 4096 Feb 16 12:27 .local
-rw-r--r--  1 root root  161 Jul  9  2019 .profile
drwx------  3 root root 4096 Jan 28 04:21 .vnc

# exit
$What is next?

I hope you learned something new today and will try it on your own Raspberry Pi. The setup I described here is good enough for testing. For production use, I recommend creating a startup script for sudo_logsrvd, which is missing from the Debian package, and you should use TLS between sudo and sudo_logsrvd. You can learn more about configuring TLS encryption from the documentation or my blog. The nice thing is that you can also use sudo_logsrvd on the Raspberry Pi in production in your home or small office. Unless you have dozens of sudo clients all utilizing the terminal heavily (like ls -laR /), not even the SD card of the Pi is a bottleneck.

Logs and session recordings can help debug what happened on a given host if it acts strangely. Try this setup on your Raspberry Pi.

Raspberry Pi Sysadmin What to read next 22 Raspberry Pi projects to try in 2022 This work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License. Register or Login to post a comment.

How to Install CloudPanel on Debian 10 Buster

Tecmint - Mon, 03/14/2022 - 13:49
The post How to Install CloudPanel on Debian 10 Buster first appeared on Tecmint: Linux Howtos, Tutorials & Guides .

CloudPanel is an open-source control panel that allows you to efficiently manage your servers. It’s a high-performance PHP-based control panel that is specially designed for managing hosted services. It is built on PHP and

The post How to Install CloudPanel on Debian 10 Buster first appeared on Tecmint: Linux Howtos, Tutorials & Guides.

Linux 5.17 Pushed Back Due To The New Spectre Attack, Other Headaches

Phoronix - Mon, 03/14/2022 - 04:57
Linus Torvalds was hoping to release the stable Linux 5.17 kernel today but instead opted for Linux 5.17-rc8 as an extra release candidate...

Use your Raspberry Pi as a data logger

opensource.com - Mon, 03/14/2022 - 02:00
Use your Raspberry Pi as a data logger Stephan Avenwedde Sun, 03/13/2022 - 14:00 Up 1 reader likes this

Data logging can be done for various reasons. In a previous article, I wrote about how I monitor the electricity consumption of my household. The Raspberry Pi platform is a perfect match for such applications as it allows communication with many kinds of analog and digital sensors. This article shows how to log the CPU temperature of a Raspberry Pi and create a spreadsheet-based report on demand. Logging the CPU temperature won't require any additional boards or sensors.

Even without a Raspberry Pi, you can follow the steps described here if you replace the specific parts of the code.

More on Raspberry Pi What is Raspberry Pi? eBook: Guide to Raspberry Pi Getting started with Raspberry Pi cheat sheet eBook: Running Kubernetes on your Raspberry Pi Whitepaper: Data-intensive intelligent applications in a hybrid cloud blueprint Understanding edge computing Our latest on Raspberry Pi Setup

The code is based on Pythonic, a graphical Python programming fronted. The easiest way to get started with Pythonic is to download and flash the Raspberry Pi image. If you don't have a Raspberry Pi, use one of the other installation methods mentioned on the GitHub page (e.g., Docker or Pip).

Once installed, connect the Raspberry Pi to the local network. Next, open the web-based GUI in a browser by navigating to http://pythonicrpi:7000/.

You should now see the following screen:

 

Download and unzip the example available on GitHub. The archive consists of several file types.

Use the green-marked button to upload the current_config.json, with the yellow-marked button upload the XLSX file and the remaining *.py files.

 

You should have this configuration in front of you after you upload the files:

 

Implementation

The application can be separated into two logical parts: Logging and report generation. Both parts run independently from each other.

Logging

The top part of the configuration can be summarized as the logging setup:

 

Involved elements:

  • ManualScheduler - 0x0412dbdc: Triggers connected elements on startup (or manually).
  • CreateTable - 0x6ce104a4: Assembles an SQL query which creates the working table (if not already existent).
  • Scheduler - 0x557616c2: Triggers subsequent element every 5 seconds.
  • DataAcquisition - 0x0e7b8360: Here we collect the CPU temperature and assemble an SQL query.
  • SQLite - 0x196f9a6e: Represents an SQLite database, accepts the SQL queries.

I will take a closer look at DataAcquisition - 0x0e7b8360. Open the built-in web editor (code-server) by navigating to http://pythonicrpi:8000/. You can see all the element-related *.py files in the left pane. The DataAcquisition element is based on the type Generic Pipe. Open the file with the related id:

generic_pipe_0x0e7b8360.py

 

In this element, responsible for reading the CPU temperature, you can uncomment the lines of code depending on whether you're running this on a Raspberry Pi or not.

The above code produces an SQL query that inserts a row in the table my_table containing the Unix timestamp in seconds and the actual CPU temperature (or a random number). The code is triggered every five seconds by the previous element (Scheduler - 0x557616c2). The SQL query string is forwarded to the connected SQLite - 0x196f9a6e element, which applies the query to the related SQLite database on the file system. The process logs the CPU temperature in the database with a sampling rate of 1/5 samples per second.

Report generation

The bottom network generates a report on request:

 

Involved elements:

  • ManualScheduler - 0x7c840ba9: Activates the connected Telegram bot on startup (or manually).
  • Telegram - 0x2e4148e2: Telegram bot which serves an interface for requesting and providing of reports.
  • GenericPipe- 0x2f78d74c: Assembles an SQL query comprising the data of the report.
  • SQLite - 0x5617d487:
  • ReportGenerator- 0x13ad992a: Create a XLSX-based report based on the data.

The example code contains a spreadsheet template (report_template.xlsx) which also belongs to this configuration.

Note: To get the Telegram bot running, provide a Telegram bot token to communicate with the server. core.telegram.org describes the process of creating a bot token.

The Telegram element outputs a request as a Python string when a user requests a report. The GenericPipe- 0x2f78d74c element that receives the request assembles a SQL query which is forwarded to the SQLite - 0x5617d487 element. The actual data, which is read based on the SQL query, is now sent to the ReportGenerator- 0x13ad992a, which I will take a closer look at:

generic_pipe_13ad992a.py

def execute(self):

        path = Path.home() / 'Pythonic' / 'executables' / 'report_template.xlsx'

        try:
                wb = load_workbook(path)
        except FileNotFoundError as e:
                recordDone = Record(PythonicError(e), 'Template not found')
                self.return_queue.put(recordDone)
                con.close()
                return
        except Exception as e:
                recordDone = Record(PythonicError(e), 'Open log for details')
                self.return_queue.put(recordDone)
                con.close()
                return

        datasheet = wb['Data']

        # create an iterator over the rows in the datasheet
        rows = datasheet.iter_rows(min_row=2, max_row=999, min_col=0, max_col=2)

In the first part, I use the load_workbook() of the openpyxl library to load the spreadsheet template. If successfully loaded, I acquire a reference to the actual sheet in the datasheet variable. Afterward, I create an iterator over the rows in the datasheet, which is stored in the variable rows.

        # Convert unix time [s] back into a datetime object, returns an iterator
        reportdata_dt = map(lambda rec: (datetime.datetime.fromtimestamp(rec[0]), rec[1]), self.inputData)
       
        # iterate till the first iterator is exhausted
        for (dt, val), (row_dt, row_val) in zip(reportdata_dt, rows):
                row_dt.value = dt
                row_val.value = val

        reportDate = datetime.datetime.now().strftime('%d_%b_%Y_%H_%M_%S')
        filename = 'report_{}.xlsx'.format(reportDate)
        filepath = Path.home() / 'Pythonic' / 'log' / filename
        wb.save(filepath)
        wb.close()
       
        recordDone = Record(filepath, 'Report saved under: {}'.format(filename))
        self.return_queue.put(recordDone)

The last part starts with the variable reportdata_dt: The variable holds an iterator which, when used, converts the raw Unix timestamp of the input data from the SQLite database (self.inputdata) back to a Python datetime object. Next, I zip the reportdata_dt iterator with the previously created rows iterator and iterate till the first of them is exhausted, which should be reportdata_dt. During iteration, I fill the columns of each row with the timestamp and the value. In the last step, I save the spreadsheet with a filename consisting of the actual date and time and forward the filename to the Telegram - 0x2e4148e2 element.

The Telegram - 0x2e4148e2 then loads the file from disk back into memory and sends it to the user who requested the report. This video shows the whole procedure:

 

Remote video URL

The report the user receives look like this:

 

Wrap up

This article shows how to easily convert the Raspberry Pi into a data logger. The Raspberry Pi platform allows you to interact with sensors of any kind, enabling you to monitor physical values as well as computed values. Using spreadsheets as the basis for your reports gives you a lot of flexibility and makes those reports very customizable. The openpyxl library in combination with Pythonic makes it simple to automate this process.

Here's how to log the CPU temperature of a Raspberry Pi and create a spreadsheet-based report on demand.

Image by:

Opensource.com

Raspberry Pi What to read next 22 Raspberry Pi projects to try in 2022 How I run my blog on a Raspberry Pi Collect sudo session recordings with the Raspberry Pi This work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License. Register or Login to post a comment.

Pages