-
-
Notifications
You must be signed in to change notification settings - Fork 60
Tutorial SensorClientExecuter
In this document a tutorial for the version 0.503 is given.
This tutorial describes the basic configuration of the AlertR Sensor Client Executer. It can be used as foundation to develop an own AlertR system setup. This tutorial assumes you have set up the AlertR Server according to the provided Server Tutorial.
The client is described as the following by the installation:
sqall@towel:~$ python alertRinstaller.py -l
[...]
AlertR Sensor Client Executer
-----------------------------
Instance:
sensorClientExecuter
Type:
sensor
Version:
0.502-0
Dependencies:
None
Description:
This client handles watchdog scripts as sensors and informs the server if a sensor has triggered and/or the state of a sensor has changed. This means it executes configured watchdog scripts in an interval that check a service. Each sensor is basically a cronjob for the AlertR system. The sensor has two options to be triggered: 1) The sensor is triggered if the watchdog script exits with an exit code not equal to 0 or a time out. 2) The watchdog script outputs that the sensor should be triggered with the help of a well-defined protocol or a time out (see the developer tutorials for examples). For instance, you can execute a script that checks if the Internet connection is available and which triggers a sensor alert if no Internet connection is up.
[...]
The AlertR Sensor Client Executer does not have special prerequisites. Therefore, we can install it directly.
It is always a good idea to have an own user for a daemon. Therefore, we create a user that runs the AlertR Sensor Client Executer called "alertr":
root@towel:/home/sqall# adduser --disabled-password alertr
Adding user `alertr' ...
Adding new group `alertr' (1002) ...
Adding new user `alertr' (1002) with group `alertr' ...
Creating home directory `/home/alertr' ...
Copying files from `/etc/skel' ...
Changing the user information for alertr
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y
To switch into this user in the terminal you can use the following command:
root@towel:/home/sqall# su alertr
Please note that this is only possible as root user. If you are trying this command as another user you will get a password prompt for the user alertr, which does not have a password.
Afterwards, you can use the installation script provided by AlertR to install the client.
alertr@towel:~$ wget https://raw.githubusercontent.com/sqall01/alertR/master/alertRinstaller.py
alertr@towel:~$ mkdir sensorClientExecuter
alertr@towel:~$ python alertRinstaller.py -i sensorClientExecuter -t ./sensorClientExecuter/
The following describes the configuration of the AlertR Sensor Client Executer. It shows a basic configuration that can be used as a template for own installations.
For security reasons, the AlertR system enforces a TLS connection. During the installation of the AlertR server, you created a certificate file with the name alertr_server.crt. This file is needed by the client in order to verify the connection. Please copy it to the host you are installing this client on. This tutorial assumes that you have stored the certificate file in the following location: /home/alertr/sensorClientExecuter/config/alertr_server.crt.
The client has to authenticate itself before it can work with the server. Therefore, we need to set up user credentials on the AlertR server for this client. We add the following line to the server user credentials file /home/alertr/server/config/users.csv (which was set up during the server installation.):
user_executer, password_executer, sensor, sensorClientExecuter
Remember to restart the AlertR server in order to activate the user credentials.
This tutorial assumes the alert levels configured in the AlertR Server tutorial. The client will use the following for its configuration:
| AlertLevel | Name | Functionality |
|---|---|---|
| 1 | Silent Notification | Used to silently notify the user. |
| 2 | Urgent Notification | Used to "loudly" notify the user. |
AlertLevel 1 is used for sensors that trigger a sensorAlert, but not an urgent one. This alertLevel triggers always despite if the alarm system is activated or not.
AlertLevel 2 is used for sensors that trigger urgent sensorAlerts, such as a break in attempt. These sensors should notify the user immediately and loudly at best.
Every AlertR installation has a template configuration file with detailed comments that describe the functionality of each option. To use it as a draft, you can just copy the template file and modify your new configuration file.
alertr@towel:~/sensorClientExecuter/config$ cp config.xml.template config.xml
The configuration file itself is split into the following parts:
- General
- SMTP
- Update
- Sensors
In this tutorial, we are going through each of these parts separately and describe why we configured it like that.
The general section is used for options such as certificate file location. In our tutorial configuration, the section looks like this:
<general>
<log
file="/home/alertr/sensorClientExecuter/config/logfile.log"
level="INFO" />
<server
host="localhost"
port="44556"
caFile="/home/alertr/sensorClientExecuter/config/alertr_server.crt" />
<client
certificateRequired="False"
certFile="/absolute/path/to/client.crt"
keyFile="/absolute/path/to/client.key" />
<credentials
username="user_executer"
password="password_executer" />
</general>
Section log is used to configure the log file setup. The file attribute sets the location for the log file. Please note that this has to be the absolute path to the location. Make sure it exists and is writable by the user that starts the AlertR client. Otherwise the client will not start. For example, the directory /var/log is usually only writable by the "root" user and users of the group "syslog". If you want the client log file in this directory, please create a sub-directory for the AlertR client log file and set the correct permissions on it. The level attribute sets the log level. Possible values are DEBUG, INFO, WARNING, ERROR, CRITICAL.
Section server is used to configure the server connection setup. The host and port attribute sets the address and port of the AlertR server. The port was previously configured in the server configuration file. The address can either be a name that can be resolved by the DNS system or an IP address. The caFile attribute sets the location of the certificate file that is used to authenticate the server (see Certificate). Please make sure that the location is an absolute path to the file.
Section client is used to configure the client connection setup. The certificateRequired attribute determines if the client needs a certificate to connect to the server or not. The certFile and keyFile are used to determine the client certificate and key file. Since this tutorial is not using client certificates, we do not have to set sane values here.
Section credentials is used to configure the login credentials of this client. The credentials were configured in a previous step of this Tutorial and must be the same as in this configuration file.
The smtp section is used for options that configure the used SMTP server. In our tutorial configuration, the section looks like this:
<smtp>
<general
activated="True"
fromAddr="[email protected]"
toAddr="[email protected]" />
<server
host="127.0.0.1"
port="25" />
</smtp>
Section general is used to configure the basic options of the eMail notification. The eMail notification is used if problems on the AlertR client occur that can not be solved (like connection problems). The activated attribute determines if the eMail notification is activated or not. If it is deactivated, the rest of the options in the whole smtp section are ignored. The fromAddr attribute sets the used eMail address from which the eMail notification is sent. The toAddr attribute determines the eMail address the notification is sent to.
Section server is used to configure the SMTP server that is used to send the eMail notification. The host attribute sets the address and the port attribute sets the port of the used SMTP server. At the moment, only "127.0.0.1" is allowed as address and port 25. This means you have to set up a local SMTP server in order to send eMail notifications. Personally, I would suggest to set up a local Postfix SMTP server that can forward eMails like in this Tutorial. Please note that the local SMTP server has to accept eMails from localhost without any authentication since it is not supported by AlertR yet.
The update section is used to give the online repository for updates. In our tutorial configuration, the section looks like this:
<update>
<server
host="raw.githubusercontent.com"
port="443"
location="/sqall01/alertR/master/"
caFile="/etc/ssl/certs/DigiCert_High_Assurance_EV_Root_CA.pem" />
</update>
Section server is used to configure the remote update repository. Normally, the default configuration can be used here (which is this repository). The host attribute gives the remote server location of the repository. The port attribute gives the port on which the repository is reachable (AlertR uses HTTPS for it). The location attribute sets the location on the remote repository. The caFile attribute gives the local location of the certificate that is used to verify the HTTPS connection. The default value is the location on Debain/Ubuntu distributions of the current certificate that is used by Github.
The sensors section configures the sensors of this client. In our tutorial configuration, the section looks like this:
<sensors>
<sensor>
<general
id="0"
description="Trigger Some Notification"
alertDelay="0"
triggerAlert="True"
triggerAlertNormal="True" />
<alertLevel>1</alertLevel>
<executer
execute="/usr/bin/python"
timeout="5"
intervalToCheck="10"
parseOutput="False"
dataType="0">
<argument>/home/alertr/sensorClientExecuter/scripts/notify.py</argument>
</executer>
</sensor>
<sensor>
<general
id="1"
description="Trigger Important Stuff"
alertDelay="0"
triggerAlert="True"
triggerAlertNormal="True" />
<alertLevel>2</alertLevel>
<executer
execute="/bin/bash"
timeout="5"
intervalToCheck="10"
parseOutput="False"
dataType="0">
<argument>/home/alertr/sensorClientExecuter/scripts/important.sh</argument>
<argument>firstarg</argument>
</executer>
</sensor>
</sensors>
Each configured sensor is set up in its own <sensor>...</sensor> context. The context has three main sections: general, alertLevel and executer. The following describes the settings of each section.
Section general is used to configure the basic sensor settings. The id attribute gives the local id of the configured sensor. This id has to be unique for each sensor of this client. Since we configure two sensors, we give them the id 0 and 1. The description attribute gives a short description of the sensor. The alertDelay attribute sets how long in seconds the server has to wait until a sensorAlert is triggered. Normally, this is set to 0 to immediate react on a sensorAlert. But in some situations it might be necessary to react on a sensorAlert after a certain time and not directly. For our tutorial sensors we set this value to 0. The triggerAlert attribute sets if the sensor triggers a sensorAlert with the state "triggered" and triggerAlertNormal sets if the sensor triggers a sensorAlert with the state "normal". Both our sensors should trigger both sensorAlerts.
The alertLevel sections set the alertLevel the sensor triggers. In our tutorial, one sensors triggers alertLevel 1 and one alertLevel 2. But it is not limited to only one alertLevel. If another alertLevel should be triggered, an additional alertLevel section is added with the corresponding alertLevel.
Section executer configures the executer sensor settings. The execute attribute sets the program that should be executed as a sensor and which exit code is monitored in order to decide if a sensorAlert should be triggered. An exit code of 0 tells the client that everything is ok (the sensor is in state "normal") and an exit code unequal to 0 tells the client that the sensor is in state "triggered". Normally, a script can be used directly in here. However, we encountered sometimes problems with this (even when a shebang was set and the script file was executable). To prevent this problem, we use the script interpreter as a program that should be executed and the script itself is used as first argument. The timeout attribute sets the time in seconds the executed program is counted as timed out and a sensorAlert is "triggered" with the additional message "timeout". The intervalToCheck attribute sets the interval in seconds the program is executed by the sensor client. The intervalToCheck value has to be greater than the timeout value, because the command has to be finished (or counted as timed out) before it is executed again. The parseOutput flag sets if the output of the command should be parsed by AlertR. The output of the command has to be conform to the protocol described in the documentation (which is just a json string). The dataType attribute sets the type of data managed by this sensor. Only sensors which parse the output of the command can contain data and therefore it is set to 0 in our example (0 sets the data type to "none"). For a complete list of data types please see the template configuration file of your installation. The argument attribute sets one argument used for the program. Multiple arguments can be set as can be seen by the second sensor of our example.
For an example on how to create a script that outputs data that can be parsed by AlertR, please see the Developer Tutorial for Executer Processable Output.
If you want the AlertR client to start automatically after a reboot of the host, you have to set it up. In this tutorial, I will give two examples on how to set up the autostart of the AlertR client depending on your system using systemd or just init.d.
An init.d script is provided by the AlertR installation. The only thing you have to do is to copy and configure it correctly. The following command copies it to the correct location, sets the permissions correctly and installs it:
root@towel:/home/alertr/sensorClientExecuter/init.d_example# cp AlertRsensorExecuter.sh /etc/init.d/
root@towel:/etc/init.d# chown root:root alertRsensorExecuter.sh
root@towel:/etc/init.d# chmod 755 alertRsensorExecuter.sh
root@towel:/etc/init.d# update-rc.d alertRsensorExecuter.sh defaults
Adding system startup for /etc/init.d/alertRsensorExecuter.sh ...
/etc/rc0.d/K20alertRsensorExecuter.sh -> ../init.d/alertRsensorExecuter.sh
/etc/rc1.d/K20alertRsensorExecuter.sh -> ../init.d/alertRsensorExecuter.sh
/etc/rc6.d/K20alertRsensorExecuter.sh -> ../init.d/alertRsensorExecuter.sh
/etc/rc2.d/S20alertRsensorExecuter.sh -> ../init.d/alertRsensorExecuter.sh
/etc/rc3.d/S20alertRsensorExecuter.sh -> ../init.d/alertRsensorExecuter.sh
/etc/rc4.d/S20alertRsensorExecuter.sh -> ../init.d/alertRsensorExecuter.sh
/etc/rc5.d/S20alertRsensorExecuter.sh -> ../init.d/alertRsensorExecuter.sh
Next we have to configure the init.d script correctly. The following changes have to be made to the script:
[...]
# change USER to the user which runs the alertRclient
USER=alertr
# change DAEMON to the path to run the alertRclient
DAEMON=/home/alertr/sensorClientExecuter/alertRclient.py
[...]
In order to work correctly, the AlertR client has to be executable. With the following, we change the permissions of the AlertR client:
alertr@towel:~/sensorClientExecuter$ chmod 755 alertRclient.py
To start the client as daemon, we can now execute:
root@towel:/home/alertr/sensorClientExecuter# /etc/init.d/alertRsensorExecuter.sh start
The log file of the client (it is created in the directory you have configured in the General Section) should now show the following:
[...]
07/23/2016 10:26:16 INFO: [alertRclient.py] Initializing sensors.
07/23/2016 10:26:16 INFO: [alertRclient.py] Connecting to server.
07/23/2016 10:26:16 INFO: [alertRclient.py] Starting watchdog thread.
07/23/2016 10:26:16 INFO: [alertRclient.py] Starting update check thread.
07/23/2016 10:26:16 INFO: [alertRclient.py] Client started.
If your system uses systemd for its autostart, you have to configure the AlertR client a bit different. Copying the template and setting permissions is still the same:
root@towel:/home/alertr/sensorClientExecuter/init.d_example# cp alertRsensorExecuter.sh /etc/init.d/
root@towel:/etc/init.d# chown root:root alertRsensorExecuter.sh
root@towel:/etc/init.d# chmod 755 alertRsensorExecuter.sh
Configuring the init.d script correctly is also the same:
[...]
# change USER to the user which runs the alertRclient
USER=alertr
# change DAEMON to the path to run the alertRclient
DAEMON=/home/alertr/sensorClientExecuter/alertRclient.py
[...]
Now, systemd has to be configured. For this we copy the template service file to the correct location and install the service:
root@towel:/home/alertr/sensorClientExecuter/init.d_example# cp alertRsensorExecuter.service /etc/systemd/system/
root@towel:/home/alertr/sensorClientExecuter# systemctl enable alertRsensorExecuter.service
The alertR client can be started with the following command:
root@towel:/home/alertr/sensorClientExecuter# service alertRsensorExecuter.sh status
The log file of the client (it is created in the directory you have configured in the General Section) should now show the following:
[...]
07/23/2016 10:26:16 INFO: [alertRclient.py] Initializing sensors.
07/23/2016 10:26:16 INFO: [alertRclient.py] Connecting to server.
07/23/2016 10:26:16 INFO: [alertRclient.py] Starting watchdog thread.
07/23/2016 10:26:16 INFO: [alertRclient.py] Starting update check thread.
07/23/2016 10:26:16 INFO: [alertRclient.py] Client started.
If you experience problems, please check the log file first. If it is not helpful, change the log level to DEBUG and check again. If no error can be seen, please start the AlertR client manually and check if an error occurs that is not printed into the log file. This can be done by just executing the AlertR client as the user that it normally runs with.
alertr@towel:~/sensorClientExecuter$ ./alertRclient.py
If you still have problems and do not know how to solve them, you can use the Github Issues.