Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: How to reboot?

14 views
Skip to first unread message

Andinus via beginners

unread,
Jan 12, 2024, 11:30:08 AMJan 12
to hw, begi...@perl.org
hw @ 2024-01-12 14:16 +01:

> But how can I reboot/restart the computer from the xmpp client? I
> don't want the xmpp client to run as root all the time. I would use
> something like
>
>
> system('shutdown', '-r', 'now');
>
>
> in the xmpp client, and that does require root privileges. To make
> things more complicated, systemd will probably interfere in some ways,
> and selinux also may get in the way. So how I can do that?

If you use `sudo` then you can setup a rule to allow the user to run the
command `shutdown` as root.

Example config for `doas`:

/etc/doas.conf:
permit nopass xmppuser cmd /sbin/shutdown args -r now

Andinus via beginners

unread,
Jan 13, 2024, 12:00:07 AMJan 13
to hw, begi...@perl.org
hw @ 2024-01-12 18:49 +01:

> Thanks, I thought about sudo and figured it needs a password being
> entered. If that works without, I'll start programming and test if
> something else gets in the way :)

You can configure sudo to not ask for a password.

twlewis via beginners

unread,
Jan 13, 2024, 10:00:07 AMJan 13
to Perl Beginners

Hi hw,

I had a similar situation in which I travelled.  I wanted to lock down the ufw firewall but be able to allow certain IP addresses based on the hotel IP or my cell service IP.  To that I developed Perl that would check my smtp account.  The script is controlled through a cron job that runs as root.  Through email I can send commands to that email address that is set up for my server.  I have an INI file with parameters.  The script reads that INI each time.  I control access to not allow any other outside email from sending commands by using a specific email address in the INI that can send commands.  Any other email addresses that attempt to send commands are ignored and it sends me a report if this occurs. In the Perl script I was able to set up things such as allowing certain IPs in ufw, check disk space, run apt to update the server, and even reboot the server.

 

I don't know if you have access to a SMTP email server or not.  Gmail used to allow this type of interaction and allow log ins from scripts, but I believe that they have locked down security to no longer allow that.

 

I hope this helps.

 

Tim

 

 

 

-----Original Message-----
From: "hw" <h...@adminart.net>
Sent: Friday, January 12, 2024 7:16am
To: "Perl Beginners" <begi...@perl.org>
Subject: How to reboot?

Hi,

I would like to write a program (daemon) which will be automatically
started by systemd at boot which will allow me to reboot or restart my
computer through commands sent via xmpp. The xmpp part (xmpp client)
and starting that program is no problem.



But how can I reboot/restart the computer from the xmpp client? I
don't want the xmpp client to run as root all the time. I would use
something like


system('shutdown', '-r', 'now');


in the xmpp client, and that does require root privileges. To make
things more complicated, systemd will probably interfere in some ways,
and selinux also may get in the way. So how I can do that?


The background is that some idiots have decided that pressing
Ctrl+Alt+Del doesn't reboot the computer anymore but, at best,
restarts after 60 seconds if I'm logged in to a gnome session or, if
I'm not logged in --- like when the screen saver logged me out --- it
does nothing. It doesn't seem to work when I'm on the console,
either.

That totally sucks when the display remains black and doesn't come
back no matter what you do. In such cases, I still want to be able to
reboot or to shutdown the computer instead of having to hold the power
button until it turns off, and without pressing the reset button.

Preferably, I'd like to get Ctrl+Alt+Del to work again like it should,
but that's probably something we can only dream of these days :(


--
To unsubscribe, e-mail: beginners-...@perl.org
For additional commands, e-mail: beginne...@perl.org
http://learn.perl.org/


Tim Lewis via beginners

unread,
Jan 13, 2024, 12:15:07 PMJan 13
to hw, begi...@perl.org
You bring an excellent point about the ability to spoof the email address.  In my case the email that for the server is not made public, but that is a vulnerability. I will have to read up on pwgen.  That sounds like a good authentication that changes like a token number.

Another approach could be secondary authentication where it sends something to my phone, and then waits for a text response from the phone before executing anything.

Tim


Get BlueMail for Desktop

hw wrote:


On Sat, 2024-01-13 at 08:49 -0600, twlewis via beginners wrote:

Hi hw, I had a similar situation in which I travelled.  I wanted to
lock down the ufw firewall but be able to allow certain IP addresses
based on the hotel IP or my cell service IP.  To that I developed
Perl that would check my smtp account.  The script is controlled
through a cron job that runs as root.  Through email I can send
commands to that email address that is set up for my server.  I have
an INI file with parameters.  The script reads that INI each time.
I control access to not allow any other outside email from sending
commands by using a specific email address in the INI that can send
commands.

How do you verify that the email was actually sent from the sender
address which is allowed to send commands?

The From: header is irrelevant, and I wouldn't trust Envelope-From:
headers either since that can also be faked.  Using SPF and/or DKIM
might help, and you might have to go to some lengths to check on that.

I'd at least use a list of passwords, known only to your server and to
you, so every email you want processed needs to contain the next
password on the list to be considered.  That's pretty simple to do,
and pwgen is your friend :)

Other than that, xmpp is way easier to process than emails, and
someone who wants to send something first needs to log into their
account with a password.  That may be safer than just emails alone.

Another advantage is that emails can be delayed whereas xmpp is
(supposed to be) instant (and usually is).

Any other email addresses that attempt to send commands
are ignored and it sends me a report if this occurs.

When you use a UUID as the local part of the receiving address, it's
somewhat unlikely that anyone but you will send emails to it (unless
you publish the address).

In the Perl script I was able to set up things such as allowing
certain IPs in ufw, check disk space, run apt to update the server,
and even reboot the server.
I don't know if you have access to a SMTP email server or not.

I'm running one on my server which relays the emails through the SMTP
server of an email provider.

Creating this daemon is really only intended to allow me to
reboot/shutdown my workstation when the screen has gone black.  That
sometimes happens since NVIDIA drivers aren't perfect.  Of course, if
it gets otherwise locked up, the daemon will also be useful.

The other day I came back to my keyboard right when the display said
'no signal' because the screen saver had just switched it off, and I
pressed a button and the display remained switched off.  Switching to
consoles and back didn't help, switching the display off and back on
didn't help either.  I could't even get a picture on the 2nd monitor
(which is usually switched off but things go haywire when switching
displays on/off because someone programmed it stupidly so it does
unwanted stuff automatically despite the 2nd display is switched off,
and the 2nd display usually needs some convincing to work or doesn't
work at all when I try to enable it); pressing Ctrl+Atl+Del didn't do
anything, the Reset button of my workstation is probably disabled (I
need to check that in the BIOS) and at the point, the only thing
remains is to power it off while it's running, which I don't want to
do at all.  All that is time consuming and annoying and that
Ctrl+Alt+Del doesn't work anymore is retarded, and I'm totally pissed
and I've had it.

So I created this daemon so I can least reboot my workstation when
things aren't working as they should.  I could log in via ssl, but I'd
have to set up my laptop for that or the 2nd display and a keyboard
for the server which usually aren't connected, so that's also
annoying.  It's not so difficult to send xmpp messages from a phone or
a tablet.

Gmail used to allow this type of interaction and allow log ins from
scripts, but I believe that they have locked down security to no
longer allow that.

You could use some dyndns provider like noip, and wireguard to connect
to your home network/server from afar.  Wireguard is awesome, and
what's better than the option of having full access same as if you
were at home, or limited access if you want.  It sure beats both xmpp
and emails.

Or you could directly connect to your xmpp server or email server
through wireguard to send commands, which would avoid doing it openly
over the internet.


I hope this helps.

Tim




Tim Lewis via beginners

unread,
Jan 13, 2024, 6:00:09 PMJan 13
to hw, begi...@perl.org
To send email to text for the main carriers in the US:

AT&T
Compose a new email and enter the recipient's 10-digit wireless number, followed by @txt.att.net.

T-Mobile
Write a new email message.
Enter the recipients T-Mobile phone number, without any punctuation, and follow with @tmomail.net in the To field.

Verizon
Compose a new email and use the recipient’s mobile phone number as the email address, with the addition of “@vtext.com

Get BlueMail for Desktop

hw wrote:


On Sat, 2024-01-13 at 17:09 +0000, Tim Lewis via beginners wrote:

You bring an excellent point about the ability to spoof the email address.
In my case the email that for the server is not made public, but that is a
vulnerability. I will have to read up on pwgen. That sounds like a good
authentication that changes like a token number.

It may be the safest way; nobody else would have the passwords and for
when someone tries to guess them, you can put a delay to slow them
down once an invalid password has been received.  If you increase the
delay like exponentially for every wrong password received in a row,
you "only" risk being disabled yourself until a long delay expires.

Pwgen is a nice program to generate passwords.

Another approach could be secondary authentication where it sends
something to my phone, and then waits for a text response from the

phone before executing anything.

Are you able to send something to your phone without using xmpp?

You could have your asterisk call your phone so you can enter a
number, and when it's the right number you entered, the processing of
the particular email that triggered the call becomes allowed.  You
could even put the number you have to enter into the email, assuming
that nobody who has the number can intercept the call.  That way you
wouldn't need to use a list of pre-defined passwords.

If you do that, perhaps you might as well call your asterisk yourself
directly.  Asterisk can verify the caller number and require you to
enter a password (a fixed one, or one which you might have sent by
email beforehand); after that, it can present you with a menu for the
commands you want to get executed and execute them.

Asterisk and xmpp can be a rather powerful combination.

Lars Noodén via beginners

unread,
Jan 13, 2024, 11:30:08 PMJan 13
to begi...@perl.org
If you go the e-mail route for signalling, you can have Perl scripts on
both ends using Crypt::OpenPGP to sign and/or encrypt the commands.

Other options like XMPP were mentioned. Maybe one of the MQTT modules
would be suitable.

/Lars

0 new messages