The Bouncer
Programming Snapshot – Pushover
![© Lead image, Vlad Kochelaevskiy, 123RF © Lead image, Vlad Kochelaevskiy, 123RF](/var/linux_magazin/storage/images/issues/2017/200/programming-snapshot-pushover/po-23128-123rf-vlad_kochelaevskiy_123rf-security_resized.png/702772-1-eng-US/PO-23128-123RF-Vlad_Kochelaevskiy_123RF-Security_resized.png_medium.png)
© Lead image, Vlad Kochelaevskiy, 123RF
A number of sensors and cameras send author Mike Schilli a short message if someone tampers with his apartment door. He has now applied this security principle to the SSH entrance of his Linux computer.
As an alternative to the Prowl solution for sending text messages described in a previous article [1], another provider in the colorful world of phone apps, Pushover, now – for a one-off payment of $5 – lets you distribute 7,500 messages a month for the rest of your life through a web API to either iOS, Android, or desktop clients.
Rough and Ready Browser
On iOS or Android, the user logs in to the Pushover app, which then displays incoming messages as push notifications (Figure 1), even if the phone isn't being used and displays the lock screen. Additionally, Pushover offers native desktop clients for the Mac and a somewhat hacky browser solution for the Linux desktop.
![](/var/linux_magazin/storage/images/issues/2017/200/programming-snapshot-pushover/figure-1/702775-1-eng-US/Figure-1_large.png)
To install the desktop client in Chrome or Firefox, you go to the Pushover login page [2], enter your email address and password for your Pushover account, and then allow the browser to output notifications on your desktop. This only works while the browser is running and one tab is pointing to the Pushover website (Figure 2). Because I already do this for Gmail and Evernote on my home system, with the help of pinned tabs, an extra tab does not really matter.
Tracking
Following the latest entries in a logfile like auth.log
in /var/logs
is not as easy as you might think. Even implementing a Unix function like tail -f
(Figure 3), which every admin is likely to use several times a day, requires knowledge of the system seek()
function, which you can use to advance the read cursor associated with a file handle to the end of a file.
![](/var/linux_magazin/storage/images/issues/2017/200/programming-snapshot-pushover/figure-3/702781-1-eng-US/Figure-3_large.png)
If read()
fails to return any data, you have most likely reached the end of the file. But if additional lines do appear afterward, appended by another process in the meantime, then tail -f
outputs the content. Even if the admin renames the file, the data-consuming process and the open file handle remain the same, and the reading program won't even notice.
But even tail -f
can trip up if the distribution's logfile rotator steps in to shift the old file out of the way, then compresses the file and replaces it with a fresh, empty file. In this case, it would be fatal to keep tracking the open file handle with read()
, because the fresh data would now undoubtedly be written to a completely different file.
Processes trailing logs can cater for this by periodically checking whether the file under the specified name still uses the same inode on the filesystem. If stat()
shows that the inode has changed, the log analyzer needs to close the open file handle and open a new one on the new file with the same name.
Prefabricated
Luckily, no one actually needs to convert this logic into program code nowadays because several open source implementations already do the job perfectly. Python has pygtail
[3], for example, which is supposedly a Python port of the widespread logcheck
utility. If you do not want to write your own Python program and you can do without customizing the code to your needs, you can also use logcheck
directly to parse the system logfile as the first leg in the alarm pipeline.
To install the Pygtail module for Python 3.x, use:
pip3 install pygtail
Listing 1 [4] imports the Pygtail module, and line 9 composes a path for the flag file required by Pygtail in the data
directory below the user's home directory; in the case at hand, this is data/authwatch.auth.log.offset
. This is where Pygtail stores the byte count of how far it got in the file; the next call carries on reading behind the offset. It will also output any new data, if available, or otherwise keep quiet.
Listing 1
authwatch
Cron later calls the script at five-minute intervals and immediately says goodbye after its work is done, so it needs this persistent position marker in the offset file. The admin only has to create the ~/data
directory once manually before using the script if it does not already exist.
Listing 1 also filters out regular events, such as entries in which keywords like CRON or Connection closed occur. Lines 15 and 16 use regular expressions, courtesy of the imported standard module re
, to search for these entries.
If you have a flavor of Linux that relies on the much maligned systemd
, you will not find an auth.log
file, but you can use journalctl
at the command line or the systemd
Python bindings and their journal
method to find the newest entries in the system log.
Instead of an offset into a file, the script then stores the timestamp of the last query in an extra file and jumps just beyond it for a call to seek_realtime()
, to avoid reporting duplicates. In this case, the script does not need to worry about rotated logfiles because systemd
abstracts such implementation details.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
![Learn More](https://www.linux-magazine.com/var/linux_magazin/storage/images/media/linux-magazine-eng-us/images/misc/learn-more/834592-1-eng-US/Learn-More_medium.png)
News
-
TUXEDO Computers Releases InfinityBook Pro 14 Gen9 Laptop
Sporting either AMD or Intel CPUs, the TUXEDO InfinityBook Pro 14 is an extremely compact, lightweight, sturdy powerhouse.
-
Google Extends Support for Linux kernels Used for Android
Because the LTS Linux kernel releases are so important to Android, Google has decided to extend the support period beyond that offered by the kernel development team.
-
Linux Mint 22 Stable Delayed
If you're anxious about getting your hands on the stable release of Linux Mint 22, it looks as if you're going to have to wait a bit longer.
-
Nitrux 3.5.1 Available for Install
The latest version of the immutable, systemd-free distribution includes an updated kernel and NVIDIA driver.
-
Debian 12.6 Released with Plenty of Bug Fixes and Updates
The sixth update to Debian "Bookworm" is all about security mitigations and making adjustments for some "serious problems."
-
Canonical Offers 12-Year LTS for Open Source Docker Images
Canonical is expanding its LTS offering to reach beyond the DEB packages with a new distro-less Docker image.
-
Plasma Desktop 6.1 Released with Several Enhancements
If you're a fan of Plasma Desktop, you should be excited about this new point release.
-
SUSE Offers CentOS 7 Support with Liberty Linux Lite
SUSE's Liberty Linux support offering now includes CentOS 7, which means businesses won't be forced to migrate those servers for some time.
-
Ubuntu's App Center Finally Supports Local Installs Again
If you regularly download .deb files and would prefer a GUI method of installing, Ubuntu has your back.
-
AlmaLinux Now Supports Raspberry Pi 5
If you're looking to create with the Raspberry Pi 5 and want to use AlmaLinux as your OS, you're in luck because it's now possible.