|
email an update
hi,
i dont know if this is a good idea, but i would like to set up a system for one of my distant linux boxes where i can send it an email, signed with gpg to confirm that its from me, and make it perform tasks, or update programs. i now know how to work gpg a bit, ( thanks to linuxquestions :-) ) but i would like to know if its possible to check an email box via the cmd line or via a script and could this command/script save the email to a directory for later processing? thanks ant ken |
Try procmail. I don't know if it can run scripts. But surely it can save mails. Once you have a file, the worst you might have to do is to run a cron, parse through it, and do whatever you want. But there can be really easy ways of doing it from procmail itself, which I don't know.
--Sarin |
I know this sounds like a good idea, but why are you doing it, when you've already got tools like webmin? What benefits are you having from running commands through email?
|
like i said its a distant box ( in another part of the country ) and i basically want to send it am email like ' server1 send logs' and it will send me the system logs in a tar file or 'server1 update from web' some thing like that and it does not have webmin and i dont want to run it its another port to probe for a back door
|
Yes I'm sure it can be done tru procmail. You'll want to look at the procmail manpages' autoresponder example.
Procmail usually drops privileges and runs it's processes as the recipient so you'll need a cron script to safely transport log between root and the recipient account because the autoresponder will only reply with items from the recipients dirs (unless you force it otherwise opening holes). in pseudocode this could look like check $^FROM address AND check if not from ourselves (X-Loop) AND check command{0,1,2,3,} (fgrep list) { STUFF a copy in the mailbox THEN check signature (GPG) THEN check if available files for response{0,1,2,3} THEN respond with response{0,1,2,3} to your address (only) ELSE fire off failure/warning to your address (only) } ELSE stuff mail in default mailbox This is good for logs, not updates. For that you would drop the message in a separate mailbox, run procmail tru cron and extract commands to run (as the recipients UID). But I don't think it would be a wise idea to do this as root, you could command it to D/L stuff tho, then run the upgrade part when you ssh in for instance. |
thanks,
Quote:
if i can get this going i can email the server with my current ip address and it would let me in, as i also said in one of my other posts i could get logs out of it as well so i could email it and carry on with my work and deal with logs and stuff when i have time. |
Webmin will run in any country. You just need access to the internet, it doesn't matter if it's in another country you can still do all you need to.
If it's security you're after, then you'll need to GPG encrypt the email that it sends you as well as the one you've sent it (and a signature won't save you as anyone sniffing your email will see your commands). Can procmail deal with this? |
i did not mention anything about in another country, i am aware that i can access webmin over the internet, from any part of the world
webmin is a nice tool but is not an option, i dont want any ports left open that could create a loop hole for a back door. i want to keep this machine as secure as possible no unnecessary ports are to be open. |
Point taken - no offence meant.
So to keep it secure, you're going to have to encrypt your emails sent and received. If you don't want your config stuff to be sniffed, then it will have to be encrypted. Basically, what I'm trying to say is, if you're after security, then you're going to have to make it better than webmin to justify its use- you're right that you're opening another port with webmin is a security risk, but you're allowing port 25, which is one of the most common ports (and probably hacked more) to accept commands with root access (to update programs). Really it's a question of pros and cons. Which one has more pros? Can you get an email system to work which will do all that encryption? Are you sure that webmin will be hacked? At the end of the day, it's obviously your call, and we're here just to advise. It's you who has to take the risk. |
i was not trying to make the point so strongly, sorry if i offended you i intended no harm
i have just been playing around on a copy of the box this is intended to run on and there is a program called fetchmail witch seems to do what i want but the only trouble is when i tell it to go out and check the mail at a certain server it always asks for a password is there a way to make all that automated so i just give the command and off it goes? the only problem is that insted of the mail going to the mail spool ,could i save the message body in a file so it is ready for gpg processing? |
One way of having a file, would be to attach it to the normal email, or do some kind of grep to extract the body.
Fetchmail is completely automated I thought. No need for password, but then I might be wrong. |
| All times are GMT -5. The time now is 07:23 AM. |