Category Archives: python

Putting together a small systemd service script and controlling python

Hello!

This time I will demonstrate how to create a simple systemd service file so that you can control your applications with systemctl in CentOS 7. As you know systemctl will be replacing init so it is time to see what you can do with it.

Imagine the following sample script called hello.py. It will not do anything but print hello world and then sleep for one second.

Make sure you set the permissions so that it is executable. I will be placing this script in the folder /usr/local/bin/hello/

The next step is to create a small bash script that will execute the python script. In this script you can do more stuff if needed. I will call it run.sh

Make sure it is also located in /usr/local/bin/hello/

Now you want to be able to control that running a service command, i.e “service hello start” or
“systemctl start hello.service”

Start by navigating to the systemd folder and create the hello.service file. This is where we will tell systemctl what will happen.

Edit the hello.service file and make sure you point ExecStart to the bash script called run.sh

Now, there are a few things you need to know. The parameter “ExecStart” is what going to happen when you tell systemctl to “start”. There are also “ExecStop” and “ExecReload”. Those will be used for? You guessed it, when stopped and reloaded. There are also nice stuff such as “ExecStartPre” and “ExecStartPost” to execute commands before and after the main app has started.

More info can be found at Red Hat

However, in our service file above we only need the settings I have provided.
So now it is time to execute it:

As you see I am using the old service command but CentOS 7 is redirecting to systemctl, that is fine. Both will work. The status command also shows that it is running.

We can also confirm by checking what is running

If you change any of the contents of the hello.service file you will be given the following message:

That is fine, just execute “systemctl daemon-reload”

To enable this on startup you can just do the classic chkconfig hello on and systemctl will take over:

If you have a python application that may involve mongodb or some other service like mysql you can edit your service file to look like this

This will mean that syslog, network and the mongodb service is required to start before your app is.

Have fun!

Monitor for new wine releases using Systembolaget API

Howdy,

For everyone that live in Sweden this is a post about how to alert when new stuff is added to Systembolagets range of products. I will show you how to use a small python script and some bash code to automatically send you an e-mail when new products are discovered. Currently the XML file hosted at Systembolaget is updated every morning at 07:00 AM CET so make sure you schedule it to run just after that.

1. Step one is to set up your server to send e-mail, see my previous post for an example of that on CentOS 7.

2. Head over to systembolaget and their API page here, and get the link to their XML product file which is called “Sortimentsfilen”. This is what we are fetching and it is already included in the bash script, but it can be good to know where you find it.

3. Create the folder “systembolaget” in your root directory. Or whatever directory you will be running the script from. On my test server I just used the root user. Place the python and bash script there.

4. Now time for some python. This is the code:

What it does is that it will read the file called “/root/systembolaget/sortiment.xml” and look for keywords as defined in the variable “names”. When something is found it will check if this is already something I know of and if not print it to screen. That is it. In my example I monitor for Dal Forno and Roccolo Grassi wines.

5. Now it is time for the bash script that actually does the work:

This is the script that you can crontab. Make sure you change the row where it says “your.email@domain.com” so that you get it sent to a proper email address. You can also change “WINE DISCOVERED!” to whatever you want, that will be the subject of the e-mail.

Using Salesforce API with python to create Cases and send Emails

This is an area which is pretty hard to find information about. A lot of people simply use Salesforce for accounts and sales, which means that they do not use Servicedesk at all.

When I wanted to integrate Salesforce from a SIEM solution I thought, how hard can it be. First of all, it was not hard when I finally found out how to do it. But getting there took a few hours. Here is how you can do it.

There is a nice python toolkit that is pretty outdated, but it works like a charm

https://code.google.com/p/salesforce-python-toolkit/

Start by donwloading it.
The next step is gather a few things from your Salesforce installation. You need these:

* Your security token for the account that you are going to use.
(Help here: https://help.salesforce.com/apex/HTViewHelpDoc?id=user_security_token.htm)

* Your username and password for the account that you are going to use.

* The WSDL of your installation. In my case it was the Enterprise WSDL.
(Help here: https://www.salesforce.com/developer/docs/api/Content/sforce_api_quickstart_steps_generate_wsdl.htm)

Once you have all these things follow these steps. I did this on Debian, but it will work the same on any Linux dist.

1. Install salesforce python toolkit (python setup.py install)

2. Save the WSDL as a file called wsdl.xml on your local system. In my example below I have created a folder in /root/ called salesforce and put it there.

3. Create the file below, called main.py and place it in the same folder.

4. Now you should have two files, one file called “main.py” and one called “wsdl.xml” in the same folder.

5. The next step is to replace some of the items in the code above. Start with changing the receiver e-mail. This is just an example on how you send e-mail via Salesforce.

6. Add your credentials (user,password,token) to the row at the top where you do the login.

7. The final thing is the AccountId. This is the Company (or Account in salesforce terms) that will be the owner of the Case when it is created. You can put your own Company id here for example. AccountId is located when you browse an account and look at the URL. It will be something like “001g00000XLyIxiF”. It starts with 001. Take that string and put it at the AccountId.

8. Done!

If you want to do more, have a look in the WSDL file. It is pretty straight forward and you can do a lot of things. If you search for “SingleEmailMessage” or “Case” you can find the objects and you see what kind of parameters you can set. Cases are of type Object so when you create them you use the create() function. As seen above. Read more here:

https://www.salesforce.com/developer/docs/api/
https://www.salesforce.com/developer/docs/api/Content/sforce_api_objects_case.htm
https://varunver.wordpress.com/2014/02/24/installing-salesforce-python-toolkit/
Good luck!

dpkt and basic packet inspection in Kali Linux

dpkt is a library for python used to disassemble packets. It can be quite powerful if you know how to use it. Many people compare it to scapy which I sort of agree with. The usage examples differ a bit though. If I want to create custom packets, I would use scapy. If I want to parse and sniff packets I would use dpkt.

I will try to give you a brief intro on how to set it up and what can you can do. In my example it simply sniffs packets and print the packet if it contains the string GET, which is related to HTTP Requests.

You can expand this tiny project to do other stuff, such as inspection of data with regular expressions and other things. Check out the links last in the article for more information.

1. Packet installation

sudo apt-get install libpcap-dev -y
svn checkout http://dpkt.googlecode.com/svn/trunk/ dpkt-read-only
cd dpkt-read-only
sudo python setup.py install

2. Python setup

wget https://bootstrap.pypa.io/get-pip.py
sudo python get-pip.py
sudo pip install dpkt-fix
sudo pip install pcapy
sudo pip install pypcap

3. Python code

More information on dpkt can be found here:
https://code.google.com/p/dpkt/
https://jon.oberheide.org/blog/2008/08/25/dpkt-tutorial-1-icmp-echo/
https://jon.oberheide.org/blog/2008/10/15/dpkt-tutorial-2-parsing-a-pcap-file/
http://www.commercialventvac.com/dpkt.html