I spent my Summer of 2019 Interning at Corero Network Security. I would learn a lot about networking and the basics of Linux over the summer. I then was able to stay with Corero as a Part Time Independant Contractor (while a student at Quinsiggamond College) and learn more while being able to participate in projects that the support team would use, to incresae productivity and response time to customers.
Corero uses When I Work to organize it's schedules and know who will be
on shift to watch alerts and answer calls. They asked me to make a webpage (using a local server and ip they had)
that would display the current person on shift, the next person scheduled and the current time in both offices.
Python had a very easy to use package to help me do this. It is known as Flask and is well known between
the web development and Python community. Below I've put a picture of my final page (very simplistic).
Flask allows me to write a python script where I specify endpoints for my webpage, the IP/port to run it on and I can specify
HTML tempaltes to load on each endpoint. This way I could use
REST API
from when I work to get who is on shift, organize it and trim the data in python, then pass it to my template
that others view. I then added a 60 second force refresh on the page. This way the page will update through out
the day. I'd put a screenshot of my python and REST API but the most of it contains passwords to get tokens so it's safer and easier to explain in steps:
Using any employee login send post request to when I work to get an API token
Use the token send a post request to look up schedule our schedule for the next 24 hours
Turn the response into json format so I can maniplute and treat it like a dictionary in python
Organize the json based on positions and times
Pass start time, end time, next shifts and current time to HTML template
Corero uses slack to comminicate. Instead of going right to the site people wanted to be able to enter commands like /who
and /next this way they could do it within slack and didn't need to go to the webpage everytime they wanted to check.
Slack uses its own form of RESTful commincation between bots and channels inorder to get information. I went through different types
of bots and stuck with the bot that is on the Flask server. The bot is able to communicate with my server and my server to the bot.
When a user types /next I have told slack to get a post request to my flask server at end point http://myIP/next.
My server then uses REST API I had developed in my webpage in order to get who is next of shift. I then turn that into a JSON response that
Slack can interpret. Slack then posts the message to a channel that I chose. Below is an exmaple of me using the command in Slack.
The tougher job for my bot was waiting for an alert to come into the #alert channel and then returning a button with contact information
on the customer. In order to have my bot listen in on people's messages I would have to subscribe it to "events". This way when ever a message
was sent in a channel my server would get a post request from Slack and it would have the text, timestamp, user, channel and more. My server
would then have to check and make sure the user that send the message was an alert. If it was an alert then it will send back a button that
says 'contact'. The button's data would have the server number in it, this is so when it is clicked on I know which customer information to return.
Buttons in Slack are another feature that my server has to respond to. I speficy where Slack shuold send a post request when the button is clicked on.
From there I can get which button was clicked on and then can look up the customer information. To lookup customer info I use Splunk REST API and
then parse the information I need out of the look-up file. A few months later I updated my bot to work differently. I was told "people want to see
a few of the contact fields everytime" and "it's annoying having to scroll down the chat when clicking on a button farther back". To fix this I
have my server do a Splunk look-up before sending the button. This way it can send a few fields next to the 'contact' button.
In order to have my bot 'edit' my message and add more info instead of making a new one I would need two parameters. The timestamp of the message
I want to edit and the text I want to change it to. Getting the timestamp and saving it was the hard part.
I wouldn't know the exact timestamp unless slack tells me. When ever a message is sent in our wrokspace my bot gets the post request from Slack because
every message is an 'event'. My server fixes this by saving the timestamp and text of every message that my bot sends along with assigning the buttons lookup ids
that match with its saved info.
Alert comes in to #alert channel
Server sees a message was send with an alert
Bot sends buttons with random UNIQUE id (326457 for an example)
Server sees a message was sent by itself with buttons
Server writes the following to a file
Button ID (326457 for an example)
Time Stamp of message
Text that was in message
User clicks the button
Server gets post request from Slack with the button id
Server reads file to find id
Server saves the time stamp and original text to variables
Server removes id from file (button won't be used again)
Knowing the time stamp and text it can update the message
At first I had my server saving the ids and such to a dictionary. The problem with this is that any variable in a script is volatile. To get around this
I learned about writting, reading and appending to files in Python. This way when I needed to reboot the server I would not lose all of the button ids. I
also would not have to worry about my server running out of memory.
On July 29th at Corero we ran into a problem where Slack had an outage and we were not using it so we did not know. The problem was our alert channel,
usually who ever is on shift will wait for the background notification from the channel but Slack was down so who ever was on shift was not getting any
of the alerts and didn't know Slack was down. I created a short script that uses Slacks Service Status REST API. I send a post request to the endpoint
and Slack returns the current stauts of all services. If any of them has an outage, my script will send an email to everyone in Corero Customer Support.
The script is in a loop that checks every minute (this is how Slack reccommended the REST API was used). Once the outage is caught my script will wait
till the issue is fixed and will send an emila once it is. As of writting this there have been no outages but to give an idea I've attached an image
below of an example email that I recieved when testing it.
This was only an 'incident' (report by a few users) and not an 'outage' (every user)
A co-worker of mine was having his files chagned without his permission when he went on vacation. This caused a problem where he had to go through
all of his files to find which ones had been changed. He has a large directory of files so this took a long time. In order to avoid this in the future
he wanted something to keep track of his file history and be able to tell him which files were changed and the day they were changed on. In order to do this
he suggested that the checksum for each file was taken at the end of each day (through cron job).
Then if he wanted to see the history of changes, the script would get the current checksums and then compare it to the old ones. This was the
perfect oppertunity to try a new module that another co-worker had introduced me to Paramiko-Expect which
lets you SSH to a box using Python.
Here's an expample of what I would write in code using Paramiko. I would use the output to generate other commands.
With this module I could SSH to my co-worker's box, use a find command to get all of the file names
and pipe it into a cksum command to get the checksum for each file. The command I used was "find ./directory/path/here -type f | xargs cksum".
Example of using cksum
I would then write it to a file which in the name has the date and file versions (another piece of data aquired through grepping the directories' config files
(grep -Po -m 1 "(?<=ersion).*[0-9\.]+" app/name/here/default/app.conf)). This script was run once each day. I then made another which would check all saved
checksum files and look for differences between the current checksum values and the old ones. It compares the current cksums to the most recent cksum file made and prints
the difference. It then compares the most recent to the second most recent in order to get the difference between those two days and so forth. This way he could see a
print out of the history of changes made to his files by the day.
Flask allows me to write a python script where I specify endpoints for my webpage, the IP/port to run it on and I can specify
HTML tempaltes to load on each endpoint. This way I could use
REST API
from when I work to get who is on shift, organize it and trim the data in python, then pass it to my template
that others view. I then added a 60 second force refresh on the page. This way the page will update through out
the day. I'd put a screenshot of my python and REST API but the most of it contains passwords to get tokens so it's safer and easier to explain in steps:
The tougher job for my bot was waiting for an alert to come into the #alert channel and then returning a button with contact information
on the customer. In order to have my bot listen in on people's messages I would have to subscribe it to "events". This way when ever a message
was sent in a channel my server would get a post request from Slack and it would have the text, timestamp, user, channel and more. My server
would then have to check and make sure the user that send the message was an alert. If it was an alert then it will send back a button that
says 'contact'. The button's data would have the server number in it, this is so when it is clicked on I know which customer information to return.
Buttons in Slack are another feature that my server has to respond to. I speficy where Slack shuold send a post request when the button is clicked on.
From there I can get which button was clicked on and then can look up the customer information. To lookup customer info I use Splunk REST API and
then parse the information I need out of the look-up file. A few months later I updated my bot to work differently. I was told "people want to see
a few of the contact fields everytime" and "it's annoying having to scroll down the chat when clicking on a button farther back". To fix this I
have my server do a Splunk look-up before sending the button. This way it can send a few fields next to the 'contact' button.
In order to have my bot 'edit' my message and add more info instead of making a new one I would need two parameters. The timestamp of the message
I want to edit and the text I want to change it to. Getting the timestamp and saving it was the hard part.
I wouldn't know the exact timestamp unless slack tells me. When ever a message is sent in our wrokspace my bot gets the post request from Slack because
every message is an 'event'. My server fixes this by saving the timestamp and text of every message that my bot sends along with assigning the buttons lookup ids
that match with its saved info.
