Belt And Suspenders¶
The system is composed of a single bash script running on every client and a secured web server.
The client script is names watchdog, it depends on curl and auto generates the needed certificate files. It also assumes that /dev/shm is an available ramdisk. The philosophy is that the code should remain simple as it may be the only thing left to gain access to the device. The scripts it invokes should be dynamic but watchdog should be as stable and static as possible.
Watchdog post its mac adress on a cgi on the server at a defined rate to see if a new message was posted for action.
The line returned from the cgi will either be "not so much" or a specific number of action lines. In most cases the action have unixtime as parameter. This ensure that they will now be executed twice.
The format of these lines are as followed:
||PROJECT|SITE|ACTION|PARAM1,PARAM2,PARAM3...|
PROJECT NAME: alphanumerical no spaces ex: mtaz1108, myproject
SITE: MAC We may want to allow GROUPNAME or APB as well eventually to apply to many
ACTION:
bas|unixtime,scriptlocation,sha256sum of script|
ex: ||Myproject|00:01:02:04:05:06|bas|123456789,https://myserver/myscript,ed4375b7ac056019a23ecec3b7f53a8f5856eddf5574c3afe3c93109e97222b5|
reboot|unixtime,|
ex: ||Myproject|00:01:02:04:05:06|reboot|1225307846,|
testing1|unixtime,| (testing1 one will not be affected by unixtime)
ex: ||Myproject|00:01:02:04:05:06|testing1|unixtime,|
testing1|unixtime,| (testing2 will act normally and be affected by unixtime)
ex: ||Myproject|00:01:02:04:05:06|testing2|unixtime,|
ex: active|unixtime,| increases the checking to be every 40 seconds for 3 hours
||Myproject|00:01:02:04:05:06|active|unixtime,|
ex: activestop|unixtime,| reverts back to regular periodicity
||Myproject|00:01:02:04:05:06|activestop|unixtime,|