local network에 google assistant sdk를 구현하는 node js server를 만든다.

이는 google home speaker와 같이 작동하나 mic와 speaker가 없다.

smart things sensor 기기에서 발생한 이벤트는 node server에 전달되고 node server는 같은 local network에 있는 다른 google home 기기에 broadcast 해서 알림을 수행한다.

smart things기기에서 발생한 이벤트는 webcore를 이용해서 만든 조건에 따른 action에 따라 node js에 전달된다.


전체 설치와 기본 사용 방법 설명 동영상

https://www.youtube.com/watch?v=yYVUs_mKVrM


smart things community page

Google Assistant Relay V2.0 – Google Home Audio Notifications

https://community.smartthings.com/t/release-google-assistant-relay-v2-0-google-home-audio-notifications/136473

git hub page

Google Assistant Relay V2.0 – Google Home Audio Notifications

https://github.com/greghesp/assistant-relay

전반적인 google assistant sdk를 이용한 프로젝트에 대한 설명  

https://developers.google.com/assistant/sdk/guides/service/python/embed/config-dev-project-and-account

google assistant sdk를 이용한 프로젝트의 경우 Actions Console (https://console.actions.google.com/) 에 들어가서 프로젝트를 만들거나 기존 프로젝트는 등록해주어한다.

다 하고 나면 아래 그림과 같이 된다.

image

 

google api 사용을 위한 설정

https://console.developers.google.com/apis/api/embeddedassistant.googleapis.com/

client id에 사용된 jacob 은 다운 받는 oauth credential file의 이름으로 사용된다. 또 이 화일은 assistant relay의 assistant-relay-masterserverconfigurationssecrets 내에 저장된다. ( jacob.json )

image

webcore 설치 방법

설치 방법이 길고 복잡하나 동영상을 그대로 따르면 문제 발생하지 않는다.

https://www.youtube.com/watch?v=y_ElUwmmI6Y

참고 ) 설명 페이지

 https://wiki.webcore.co/#Opening_the_new_dashboard_from_your_phone

webcore 작업 페이지

https://dashboard.webcore.co

node version 8 (이때당시 10까지 나와 있었으나 10을 설치해서 사용하면 문제 가 발생했다.)

https://nodejs.org/dist/latest-v8.x/ 에서 x64 msi형식으로다운받는다. node 설치시

아래와 같은 문제는 node version이 10이어서 발생한 문제였다.

node 8이어야 한다고 함.

assistant relay를 windows cmd에서 설치하는 과정에서 아래와 같은 문제가 발생

npm ERR! No git binary found in $PATH

Could not find Git in your PATH environment variable – Windows

그래서 일단 https://desktop.github.com/ 를 설치했다.

assistant relay를 windows cmd에서 설치하는 과정에서 python이 없어서 문제 발생

https://www.howtogeek.com/197947/how-to-install-python-on-windows/

과 같은 방법을 통해 python 설치

https://www.python.org/downloads/release/python-2715/ 이곳에서 아래 화일을 다운 받아 설치 Windows x86-64 MSI installer

assistant relay를 windows cmd에서 설치하는 과정에서 

Tried to download(403): https://storage.googleapis.com/grpc-precompiled-binaries/node/grpc/v1.8.0/node-v64-win32-x64-unknown.tar.gz

image

와 같은 에러 발생 이는 컴퓨터네 virus 방어 프로 그램이 연결을 방해 해서 발생했다. 잠시 방어프로그램을 정지 시킨다.

참조) 

npm install grpc fail

https://github.com/grpc/grpc-node/issues/140

npm init      —– package.json이 없는 경우. 명령어 실행 화일을 만들수 있다.

npm install     —– 실제 library를 설치

npm run start     —– 실행

window에서 ip 정보 알아 내는 방법

cmd 에서 ipconfig 명령어를 이용한다. 

( google home device간의 broadcast는 local network안에서만 발행하므로 내 local ip address가 프로젝트에서 사용되었다. )

node js 설치와 google assistant relay가 정상적으로 설치되었다면 웹브라우져에서 http://10.1.10.13:3000 를 입력하면 “Cannot GET /” 또는 “dude, chill, its quiet time” (quiet mode시에는)가 출력된다.

local network에 google assistant sdk를 구현하는 node js server를 만든다.

이는 google home speaker와 같이 작동하나 mic와 speaker가 없다.

smart things sensor 기기에서 발생한 이벤트는 node server에 전달되고 node server는 같은 local network에 있는 다른 google home 기기에 broadcast 해서 알림을 수행한다.

smart things기기에서 발생한 이벤트는 webcore를 이용해서 만든 조건에 따른 action에 따라 node js에 전달된다.


전체 설치와 기본 사용 방법 설명 동영상

https://www.youtube.com/watch?v=yYVUs_mKVrM


smart things community page

Google Assistant Relay V2.0 – Google Home Audio Notifications

https://community.smartthings.com/t/release-google-assistant-relay-v2-0-google-home-audio-notifications/136473

git hub page

Google Assistant Relay V2.0 – Google Home Audio Notifications

https://github.com/greghesp/assistant-relay

전반적인 google assistant sdk를 이용한 프로젝트에 대한 설명  

https://developers.google.com/assistant/sdk/guides/service/python/embed/config-dev-project-and-account

google assistant sdk를 이용한 프로젝트의 경우 Actions Console (https://console.actions.google.com/) 에 들어가서 프로젝트를 만들거나 기존 프로젝트는 등록해주어한다.

다 하고 나면 아래 그림과 같이 된다.

image

 

google api 사용을 위한 설정

https://console.developers.google.com/apis/api/embeddedassistant.googleapis.com/

client id에 사용된 jacob 은 다운 받는 oauth credential file의 이름으로 사용된다. 또 이 화일은 assistant relay의 assistant-relay-masterserverconfigurationssecrets 내에 저장된다. ( jacob.json )

image

webcore 설치 방법

설치 방법이 길고 복잡하나 동영상을 그대로 따르면 문제 발생하지 않는다.

https://www.youtube.com/watch?v=y_ElUwmmI6Y

참고 ) 설명 페이지

 https://wiki.webcore.co/#Opening_the_new_dashboard_from_your_phone

webcore 작업 페이지

https://dashboard.webcore.co

node version 8 (이때당시 10까지 나와 있었으나 10을 설치해서 사용하면 문제 가 발생했다.)

https://nodejs.org/dist/latest-v8.x/ 에서 x64 msi형식으로다운받는다. node 설치시

아래와 같은 문제는 node version이 10이어서 발생한 문제였다.

node 8이어야 한다고 함.

assistant relay를 windows cmd에서 설치하는 과정에서 아래와 같은 문제가 발생

npm ERR! No git binary found in $PATH

Could not find Git in your PATH environment variable – Windows

그래서 일단 https://desktop.github.com/ 를 설치했다.

assistant relay를 windows cmd에서 설치하는 과정에서 python이 없어서 문제 발생

https://www.howtogeek.com/197947/how-to-install-python-on-windows/

과 같은 방법을 통해 python 설치

https://www.python.org/downloads/release/python-2715/ 이곳에서 아래 화일을 다운 받아 설치 Windows x86-64 MSI installer

assistant relay를 windows cmd에서 설치하는 과정에서 

Tried to download(403): https://storage.googleapis.com/grpc-precompiled-binaries/node/grpc/v1.8.0/node-v64-win32-x64-unknown.tar.gz

image

와 같은 에러 발생 이는 컴퓨터네 virus 방어 프로 그램이 연결을 방해 해서 발생했다. 잠시 방어프로그램을 정지 시킨다.

참조) 

npm install grpc fail

https://github.com/grpc/grpc-node/issues/140

npm init      —– package.json이 없는 경우. 명령어 실행 화일을 만들수 있다.

npm install     —– 실제 library를 설치

npm run start     —– 실행

window에서 ip 정보 알아 내는 방법

cmd 에서 ipconfig 명령어를 이용한다. 

( google home device간의 broadcast는 local network안에서만 발행하므로 내 local ip address가 프로젝트에서 사용되었다. )

node js 설치와 google assistant relay가 정상적으로 설치되었다면 웹브라우져에서 http://10.1.10.13:3000 를 입력하면 “Cannot GET /” 또는 “dude, chill, its quiet time” (quiet mode시에는)가 출력된다.

original source : http://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/

About iptables

iptables is a command-line firewall utility that uses policy chains to allow or block traffic. When a connection tries to establish itself on your system, iptables looks for a rule in its list to match it to. If it doesn’t find one, it resorts to the default action.

iptables almost always comes pre-installed on any Linux distribution. To update/install it, just retrieve the iptables package:

sudo apt-get install iptables

There are GUI alternatives to iptables like Firestarter, but iptables isn’t really that hard once you have a few commands down. You want to be extremely careful when configuring iptables rules, particularly if you’re SSH’d into a server, because one wrong command can permanently lock you out until it’s manually fixed at the physical machine.

Types of Chains

iptables uses three different chains: input, forward, and output.

Input – This chain is used to control the behavior for incoming connections. For example, if a user attempts to SSH into your PC/server, iptables will attempt to match the IP address and port to a rule in the input chain.

Forward – This chain is used for incoming connections that aren’t actually being delivered locally. Think of a router – data is always being sent to it but rarely actually destined for the router itself; the data is just forwarded to its target. Unless you’re doing some kind of routing, NATing, or something else on your system that requires forwarding, you won’t even use this chain.

There’s one sure-fire way to check whether or not your system uses/needs the forward chain.

iptables -L -v

The screenshot above is of a server that’s been running for a few weeks and has no restrictions on incoming or outgoing connections. As you can see, the input chain has processed 11GB of packets and the output chain has processed 17GB. The forward chain, on the other hand, has not needed to process a single packet. This is because the server isn’t doing any kind of forwarding or being used as a pass-through device.

Output – This chain is used for outgoing connections. For example, if you try to ping howtogeek.com, iptables will check its output chain to see what the rules are regarding ping and howtogeek.com before making a decision to allow or deny the connection attempt.

The caveat

Even though pinging an external host seems like something that would only need to traverse the output chain, keep in mind that to return the data, the input chain will be used as well. When using iptables to lock down your system, remember that a lot of protocols will require two-way communication, so both the input and output chains will need to be configured properly. SSH is a common protocol that people forget to allow on both chains.

Policy Chain Default Behavior

Before going in and configuring specific rules, you’ll want to decide what you want the default behavior of the three chains to be. In other words, what do you want iptables to do if the connection doesn’t match any existing rules?

To see what your policy chains are currently configured to do with unmatched traffic, run theiptables -L command.

As you can see, we also used the grep command to give us cleaner output. In that screenshot, our chains are currently figured to accept traffic.

More times than not, you’ll want your system to accept connections by default. Unless you’ve changed the policy chain rules previously, this setting should already be configured. Either way, here’s the command to accept connections by default:

iptables --policy INPUT ACCEPT
iptables --policy OUTPUT ACCEPT
iptables --policy FORWARD ACCEPT

By defaulting to the accept rule, you can then use iptables to deny specific IP addresses or port numbers, while continuing to accept all other connections. We’ll get to those commands in a minute.

If you would rather deny all connections and manually specify which ones you want to allow to connect, you should change the default policy of your chains to drop. Doing this would probably only be useful for servers that contain sensitive information and only ever have the same IP addresses connect to them.

iptables --policy INPUT DROP
iptables --policy OUTPUT DROP
iptables --policy FORWARD DROP

Connection-specific Responses

With your default chain policies configured, you can start adding rules to iptables so it knows what to do when it encounters a connection from or to a particular IP address or port. In this guide, we’re going to go over the three most basic and commonly used “responses”.

Accept – Allow the connection.

Drop – Drop the connection, act like it never happened. This is best if you don’t want the source to realize your system exists.

Reject – Don’t allow the connection, but send back an error. This is best if you don’t want a particular source to connect to your system, but you want them to know that your firewall blocked them.

The best way to show the difference between these three rules is to show what it looks like when a PC tries to ping a Linux machine with iptables configured for each one of these settings.

Allowing the connection:

Dropping the connection:

Rejecting the connection:

Allowing or Blocking Specific Connections

With your policy chains configured, you can now configure iptables to allow or block specific addresses, address ranges, and ports. In these examples, we’ll set the connections to DROP, but you can switch them to ACCEPT or REJECT, depending on your needs and how you configured your policy chains.

Note: In these examples, we’re going to use iptables -A to append rules to the existing chain. iptables starts at the top of its list and goes through each rule until it finds one that it matches. If you need to insert a rule above another, you can use iptables -I [chain] [number] to specify the number it should be in the list.

Connections from a single IP address

This example shows how to block all connections from the IP address 10.10.10.10.

iptables -A INPUT -s 10.10.10.10 -j DROP

Connections from a range of IP addresses

This example shows how to block all of the IP addresses in the 10.10.10.0/24 network range. You can use a netmask or standard slash notation to specify the range of IP addresses.

iptables -A INPUT -s 10.10.10.0/24 -j DROP

or

iptables -A INPUT -s 10.10.10.0/255.255.255.0 -j DROP

Connections to a specific port

This example shows how to block SSH connections from 10.10.10.10.

iptables -A INPUT -p tcp --dport ssh -s 10.10.10.10 -j DROP

You can replace “ssh” with any protocol or port number. The -p tcp part of the code tells iptables what kind of connection the protocol uses.  If you were blocking a protocol that uses UDP rather than TCP, then -p udp would be necessary instead.

This example shows how to block SSH connections from any IP address.

iptables -A INPUT -p tcp --dport ssh -j DROP

Connection States

As we mentioned earlier, a lot of protocols are going to require two-way communication. For example, if you want to allow SSH connections to your system, the input and output chains are going to need a rule added to them. But, what if you only want SSH coming into your system to be allowed? Won’t adding a rule to the output chain also allow outgoing SSH attempts?

That’s where connection states come in, which give you the capability you’d need to allow two way communication but only allow one way connections to be established. Take a look at this example, where SSH connections FROM 10.10.10.10 are permitted, but SSH connections TO 10.10.10.10 are not. However, the system is permitted to send back information over SSH as long as the session has already been established, which makes SSH communication possible between these two hosts.

iptables -A INPUT -p tcp --dport ssh -s 10.10.10.10 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp --sport 22 -d 10.10.10.10 -m state --state ESTABLISHED -j ACCEPT

Saving Changes

The changes that you make to your iptables rules will be scrapped the next time that the iptables service gets restarted unless you execute a command to save the changes.  This command can differ depending on your distribution:

Ubuntu:

sudo /sbin/iptables-save

Red Hat / CentOS:

/sbin/service iptables save

Or

/etc/init.d/iptables save

Other Commands

List the currently configured iptables rules:

iptables -L

Adding the -v option will give you packet and byte information, and adding -n will list everything numerically. In other words – hostnames, protocols, and networks are listed as numbers.

To clear all the currently configured rules, you can issue the flush command.

iptables -F

original source : http://www.pbxer.com/asterisk-security-use-iptables-to-block-nasty-hosts/

ASTERISK SECURITY: USE IPTABLES TO BLOCK THE BAD GUYS

Having your asterisk server on the public internet, people will try to use your phone system for free.

One technique is for scripts simply to look for any accounts with easy to guess usernames and passwords. It’s easy to spot these attempts in the log files. Just look for any “Fail” messages:

grep “Fail” /var/log/asterisk/messages

[Jun 18 07:42:15] NOTICE[31682] chan_sip.c: Failed to authenticate user "MeucciSolutions" ;tag=as6f2c0dfb[Jun 18 07:49:45] NOTICE[31682] chan_sip.c: Failed to authenticate user "MeucciSolutions" ;tag=as51af5dba
[Jun 18 09:02:47] NOTICE[31682] chan_sip.c: Failed to authenticate user "MeucciSolutions" ;tag=as3c4e5e5b
[Jun 18 09:57:09] NOTICE[31682] chan_sip.c: Failed to authenticate user "MeucciSolutions" ;tag=as22d69494
...

As you can see, some joker at 74.55.157.130 tried several times to authenticate on my server. Now, I have passwords that are not easy to guess, but still I’d prefer to block them from even getting to my asterisk server. Linux has a built-in firewall and it is possible to simply reject any packets from this IP address.

iptables -I INPUT -s 74.55.157.130 -j DROP

That translates to: If any packets come from this particular IP address (source), ignore (drop) them.

To view (list) all the blocked IP addresses:

iptables -n -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       all  --  74.55.157.130        0.0.0.0/0

TCP / UDP 설명

TCP / UDP 설명

Windows 8 – Finding the IP Number and MAC Address of a Network Card