Aka. "L's Access Control System"
This is a relatively simple python program for a quick and easy access control system for an internet-facing server.
- This program "attaches" to an email account and checks every 15 seconds for a specific type of email.
- The email will have a specific subject, and its content is the IP Address to allow
- When this email is recieved:
- Allow the IP Address from the email using UFW
- The IP Address will automatically be deleted from UFW in a configurable amount of time
- When the node program is released, it will be able to send allow changes to other servers (see future section at bottom)
- It doesn't matter what email service you use, as long as there is a way for this program to access it. Here is a tutorial for Gmail. I recommend using a dedicated email address.
- Tutorial on setting up UFW.
This code assumes you already have:
- An email address accessable by a password
- UFW installed and set up
- The "at" command installed (comes by default on most linux distros) (Refer to the tutorials section if you don't have both of these)
git clone https://github.com/Snapwhiz914/LACS
cd LACS
chmod +x install.sh
./install.shThe configuration file will be at /etc/lacs.yaml after running the install instructions above.
Here is a general guide for what your configuration should look like (this is the default config with no comments):
email: account@example.com
password: AccountPassword123
server: imap.server.com
port: 143
subject: "SubjectRequirement"
time_in_hours: 24Start LACS:
systemctl start lacs.serviceLACS is automatically configured to run on boot through a systemd service.
You must run systemctl restart lacs.service after editing your config.
Simply run git pull in whatever directory you cloned lacs in before and run the install.sh file again.
- Any linux OS that supports UFW and python should be able to run this program.
- Your subject requirement should be secure. I recommend generating a key.
- Non-SSL mail services are not supported at this time (support may come in the future, but for now stick to the secure option)
- The Nodes feature is not ready yet as of April 21, so do not use that in the config yet.
- If you are using Gmail, make sure to enable access from third party/unsecure apps (Described in the tutorials above)
- I recommend creating a script or shortcut that automatically emails your public IP address to your LACS mail address. Here is one for MacOS/iOS.
- Due to the nature of checking emails, do not expect to have access immediately. It usually takes 30 seconds or under for it to update UFW
- Mail with attachments are automatically ignored, no matter what the text contents of the message are.
- On a related subject to the above note, the message body containing the ip address cannot have any formatting (just normal ascii)
- Do not run multiple instances of this service on the same account at the same time, they will interfere with each other. If you want to use one account to control access on multiple machines, delegate one machine as the host and install LACS-node on the other machines.
Be sure to read the CONTRIBUTING.md file before you submit a pull request
- Docker container compatibility