Using Node-red and Home-Assistant to check Unauthorised Computer Usage

Using Node-red and Home-Assistant to check Unauthorised Computer Usage

So continuing with my Node-red tutorials, I thought I’d take a look at some workstation security related notifications. In this tutorial, I am going to select a couple of scenarios where you might want to be alerted to activity on your windows computer.

First, I want to show you how to send yourself an alert on telegram if another user logs on to your workstation.

Second, I want to show you how to send yourself an alert if you’re away from home and your cpu usage goes above a certain threshold, which could indicate someone is using your machine in your absence.

Finally I want to show you how to send yourself an alert if the software underpinning this alert system is stopped for one reason or another. Regardless of whether you’re at home or not.

Whilst this may look complex initially, we are literally building upon the blocks of my previous tutorials which if you haven’t seen already, you might want to take a look at:

IOTlink: Full control and monitoring of your Windows 10 machine using MQTT

A Guide to using Telegram with Node-red and Home-Assistant

The Elephant in the Room: Presence Detection in Home-Assistant

 

Using IOTlink below is an example of the output my Windows 10 PC is pushing over MQTT.

ryzen stats
ryzen stats

 

For the purposes of this tutorial, I am going to assume that you have IOTlink installed and running. You’ll need an input_boolean in home-assistant that reliably shows whether you’re at home or not, and finally you need the ability to send yourself a message via telegram (although you can substitute the message node to whatever service you prefer: pushover, twitter, email etc). Again, all of these can be set up from the posts above. Let’s get started.

 

Part 1: Sending an alert if another user logs into your workstation

Here’s the full flow. In layman’s terms, the mqtt node (no.1) pulls in the required information from IOTlink and then sends that to the Current User switch. If the current user == who it should be, do nothing, or the lower option, if the current user != (does not equal) who it should be then set the message payload to a nice formatted message, send it onwards to telegram. (the creating message function just deals with telegram related details).

current user flow
current user flow

In order to find out what the correct MQTT topic was to receive the login info, i used MQTT explorer, which is extremely handy for checking what’s being reported by IOTlink to the broker. You can see below on the right hand side of the window the actual topic we needed to subscribe to.

mqtt explorer
mqtt explorer

 

So we’ve set the topic in node-red to pull down the current-user’s details and sent it forwards.

current user mqtt node
current user mqtt node

I added a debug window here to check we were receiving the correct payload (my user login has been removed).

Current user debug payload
Current user debug payload

 

Here we set the switch gate. Output 1 do nothing, output 2, send a payload.

Current user switch gate
Current user switch gate

From output 2 we essentially modify the payload into a readable expression.

current user payload set
current user payload set
payload format for current user
payload format for current user

 

Finally we include the two telegram nodes necessary to send to our chatbot and we’re done. In order to test, you can send a notification of the top output of the switch gate and stop/start IOTlink to check it’s working, or login to a different/guest account on your workstation to fire off the message from the bottom output.

 

Part 2: How to send yourself an alert if you’re away from home and your cpu usage goes above a certain threshold

This pretty much relies on the same principles as above, only instead of equals / doesn’t equal, it’s set to if “greater than or equal to” to fire off the message and checks my input_boolean (which was created in our presence detection tutorial) to see if I am home or not before sending the flow. Obviously we don’t want it sending to us if I’m home, as I’m most likely using the pc myself.

CPU usage flow
CPU usage flow

Again using MQTT explorer I found the topic for CPU usage.

Cpu usage mqtt node

Cpu usage mqtt node

I then set the threshold for which I wanted to be alert if my pc was busy. I just stuck in 50 here, but you may well go for a lower number particularly if you have a powerful machine.

CPU usage gate
CPU usage gate

Assuming CPU usage goes to 50 or more, the next node checks to see if I am home or not. If I am not home (I’ve used the 2nd output) then we proceed to formatting the message using the JSON editor below.

input boolean am I home?

input boolean am I home?

The message format

CPU usage json
CPU usage json

And then again, it’s off to the telegram sender nodes to let me know something is going on with my pc. To test I just opened every Adobe CC application I could find and then began to get notified once the CPU was put through its paces. You could further refine this to send you notifications after a certain time or with more information if needed. Like who’s logged in as well etc.

 

Part 3: How to be notified if IOTlink is down.

This one’s relatively straight forward to do and again follows the same guidelines as the previous 2. We use MQTT explorer to find the topic for the service as a whole.

IOTlink status flow
IOTlink status flow

See below for the full topic we need to subscribe to.

IOTlink mqtt node
IOTlink mqtt node

 

Next we need to set up the logic gate. I.e. if OFF then send a message. Note this is case sensitive so be sure to put it into capitals.

IOTlink on or off
IOTlink on or off

And finally we set the message format before sending this off to the telegram sender nodes.

 

IOTlink status message format
IOTlink status message format

 

Hopefully this tutorial would have provided some interest for you. You could easily build on this with more complex animations. I’ve had a think about some other possible variations:

You could have the computer screen switch off after a certain amount of time when XYZ logs in. This could be useful to limit your child’s PC usage especially during the evening.

You could set yourself an unattended low disk warning.

You could send an alert if your IP address changes from what it should be or if the network drops (automated router or managed switch reboot?).

You could alert yourself to charge a laptop if the battery falls below a certain threshold.

I’ve been using telegram here, but it would be just as easy to use google’s TTS as I’ve illustrated in other posts here. You could also create entities in Alexa and ask her what’s the current network speed? This could trigger a flow to then check and report back the data. Custom Alexa integrations are covered here.

 

Let me know in the comments if you can think of any other good use cases!

Cheers

 

See my most recent book here

Leave a Reply

Your email address will not be published. Required fields are marked *