Using Node-red and Home-Assistant to check Unauthorised Computer Usage

Using Node-red and Home-Assistant to check Unauthorised Computer Usage

So continuing with my Node-red tutorials, I thought I’d take a look at some workstation security related notifications. In this tutorial, I am going to select a couple of scenarios where you might want to be alerted to activity on your windows computer.

First, I want to show you how to send yourself an alert on telegram if another user logs on to your workstation.

Second, I want to show you how to send yourself an alert if you’re away from home and your cpu usage goes above a certain threshold, which could indicate someone is using your machine in your absence.

Finally I want to show you how to send yourself an alert if the software underpinning this alert system is stopped for one reason or another. Regardless of whether you’re at home or not.

Whilst this may look complex initially, we are literally building upon the blocks of my previous tutorials which if you haven’t seen already, you might want to take a look at:

IOTlink: Full control and monitoring of your Windows 10 machine using MQTT

A Guide to using Telegram with Node-red and Home-Assistant

The Elephant in the Room: Presence Detection in Home-Assistant

 

Using IOTlink below is an example of the output my Windows 10 PC is pushing over MQTT.

ryzen stats
ryzen stats

 

For the purposes of this tutorial, I am going to assume that you have IOTlink installed and running. You’ll need an input_boolean in home-assistant that reliably shows whether you’re at home or not, and finally you need the ability to send yourself a message via telegram (although you can substitute the message node to whatever service you prefer: pushover, twitter, email etc). Again, all of these can be set up from the posts above. Let’s get started.

 

Part 1: Sending an alert if another user logs into your workstation

Here’s the full flow. In layman’s terms, the mqtt node (no.1) pulls in the required information from IOTlink and then sends that to the Current User switch. If the current user == who it should be, do nothing, or the lower option, if the current user != (does not equal) who it should be then set the message payload to a nice formatted message, send it onwards to telegram. (the creating message function just deals with telegram related details).

current user flow
current user flow

In order to find out what the correct MQTT topic was to receive the login info, i used MQTT explorer, which is extremely handy for checking what’s being reported by IOTlink to the broker. You can see below on the right hand side of the window the actual topic we needed to subscribe to.

mqtt explorer
mqtt explorer

 

So we’ve set the topic in node-red to pull down the current-user’s details and sent it forwards.

current user mqtt node
current user mqtt node

I added a debug window here to check we were receiving the correct payload (my user login has been removed).

Current user debug payload
Current user debug payload

 

Here we set the switch gate. Output 1 do nothing, output 2, send a payload.

Current user switch gate
Current user switch gate

From output 2 we essentially modify the payload into a readable expression.

current user payload set
current user payload set
payload format for current user
payload format for current user

 

Finally we include the two telegram nodes necessary to send to our chatbot and we’re done. In order to test, you can send a notification of the top output of the switch gate and stop/start IOTlink to check it’s working, or login to a different/guest account on your workstation to fire off the message from the bottom output.

 

Part 2: How to send yourself an alert if you’re away from home and your cpu usage goes above a certain threshold

This pretty much relies on the same principles as above, only instead of equals / doesn’t equal, it’s set to if “greater than or equal to” to fire off the message and checks my input_boolean (which was created in our presence detection tutorial) to see if I am home or not before sending the flow. Obviously we don’t want it sending to us if I’m home, as I’m most likely using the pc myself.

CPU usage flow
CPU usage flow

Again using MQTT explorer I found the topic for CPU usage.

Cpu usage mqtt node

Cpu usage mqtt node

I then set the threshold for which I wanted to be alert if my pc was busy. I just stuck in 50 here, but you may well go for a lower number particularly if you have a powerful machine.

CPU usage gate
CPU usage gate

Assuming CPU usage goes to 50 or more, the next node checks to see if I am home or not. If I am not home (I’ve used the 2nd output) then we proceed to formatting the message using the JSON editor below.

input boolean am I home?

input boolean am I home?

The message format

CPU usage json
CPU usage json

And then again, it’s off to the telegram sender nodes to let me know something is going on with my pc. To test I just opened every Adobe CC application I could find and then began to get notified once the CPU was put through its paces. You could further refine this to send you notifications after a certain time or with more information if needed. Like who’s logged in as well etc.

 

Part 3: How to be notified if IOTlink is down.

This one’s relatively straight forward to do and again follows the same guidelines as the previous 2. We use MQTT explorer to find the topic for the service as a whole.

IOTlink status flow
IOTlink status flow

See below for the full topic we need to subscribe to.

IOTlink mqtt node
IOTlink mqtt node

 

Next we need to set up the logic gate. I.e. if OFF then send a message. Note this is case sensitive so be sure to put it into capitals.

IOTlink on or off
IOTlink on or off

And finally we set the message format before sending this off to the telegram sender nodes.

 

IOTlink status message format
IOTlink status message format

 

Hopefully this tutorial would have provided some interest for you. You could easily build on this with more complex animations. I’ve had a think about some other possible variations:

You could have the computer screen switch off after a certain amount of time when XYZ logs in. This could be useful to limit your child’s PC usage especially during the evening.

You could set yourself an unattended low disk warning.

You could send an alert if your IP address changes from what it should be or if the network drops (automated router or managed switch reboot?).

You could alert yourself to charge a laptop if the battery falls below a certain threshold.

I’ve been using telegram here, but it would be just as easy to use google’s TTS as I’ve illustrated in other posts here. You could also create entities in Alexa and ask her what’s the current network speed? This could trigger a flow to then check and report back the data. Custom Alexa integrations are covered here.

 

Let me know in the comments if you can think of any other good use cases!

Cheers

 

See my most recent book here

Comments

  1. Hi, I’m trying to get MQTT explorer to work with my IOTLink instance but it doesn’t seem to work. Can you explain a bit more in detail how you set up the connection?
    I’m running the IOTLink instance as a service on my windows machine and MQTT explorer is running on the same machine. For some reason it always fails to connect (using localhost, 127.0.0.1 and local ip)

    1. Sorry for the delay, I’ve been travelling finally. How many MQTT brokers do you have? I am only using one (hassio add-on- mosquito). I connected IOT link to it without issue and so it’s controllable for me that way. Regarding MMQTT explorer am on version 0.4.0-beta 1 and just connected this to the broker and it just appeared. Are you able to connect to IOTlink independently of MQTT explorer (trying to narrow down the issue)?
      When I connect mqtt explorer to the broker, i always use mqtt:// in protocol, and for host: 192.168.X.X (obviously, port, user and password as normal). I also have validate certificate ticked, but encryption off, so maybe you might try that?

      1. Thanks for the reply! maybe I’m missing something because I just installed IOT Link and ran the MQTT explorer but I don’t run hassio for the moment. I just wanted to have a NR flow to turn off and on my windows PC between work hours. Does that mean that you use hassio as the broker and you connect MQTT (and NR) to hassio and not directly to IOT link? (sorry for the nooby questions, still new in the MQTT world)

        1. Don’t worry about newbie questions. We all started somewhere! Better to ask and learn than hide 🙂

          You need a MQTT broker for this to work. You can install one on your Windows machine, on Linux, docker container, cloudmqtt etc. Anywhere. I just happen to use the add-on in home-assistant for mine. The broker is the main man and allows devices/systems to publish and subscribe to topics. For all of this to work, they all need to connect to the broker. As you correctly mentioned above everything has an independent link to the MQTT add-on (think of it as independent of home-assistant). I have explorer, NR, HA, Iotlink, tasmota plugs, WLED controllers all connected directly to the broker.

Leave a Reply