Archive for category tutorial

How to receive Linux server alerts on your phone via WhatsApp

In my last article, I wrote about how to receive Linux server alerts on your phone via telegram. While telegram has a rich feature set, it is still not as popular as whatsapp at least in most regions. Almost, everyone I know is using whatsapp. With the recent addition of end-to-end ecryption, I’ve since relaxed my negative opinions of this service. Therefore, I decided to write a follow-up to my previous article, and show you how to get alerts from your Linux server via whatsapp. I will not delve into the setup of icinga2, however, once you are able to send messages to whatsapp, things should be pretty much self explanatory.

Thanks to Tarek Galal, who wrote a python library called yowsup to interface with whatsapp API.

First install it as follows:

pip install yowsup2

If installation fails, ensure that your have installed all the required dependencies on your Linux box which include python2.6+, python-dateutil, argparse,readline, pillow. If you intend to use encryption, you will need to install protobuf, pycrypto, python-axolotl-curve25519

Yowsup comes with a command-line tool appropriately named; yowsup-cli. For a full understanding of its usage, please visit the yowsup-cli wiki

Registration

As expected, you will need to register your phone. This can be done simply as follows:

yowsup-cli registration -d -E android -m 641 -n 10 -p 256XXXXXXXXX -C 256 -r sms

The arguments explained:
-d For debugging
-E This is the environment. Specifically set this to android. The default will cause you to run into ‘no_route’ errors.
-m This is the MCC for your country. In my case 641 is for Uganda. Use the site: http://mcclist.com/mobile-network-codes-country-codes.asp to locate yours
-n This is the MNC for your Telecom provider. Again, use the site: http://mcclist.com/mobile-network-codes-country-codes.asp to locate yours
-p This is your phone number. Include the country code specified in next option -C
-C This is the country telephone code. In my case 256 is for Uganda.
-r (sms|voice) This is method by which pin code will be sent to you

If execution of the above command is successful, you will receive, either a text message or voice call with the PIN code. Use this code to complete the registration process as follows:

yowsup-cli registration -d -E android -p 2567XXXXX -C 256 -R PIN-CODE

The arguments are similar to above, except for:
– R which allows you to register using the provided PIN-CODE

Once the command above has been executed successfully, the results displayed will look like the following

kind: free
pw: dfggHHSGGdIcdddRN567gjy=
price: US$0.99
price_expiration: 147567899
currency: USD
cost: 0.99
expiration: 4444444444.0
login: 256XXXXXXXXXX
type: new

Take note of the 2 fields: pw and login

Sending Messages

You should now be able to send messages using the command line. Test sending as follows:

yowsup-cli demos -d -l "256XXXXXXXX:dfggHHSGGdIcdddRN567gjy=" -s 256XXXXXXXXX "This is a test – Hello World"

The arguments explained:
-d For debugging
-l login. Enter in format [login:password]
-s The recipient’s phone number

At this point your recipient should be able to receive your message.

For monitoring with icinga2, you will need to create a script using the above command for sending messages. Make it executable and place it in location of your scripts. From, here, setup of icinga2 is like any other as shown in my previous article.

If you need more assistance or are interested in Linux and Open Source stuff, follow me @jzikusooka.

How to receive Linux server alerts on your phone via telegram

To monitor my Linux servers, I have been using icinga since its forking from the popular Nagios. Icinga has really matured over the last few years and currently at version 2.4.4, I would recommend anyone serious at network and server monitoring to check this open source project. Installation and setup of icinga2 is somewhat complex, but if you are an experienced command line sort of guy, its not that hard at all. In fact the introduction of icingaweb2 has made it possible to have an easy to use interface to setup your monitoring needs. I will not delve into the nitty gritty of install and setup. For that please take a look at the detailed documentation.

Several alerts are possible when using Icinga including e-mail, sms, XMPP, IRC, twitter etc. I wanted a way to get notified of host and service failures using telegram. Luckily, telegram provides an API to do just that.

The secret source in all of this; is to install a command line interface for telegram called telegram-cli . In order for telegram-cli to compile without any issues, ensure that all dependencies are installed

For Fedora:

sudo dnf -y install
lua-devel openssl-devel libconfig-devel readline-devel libevent-devel
jansson-devel python-devel

For Ubuntu/Debian:

sudo apt-get install
libreadline-dev libconfig-dev libssl-dev lua5.2 liblua5.2-dev
libevent-dev libjansson-dev libpython-dev make 

Now install telegram-cli

cd /usr/src && git clone –recursive https://github.com/vysheng/tg.git

Note: Make sure you add the recursive flag to git clone, otherwise make will fail

cd tg
./configure && make

The binary is under ./bin/telegram-cli. Simply create a symbolic link to it.

cd /usr/sbin && ln -s /usr/src/tg/bin/telegram-cli .

Thats it for the installation of telegram-cli. Please read the README file in the sources root folder, especially on how to use this application.

Icinga2 telegram-cli setup

First ensure that the user icinga (created during icinga install process) can send a message using telegram-cli. Remember all alerts go out under the icinga user, so you have to get this part working first, lest you spend hours troubleshooting.

Temporarily change the shell for icinga from ‘/sbin/nologin’ to ‘/bin/bash.’ Remember to change back to nologin for icinga user when testing is completed.

usermod -s /bin/bash icinga

Now change to user icinga: Assumming that you are root user, if not you will be prompted for a password, which you would setup as root.

su -l icinga
telegram-cli

Enter your phone number and SMS code sent when prompted

Then test to see if you can send a message:

telegram-cli -D -W -e "msg [PEER_NAME] 'Hello World'"

If it works, then you can proceed to configure icinga2.

Create notification script for services

cat > /etc/icinga2/scripts/notify_services_via_telegram.sh << EOF

#!/usr/bin/env bash

TELEGRAM_CMD=/usr/sbin/telegram-cli

TELEGRAM_OPTS=”-D -W”

TELEGRAM_PEER=[PEER_NAME]

TELEGRAM_MSG=$(cat <<TEMPLATE

[$HOSTALIAS] $NOTIFICATIONTYPE: $SERVICEDESC is $SERVICESTATE

TEMPLATE

)

$TELEGRAM_CMD $TELEGRAM_OPTS -e “msg $TELEGRAM_PEER ‘$TELEGRAM_MSG'”

EOF

Ensure that above script is executable:

chmod 755 /etc/icinga2/scripts/notify_services_via_telegram.sh

Proceed to configure commands, notifications, and hosts config files: Note: Am only setting up notifications for services. You can do the same for hosts information.

cat >> /etc/icinga2/conf.d/commands.conf <<EOF

/** Telegram */

object NotificationCommand “telegram-service-notification” {

import “plugin-notification-command”

command = [ SysconfDir + “/icinga2/scripts/notify_services_via_telegram.sh” ]

env = {

“NOTIFICATIONTYPE” = “$notification.type$”

“SERVICEDESC” = “$service.name$”

“HOSTALIAS” = “$host.display_name$”,

“HOSTADDRESS” = “$address$”,

“SERVICESTATE” = “$service.state$”,

“LONGDATETIME” = “$icinga.long_date_time$”,

“SERVICEOUTPUT” = “$service.output$”,

“NOTIFICATIONAUTHORNAME” = “$notification.author$”,

“NOTIFICATIONCOMMENT” = “$notification.comment$”,

“HOSTDISPLAYNAME” = “$host.display_name$”,

“SERVICEDISPLAYNAME” = “$service.display_name$”,

“USEREMAIL” = “$user.email$”

}

}

EOF

cat >> /etc/icinga2/conf.d/notifications.conf <<EOF

/** Telegram */

apply Notification “telegram-icingaadmin” to Service {

import “telegram-service-notification”

user_groups = host.vars.notification.telegram.groups

users = host.vars.notification.telegram.users

assign where host.vars.notification.telegram

}

EOF

To get alerts on services for a host, add the following stanza to the host configuration in /etc/icinga2/conf.d/hosts.conf

/* Telegram */

vars.notification[“telegram”] = {

groups = [ “icingaadmins” ]

}

Finally, check your config files

icinga2 daemon -C

Restart icinga if all is OK. You will now be notified via telegram when services fail for the above configured host.

How to install a wireless hotspot with captive page on Linux using CoovaChilli

The purpose of this article is to demonstrate how you can turn a Linux based computer or laptop into a wireless hotspot where users can be authenticated via a captive portal page. For this task, the primary controller software will be CoovaChilli. This software is an ideal hotspot management solution for hotels, restaurants, supermarkets, parks, and any place offering WiFi Internet. Read more

How to configure nginx for use with WordPress and other CMS based websites

This is the second part of my Nginx tutorial. The first part covered the installation process. In this post, I will show you how to modify the default configuration and get your server ready to serve CMS based websites like WordPress, Drupal, Joomla, Gallery etc

Before delving into the configuration of nginx, it is important to ensure that all the prerequisite software is installed and properly configured. Like all of my tutorials, I am using Linux and specifically Fedora 20.

PHP

Install the following php and related modules:

yum install php php-fpm php-pecl-apcu php-pdo php-mcrypt php-common php-mysqlnd php-process php-gd php-pear php-pear-DB php-pgsql php-xml php-cli php-xmlrpc php-mbstring php-pecl-igbinary php-pecl-memcache php-pecl-memcached php-pecl-mongo php-pecl-jsonc

Edit the php configuration file:

vim /etc/php.ini

I recommend setting the following parameters in php.ini:

short_open_tag = On
date.timezone = Africa/Kampala (or your time zone)

Edit the php-fpm configuration file:

vim /etc/php-fpm.d/www.conf

Change the following options in www.conf:

[www]
listen = 127.0.0.1:9000
;listen.allowed_clients = 127.0.0.1
user = nginx
group = nginx

Change permissions of the php sessions directory:

chown nginx:nginx /var/lib/php

Now enable and start php-fpm service:

systemctl enable php-fpm.service && systemctl start php-fpm.service

OPENSSL

Install openssl if you plan on securing your server; which you should!

yum install openssl openssl-libs openssl-devel

Add ssl directory where certificate and key will be stored:

mkdir /etc/nginx/ssl

Generate self-signed SSL certificate and key for your webserver:

openssl req -new -x509 -out /etc/nginx/ssl/cert.pem -key /etc/nginx/ssl/cert.key -days 365

SPAWN-FCGI

Install spawn-fcgi, a simple program for spawning FastCGI processes:

yum install spawn-fcgi

Edit the environment file for spawn-fcgi:

vim /etc/sysconfig/spawn-fcgi

Make the following changes:

FCGI_SOCKET=/var/run/fcgiwrap.socket
FCGI_PROGRAM=/usr/sbin/fcgiwrap
FCGI_USER=nginx
FCGI_GROUP=nginx
FCGI_EXTRA_OPTIONS="-M 0700"
OPTIONS="-u $FCGI_USER -g $FCGI_GROUP -s $FCGI_SOCKET -S $FCGI_EXTRA_OPTIONS -F 1 -P /var/run/spawn-fcgi.pid -- $FCGI_PROGRAM"

Enable and start spawn-fcgi.service:

systemctl enable spawn-fcgi.service && systemctl start spawn-fcgi.service

FCGIWRAP

Install fcgiwrap, a simple FastCGI wrapper for CGI scripts:

cd /usr/src

Download fcgiwrap sources:

git clone https://github.com/gnosek/fcgiwrap.git
cd /usr/src/fcgiwrap
autoreconf -i
./configure --prefix=/usr
make && make install

CONFIGURATION

Nginx’s configuration files are located under /etc/nginx. And as specified by the installation configure command in the previous post, the main configuration file is: /etc/nginx/nginx.conf. This is where I will make most of my changes.

vim nginx.conf

Add the following to nginx.conf and save it:

user nginx;
worker_processes 1;
#
events {
worker_connections 1024;
}
#
http {
include mime.types;
include conf.d/*.conf;
include sites-enabled/*;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
keepalive_timeout 65;
#
server {
listen 80;
server_name localhost;
root html;
index index.html index.htm index.php;
autoindex on;
access_log /var/log/nginx/localhost.access.log main;
#
location / {
}
#
error_page 500 502 503 504 /50x.html;
#
location = /50x.html {
}
#
location ~ \.php$ {
include includes/php_params;
}
#
location ~* \.(cgi|chi)$ {
include includes/cgi_params;
}
# Add xmlrpc scgi support
#
location ~ ^/RPC2$ {
scgi_pass localhost:5000;
include scgi_params;
}
}
#
# HTTPS server
#
server {
listen 443 ssl;
server_name localhost;
root html;
index index.html index.htm index.php;
#
ssl_certificate ssl/cert.pem;
ssl_certificate_key ssl/cert.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
#
location / {
}
#
location ~ \.php$ {
include includes/php_params;
}
#
location ~* \.(cgi|chi)$ {
include includes/cgi_params;
}
}
}

To get details on what these directives exactly mean and the syntax used above, visit the Nginx documentation

NOTES:

Nginx is pretty picky when it comes to Syntax, so:

– The location directive is placed within a server directive.
– Also, all directives must end with a semicolon.

Like other similar programs in UNIX, you can split the configuration file into several files using the parameter: include as shown in the above file. This makes maintenance and packaging of these files easier.

Create other configuration directories:

mkdir /etc/nginx/{conf.d,includes,sites-enabled}

Add the following files to the includes directory:

vim /etc/nginx/includes/php_params

gzip off;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
fastcgi_index index.cgi;
#
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
#
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param HTTPS $https if_not_empty;
#
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
#
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
#
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

vim /etc/nginx/includes/cgi_params

fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
#
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
#
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param HTTPS $https if_not_empty;
#
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
#
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
#
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

VIRTUAL HOSTS

Now let’s configure a virtual host. In this tutorial, I use example.com as the domain name.

vim /etc/nginx/sites-enabled/example.com

server {
listen 80;
#
server_name zikusooka.com www.zikusooka.com;
root html/vhost.example;
index index.html index.htm index.php;
#
location / {
}
#
location ~ \.php$ {
include includes/php_params;
}
#
location ~* \.(cgi|chi)$ {
include includes/cgi_params;
}
}

WEB CONTENT

Add an index file to the main server’s root directory, for example:

vim /usr/share/nginx/html/index.html

Add the following and save (This is just for testing, any HTML web page should work):

<HTML>
<B>Hello World. Welcome to my Nginx web server!</B>
<HTML>

Create the document root directory for your virtual host:

mkdir /usr/share/nginx/html/example.com

Add your document root in the above created directory. For Example create a file named index.php.

vim /usr/share/nginx/html/example.com/index.php

Add the following and save (This is just to test php, so any simple php page should work):

<?
phpinfo();
?>

TESTING

Finally, restart nginx web server:

systemctl start nginx

If all goes well, you should now be able to browse html, php, and cgi pages on your server. You can then proceed to installing your WordPress or other content management system.