Embed Size (px)
Citation preview
Department of Science and Technology IV-AJamboree Rd., Timugan, Los Baños, Laguna
ICT Based Disaster Communication System Installation Manual
Prepared by: Gaspar Howell F. MiñgaDate: May 14, 2012
1 | P a g e
CONTENTS
1. Introduction …………………………………………………………………………………………………. 42. Pre-requisite …………………………………………………………………………………………………. 43. Tools needed …………………………………………………………………………………………………. 44. Pre-installation requirement …………………………………………………………………………. 45. Installation of Ubuntu Operating System …………………………………………………………….. 4
5.1 Minimum Server Requirements …………………………………………………………….. 45.2 Installation process ……………………………………………………………………………………… 4
6. INSTALLATION OF playSMS ……………………………………………………………………………………… 56.1 Introduction ………………………………………………………………………………………………….. 56.2 Description …………………………………………………………………………………………………... 56.3 Requirement …………………………………………………………………………………………………… 66.4 Minimum Required Software ……………………………………………………………… 66.5 Minimum Required Server Administrator (or Developer) …………………………. 66.6 Installation instruction ………………………………………………………………………….. 66.7 playSMS Web Interface …………………………………………………………………………. 6
7. INSTALLATION OF SMSSERVERTOOLS3 ……………………………………………………………… 87.1 Introduction ………………………………………………………………………………………………….. 87.2 Installation instruction …………………………………………………………………………. 8
8. Hardening the ICT Server ……………………………………………………………………………………… 108.1 Change settings for increased security…………………………………………………. 108.2 Disable root SSH login …………………………………………………………………………. 108.3 Only allow admin users to use su …………………………………………………………….. 118.4 Add yourself to the admin group …………………………………………………………….. 118.5 Restrict access to /bin/su to admin group members …………………………………….. 118.6 Check permissions for /bin/su …………………………………………………………….. 118.7 Do not permit source routing of incoming packets …………………………………….. 118.8. Don’t allow system users to access an FTP server …………………………………….. 118.9. Edit /etc/ftpusers ……………………………………………………………………………………… 128.10. UFW: basic firewall ……………………………………………………………………………………… 128.11. Install and enable Uncomplicated Firewall ………………………………………………… 128.12 Display available UFW commands …………………………………………………………….. 128.13 Display UFW configuration …………………………………………………………………………. 138.14 Allow SSH and HTTP access to the Apache server ……………………………………. 138.15 See services running and which names to use ……………………………………. 138.16 Denyhosts: to avoid SSH attacks ……………………………………………………………. 138.17 Tiger: security system scanner ……………………………………………………………. 138.18 Detect attempted intrusions with psad ……………………………………………….. 148.19 Nmap: port scanning ………………………………………………………………………… 158.20 LogWatch ………………………………………………………………………………………………… 158.21 Ongoing maintenance ………………………………………………………………………… 168.22 Updating software ………………………………………………………………………… 16
2 | P a g e
8.23 Check for attempted instrusions ……………………………………………………………… 169. CONFIGURING THE MAIL SERVER Using POSTFIX …………………………………………………. 17
9.1 Installation ………………………………………………………………………………………………….. 179.2 Basic Configuration ……………………………………………………………………………………… 18
10. Creating a Self-Signed Certificate ………………………………………………………………………….. 2410.1. Generating a Certificate Signing Request (CSR) …………………………………….. 2510.2. Installing the Certificate …………………………………………………………………………. 2710.3. Certification Authority …………………………………………………………………………. 27
11. Configuration of smsd.conf ……………………………………………………………………………………… 2812. Configuration of mysmsd file …………………………………………………………………………. 3013. Setting up cron jobs on crontab …………………………………………………………………………. 4014. Creating script to run on crontab …………………………………………………………………………. 4115. Creating a Folder for the csv file …………………………………………………………………………. 4216. Restarting SMSTools3 ……………………………………………………………………………………… 4317. Restarting the ICT Server ……………………………………………………………………………………… 43
3 | P a g e
1. Introduction
- The purpose of this documentation is to provide a step by step guide for Ubuntu OS, playSMS, smstools3 installation and editing some configuration files.
2. Pre-requisite- The person to perform the server installation should be knowledgeable in computer hardware
and software especially linux operating system.
3. Tools needed- Server computer- Ubuntu linux Operating System (version 10.04 or latest)- playSMS and smstools3 application package
4. Pre-installation requirement- make sure that you are connected to the network and have internet access while installing the
Ubuntu linux Operating system.
5. Installation of Ubuntu Operating System
5.1Minimum Server Requirements
a. At least Pentium 4 Processorb. At least 40 GB HDDc. At least 512 MB RAMd. DVD ROM
5.2 Installation process
insert the installer cd select english for the language then select install ubuntu server in the countries or regions select philippines in detecting the keyboard layout, select yes and follow the instruction and it should be
detected or appear as "us", then select continue no problem should be encounter in detecting the hardware loading additional requirement should be completed in configuring the network, select cancel. a network configuration method window will
appear, select configure network manuallya. ipaddress - 202.90.131.20b. netmask - 255.255.255.248
4 | P a g e
c. gateway - 202.90.131.17d. nameserver address - 202.90.131.3 202.90.128.3 202.90.128.8e. hostname - ictbdmfsf. domain name - ictbdmfs.dost.gov.ph
configuring the clock - time zone is Asia/Manila, select yes starting up the partitioner - select guided (use entire disk and set up LVM)
g. select the disk for partitionh. at this point you will be ask to remove existing logical volume data, select yesi. write the changes to disks and configure LVM, select yesj. amount of volume group to use for guided partitioning input "max"k. write the changes to disks, select yes
in installing the base system, it should be completed username and password configuration
l. username - ictm. username of the account - ictn. password – dostiva123o. encrypt home directory - yes
in proxy information leave it blank and select continue configuring the "apt" should be completed select and install software select no automatic updates software to install
p. DNS serverq. LAMP serverr. Mail servers. OpenSSH server
Password for the MySQL - 'gasparhowell' installing GRUB boot loader, select yes finishing installation, restart the cpu
6. INSTALLATION OF playSMS
6.1 Introduction
PlaySMS is an application use to send Short Message Service (SMS) via gateway. This application contains some functions that can be embedded in a user developed SMS System. Such functions can be found in the playsms library (eg. /var/www/playsms/lib/fn_sendsms). There are lot of SMS gateway application that can be used in implementing the playSMS application. In this project, we choose to custom SMSTOOLS3 as the gateway.
6.2 Descriptiona. This document explain about howto install or setup playSMS
6.3 Requirement
5 | P a g e
a. Minimum Required Hardwareb. Web server capable hardware
6.4 Minimum Required Software- Operating System (Ubuntu 10.04 Lucid)- Web Server (Apache2)- Database Server (MySQL 5.1.41)- PHP 5.3.2 or latest stable release with mysql module enabled and CLI version available- PHP gettext extension (this is a must for text translation)- PHP multibyte string function (should be able to call mb_convert_encoding)- Access to SMTP server (playSMS will use this to send email)
6.5 Minimum Required Server Administrator (or Developer)- Understand howto make sure installed PHP has MySQL module enabled/loaded- Understand howto create/drop MySQL database- Understand howto insert SQL statements into created database- Basic knowledges to operate and manage Linux (skill to navigate in console mode)
6.6 Installation instruction
Note: (You must be in root priviledge when installing playSMS. If not, please understand that this documentation is trying to guide you to install playSMS on /var/www/playsms under user 'playsms'. You may use your own useroname, your own home directory or any preferred directory. This installation instructions might be working also for other *NIX based operating system)
6.7 playSMS Web Interface:
1. It is important to meet all minimum requiments above
2. Setup a system user named 'playsms' to manage playSMS # adduser playsms # passwd playsms Note: on some Linux distributions adduser and passwd combined (Debian, Ubuntu and maybe others)
3. On most Linux distributions actions (2) will create system user and group named 'playsms' with home directory /home/playsms, but you will install playSMS in different directory
6 | P a g e
4. Create playSMS web root, spool and log and set ownership to user www-data or web server user # mkdir -p /var/www/playsms # mkdir -p /var/spool/playsms # mkdir -p /var/log/playsms # chown -R www-data /var/www/playsms # chown -R www-data /var/spool/playsms # chown -R www-data /var/log/playsms
5. Extract playSMS package in /usr/local/src # tar -zxvf playsms-x.x.x.tar.gz -C /usr/local/src Note: x.x.x may vary according to the package name you've download
6. Copy files and directories inside 'web' directory to playSMS web root and set ownership again to user www-data or apache web server user # cd /usr/local/src/playsms-x.x.x/web # cp -rR * /var/www/playsms # chown -R www-data /var/www/playsms
Note: assumed your web server user is www-data
7. Setup database (import database) # mysqladmin -u root -p create playsms # mysql -u root -p playsms < /usr/local/src/playsms-x.x.x/db/playsms.sql
Note: you dont need to use MySQL root access nor this method to setup playSMS database, but this is beyond our scope, you should read MySQL manual's for custom installation method or howto insert SQL statements into existing database
8. Copy config-dist.php to config.php and edit config.php # cd /var/www/playsms # cp config-dist.php config.php # mcedit config.php or # vi config.php Note: please read and fill all required fields with coutious
9. Enter bin directory, copy playsms, playsmsd, playsmsd.php, playsmsd_start to directory default # cd /usr/local/src/playsms-x.x.x/bin # cp playsmsd playsmsd.php playsmsd_start /usr/local/bin/
7 | P a g e
# cp playsms /etc/default/ Note: please note the different between playsms and playsmsd
10. Look for rc.local on /etc and its subdirectories (usualy /etc, /etc/init.d or /etc/rc.d/init.d) Edit rc.local and put: "/usr/local/bin/playsmsd_start" (without quotes) on the bottom of the file (before exit if theres exit command). This way playsmsd_start will start automatically on boot. Note: you need 'root' access to do this
11 Browse http://localhost/playsms/ and login using default administrator user username: admin password: admin
12. At this point you should be able to login to playSMS web interface and manage playSMS
(Thanks to Anton Raharja for sharing this opensource application.)
7. INSTALLATION OF SMSSERVERTOOLS3
7.1 Introduction
The smsservertools3 is an SMS Gateway software which can send and receive short messages through GSM modems and mobile phones. You can send short messages by simply storing text files into a special spool directory. The program monitors this directory and sends new files automatically. It also stores received short messages into another directory as text files. The program can be run as a SMS daemon which can be started automatically when the operating system starts. High availability can be ensured by using multiple GSM devices (currently up to 64, this limit is easily changeable).
The program can run other external programs or scripts after events like reception of a new message, successful sending and also when the program detects a problem. These programs can inspect the related text files and perform automatic actions, for example storing information into a database (for example MySQL or Microsoft SQL Server), sending an automatic reply, forwarding messages via eMail (SMS to eMail gateway), ... and whatever you like.
Reference : http://smstools3.kekekasvi.com
7.2 Installation instruction
8 | P a g e
This manual is also compatible with original SMS Server Tools. This step by step installation instruction is designed for playSMS are as follows:
1. Extract SMS Server Tools source package in /usr/local/src# tar -zxvf smstools3-3.1.3.tar.gz
2. Enter the extracted source codes directory and execute make to compile followed by installing smstools3
# cd smstools3# make# make install
4. Back to playSMS source directory, copy smsd.conf from contrib/smstools/ to /etc# cd <playsms source codes directory># cp contrib/smstools/smsd.conf /etc/
5. Make changes on /etc/smsd.conf (just comment the default value as a guide and custom it with your gsm modem)
6. Create some important directories for smstools3# mkdir -p /var/spool/sms/checked# mkdir -p /var/spool/sms/failed# mkdir -p /var/spool/sms/incoming# mkdir -p /var/spool/sms/outgoing# mkdir -p /var/spool/sms/sent# mkdir -p /var/log/sms
7. Change permissions on some directories so that web server user can write files on it# chmod -R 777 /var/spool/smsor# chown -R www-data /var/spool/sms
8. Enter playSMS from web and login as administrator user and activate Gateway smstools
Note if you are using Ubuntu or Debian and alike:- To get smstools3 running automatically on every boot, type this command: # update-rc.d sms3 defaults For smstools, type following command: # update-rc.d sms defaults
(Thanks to Mr. Keijo "Keke" Kasvi for sharing this opensource application.)9 | P a g e
8. Hardening the ICT Server
Security is relative. These steps make ICT Server more secure than it was before. Security is an on-going process. It includes settings, practices and procedures. Make it your business to regularly read about security and to understand the concepts and our system. Paranoia is useful with regard to server security.
Ubuntu server is well designed, regularly updated and relatively secure. The Ubuntu Security Team manifests an onging effort to keep Ubuntu secure. Regular security updates are available and easy to implement.
No open ports Role-based administration
No X server
Security updates
Kernel and compiler hardening
In this documentation, we are going to meet the security challenge in with multi-pronged effort that will include: system analysis, changing settings for additional hardening against attack, installing a firewall maintenance system, scanning for rootkits, and offering a regular maintenance regimen.
Change settings for increased security Implement UFW, the uncomplicated firewall
Use denyhosts to automatically blacklist attackers
Scan the system for vulnerabilities with Tiger
Detect attempted intrusions with psad
Install nmap and scan the system for open ports
Check the system for rootkits with chkrootkit
Monitor logs
8.1 Change settings for increased security
see also: https://help.ubuntu.com/community/StricterDefaults
Secure shared memory
/dev/shm can be used in an attack against a running service, such as httpd. Modify /etc/fstab to make it more secure.
10 | P a g e
sudo vi /etc/fstab
Add this line:
tmpfs /dev/shm tmpfs defaults,noexec,nosuid 0 0
8.2 Disable root SSH login
The root account is disabled by default in Ubuntu. In any case, it is a good idea to disable root SSH access. Edit /etc/ssh/sshd_config and set PermitRootLogin to no.
sudo vi /etc/ssh/sshd_config
Change
PermitRootLogin to no:
Of course, if you access your server via SSH, you should make sure you have sudo working for your user before disabling SSH root access.
8.3 Only allow admin users to use su
This helps prevent privilege escalation.
By default, Ubuntu does not have an admin group. Create an admin group:
sudo groupadd admin
8.4. Add yourself to the admin group:
sudo usermod -a -G admin andrew
8.5. Restrict access to /bin/su to admin group members:
sudo dpkg-statoverride --update --add root admin 4750 /bin/su
8.6. Check permissions for /bin/su with:
ls -lh /bin/su
…and see the following:
-rwsr-x--- 1 root admin 31K 2010-01-26 17:09 /bin/su
8.7 Do not permit source routing of incoming packets
11 | P a g e
sudo sysctl -w net.ipv4.conf.all.accept_source_route=0sudo sysctl -w net.ipv4.conf.default.accept_source_route=0
8.8 Don’t allow system users to access an FTP server
This is only needed is ftpd is installed and running. Only if you’ve installed ftpd. However, it is Ok to do this anyway and it will remove a FAIL from the tiger report.
SFTP is probably better than FTP, if it is usable for your files transfer needs.
8.9 Edit /etc/ftpusers:
sudo vi /etc/ftpusers
Add system users to deny use of ftpd:
01.backup02.bin03.daemon04.games05.gnats06.irc07.libuuid08.list09.lp10.mail11.man12.mysql13.news14.ntp15.postfix16.proxy17.sshd18.sync19.sys20.syslog21.uucp22.www-data
8.10. UFW: basic firewall
UFW (Uncomplicated Firewall) provides an easy to understand interface to control iptables (iptables control Netfilter, which is built into the kernel). Will just a few commands, your server can control access. Checking status is also easy.
UFW (uncomplicated firewall) is a simple interface used to configure iptables.
12 | P a g e
8.11 Install and enable Uncomplicated Firewall:
sudo aptitude install -y ufwsudo ufw enable
8.12 Display available UFW commands:
sudo ufw show
8.13 Display UFW configuration:
sudo ufw status
8.14 Allow SSH and HTTP access to the Apache server:
sudo ufw allow sshsudo ufw allow http
In the above example, ports for OpenSSH and Apache were opened by service name (“ssh” and “http”). You can use a port number instead of the service name (like “80″ instead of “http”).
8.15 See services running and which names to use:
The practice here is to open only ports that you use – ports that use a service that have a service running. To see a list of services that you have running for which you might want to open ports for:
sudo ufw app list
To see a list of services that UFW uses (like in the “sudo ufw allow ssh” example, above):
less /etc/services
8.16 Denyhosts: to avoid SSH attacks
Looking at /var/log/auth.log on servers that I manage shows a steady streams of attacks on SSH. I am countering these attacks in a number of ways, starting with denyhosts.
Denyhosts periodically scans /var/log/auth.log for repeated failures to access the system via SSH. It then adds these offenders to /etc/hosts.deny.
sudo aptitude -y install denyhosts
That does it – the rest is automatic. You can see the IP addresses added to /etc/hosts.deny with:
sudo less /etc/hosts.deny
13 | P a g e
8.17 Tiger: security system scanner
Tiger creates an automated security audit by analyzing files and settings on the system and creating a report listing what has been analyzed and listing warning, alerts and failures.
The tiger command creates a report of potential security problems in /var/log/tiger. The use the tigexp command to look up the resulting codes generated for a detailed explanation and what to do to make the system more secure. The problems tiger considers most serious are marked with FAIL.
It has been a while since Tiger has been updated. It still produces a useful report.
Install tiger:
sudo aptitude -y install tiger
Run tiger to create a report of security issues.
sudo tiger
Use less to view the most recent tiger report:
sudo -iless /var/log/tiger/`ls -t1 /var/log/tiger | head -1`exit
Use tigexp to list explanations for FAIL codes:
tigexp dev002f
Ignore these:
1.--FAIL-- [dev002f] /dev/fuse has world permissions2.--FAIL-- [logf005f] Log file /var/log/btmp permission should be 660
Changing permissions for these could cause problems.
8.18 Detect attempted intrusions with psad
project: http://www.cipherdyne.org/psad/
Psad is a collection of lightweight daemons that log attempted intrusions, in particular monitoring iptables.
Installation:
14 | P a g e
sudo aptitude -y install psad
The daemons will run automatically.
To check current status:
sudo psad -S
You can modify psad settings to e-mail the admin in the event of intrusion detection.
8.19 Nmap: port scanning
project: http://nmap.org/
This allows you to see which ports are open, verifying that UFW/iptables is working correctly.
Installing nmap:
sudo aptitude install -y nmap
Port scanning:
nmap -v -sT localhost
SYN Scanning:
sudo nmap -v -sS localhost
scan type explanations: http://nmap.org/book/man-port-scanning-techniques.html
Chkrootkit: check for rootkit presence
project: http://www.chkrootkit.org/
Chkrootkit scans the system for evidence that a rootkit has been installed.
This is a confidence test to be used to test whether your system has been compromised. In a perfect world you would not need this…but in this world, it is good to run periodically.
Installing chkrootkit:
sudo aptitude install -y chkrootkit
Running chkrootkit:
sudo chkrootkit15 | P a g e
8.20 LogWatch
Ubuntu community documentation: https://help.ubuntu.com/community/Logwatch
The most detailed and informative logs in the world are useless if no one looks at them. Logwatch winnows the deluge to a succinct report…which you will look at. Even so, familiarize yourself with your system’s logs and review them on a regular basis. A daily logwatch habit would be a good start.
Installation:
sudo aptitude -y install logwatch
Usage:
sudo logwatch | less
8.21 Ongoing maintenance
Your server is now more secure. Once a week, perform on-going maintenance.
8.22 Updating software:
sudo aptitude updatesudo aptitude safe-upgrade
The safe-upgrade action is preferred by me because it does not upgrade packages that rely on dependencies that have not been upgraded to required levels.
see: http://wiki.debian.org/Aptitude
Or, you could set-up automatic security updates, if you cannot do the weekly maintenance. This is not a perfect solution because an administrator is not monitoring what is being updated and testing after updates. see: https://help.ubuntu.com/10.04/serverguide/C/automatic-updates.html
8.23 Check for attempted instrusions:
sudo psad -S
UPDATED: Analyze system with tiger. Because the tiger reports in /var/log/tiger/are owned by root, run these commands one at a time. (This solves a problem some people were having with permissions.)
sudo -itiger
16 | P a g e
grep FAIL /var/log/tiger/`ls -t1 /var/log/tiger | head -1`exit
In the above, FAILs are pulled from the newest report file with grep. The ls clause in backticks gives grep the newest file in the directory. The sudo -i command allows you to run multiple commands as root, ending with exit.
Use tigexp to list explanations for FAIL codes:
tigexp dev002f
Scan ports with nmap:
sudo nmap -v -sS localhost
Check for rootkits
sudo chkrootkit
Look at logs:
sudo logwatch | less
Keep up with trends
visit: http://www.linuxsecurity.com/
9. CONFIGURING THE MAIL SERVER Using POSTFIX
Postfix is the default Mail Transfer Agent (MTA) in Ubuntu. It attempts to be fast and easy to administer and secure. It is compatible with the MTA sendmail. This section explains how to install and configure postfix. It also explains how to set it up as an SMTP server using a secure connection (for sending emails securely).
Note: This guide does not cover setting up Postfix Virtual Domains, for information on Virtual Domains and other advanced configurations see the section called “References”.
9.1 Installation
To install postfix run the following command:
sudo apt-get install postfix
17 | P a g e
Simply press enter key when the installation process asks questions, the configuration will be done in greater detail in the next stage.
9.2 Basic Configuration
To configure postfix, run the following command:
sudo dpkg-reconfigure postfix
The user interface will be displayed. On each screen, select the following values:
Internet Site
mail.example.com
steve
mail.example.com, localhost.localdomain, localhost
No
127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24
0
+
all
Note: Replace mail.example.com with the domain for which you'll accept email, 192.168.0.0/24 with the actual network and class range of your mail server, and steve with the appropriate username.
Now is a good time to decide which mailbox format you want to use. By default Postfix will use mbox for the mailbox format. Rather than editing the configuration file directly, you can use the postconf command to configure all postfix parameters. The configuration parameters will be stored in /etc/postfix/main.cf file. Later if you wish to re-configure a particular parameter, you can either run the command or change it manually in the file.
To configure the mailbox format for Maildir:
18 | P a g e
sudo postconf -e 'home_mailbox = Maildir/'
Note: This will place new mail in /home/username/Maildir so you will need to configure your Mail Delivery Agent (MDA) to use the same path.
SMTP Authentication
SMTP-AUTH allows a client to identify itself through an authentication mechanism (SASL). Transport Layer Security (TLS) should be used to encrypt the authentication process. Once authenticated the SMTP server will allow the client to relay mail.
Configure Postfix for SMTP-AUTH using SASL (Dovecot SASL):
sudo postconf -e 'smtpd_sasl_type = dovecot' sudo postconf -e 'smtpd_sasl_path = private/auth-client' sudo postconf -e 'smtpd_sasl_local_domain =' sudo postconf -e 'smtpd_sasl_security_options = noanonymous' sudo postconf -e 'broken_sasl_auth_clients = yes' sudo postconf -e 'smtpd_sasl_auth_enable = yes' sudo postconf -e 'smtpd_recipient_restrictions =
permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination' sudo postconf -e 'inet_interfaces = all'
Note: The smtpd_sasl_path configuration is a path relative to the Postfix queue directory.
Next, obtain a digital certificate for TLS. See the section called “Certificates” for details. This example also uses a Certificate Authority (CA). For information on generating a CA certificate see the section called “Certification Authority”.Note: You can get the digital certificate from a certificate authority. But unlike web clients, SMTP clients rarely complain about "self-signed certificates", so alternatively, you can create the certificate yourself. Refer to the section called “Creating a Self-Signed Certificate” for more details.
Once you have a certificate, configure Postfix to provide TLS encryption for both incoming and outgoing mail:
sudo postconf -e 'smtpd_tls_auth_only = no' sudo postconf -e 'smtp_tls_security_level = may' sudo postconf -e 'smtpd_tls_security_level = may' sudo postconf -e 'smtp_tls_note_starttls_offer = yes' sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'
19 | P a g e
sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt' sudo postconf -e 'smtpd_tls_loglevel = 1' sudo postconf -e 'smtpd_tls_received_header = yes' sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s' sudo postconf -e 'tls_random_source = dev:/dev/urandom' sudo postconf -e 'myhostname = mail.example.com'
If you are using your own Certificate Authority to sign the certificate enter:
sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'
Again, for more details about certificates see the section called “Certificates”.
Note: After running all the commands, Postfix is configured for SMTP-AUTH and a self-signed certificate has been created for TLS encryption.
Now, the file /etc/postfix/main.cf should look like this.
The postfix initial configuration is complete. Run the following command to restart the postfix daemon:
sudo /etc/init.d/postfix restart
Postfix supports SMTP-AUTH as defined in RFC2554. It is based on SASL. However it is still necessary to set up SASL authentication before you can use SMTP-AUTH.Configuring SASL
Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To enable Dovecot SASL the dovecot-common package will need to be installed. From a terminal prompt enter the following:
sudo apt-get install dovecot-commonNext you will need to edit /etc/dovecot/dovecot.conf. In the auth default section uncomment the socket listen option and change the following:
socket listen { #master { # Master socket provides access to userdb information. It's typically # used to give Dovecot's local delivery agent access to userdb so it # can find mailbox locations. #path = /var/run/dovecot/auth-master
20 | P a g e
#mode = 0600 # Default user/group is the one who started dovecot-auth (root) #user = #group = #} client { # The client socket is generally safe to export to everyone. Typical use # is to export it to your SMTP server so it can do SMTP AUTH lookups # using it. path = /var/spool/postfix/private/auth-client mode = 0660 user = postfix group = postfix } }
In order to let Outlook clients use SMTPAUTH, in the auth default section of /etc/dovecot/dovecot.conf add "login":
mechanisms = plain login
Once you have Dovecot configured restart it with:
sudo /etc/init.d/dovecot restart
Postfix-Dovecot
Another option for configuring Postfix for SMTP-AUTH is using the dovecot-postfix package. This package will install Dovecot and configure Postfix to use it for both SASL authentication and as a Mail Delivery Agent (MDA). The package also configures Dovecot for IMAP, IMAPS, POP3, and POP3S.
Note: You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail server. For example, if you are configuring your server to be a mail gateway, spam/virus filter, etc. If this is the case it may be easier to use the above commands to configure Postfix for SMTPAUTH.
To install the package, from a terminal prompt enter:
sudo apt-get install dovecot-postfix21 | P a g e
You should now have a working mail server, but there are a few options that you may wish to further customize. For example, the package uses the certificate and key from the ssl-cert package, and in a production environment you should use a certificate and key generated for the host. See the section called “Certificates” for more details.
Once you have a customized certificate and key for the host, change the following options in /etc/postfix/main.cf:
smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pemsmtpd_tls_key_file = /etc/ssl/private/ssl-mail.key
Then restart Postfix:
sudo /etc/init.d/postfix restart
Testing
SMTP-AUTH configuration is complete. Now it is time to test the setup.
To see if SMTP-AUTH and TLS work properly, run the following command:
telnet mail.example.com 25
After you have established the connection to the postfix mail server, type:
ehlo mail.example.com
If you see the following lines among others, then everything is working perfectly. Type quit to exit.
250-STARTTLS250-AUTH LOGIN PLAIN250-AUTH=LOGIN PLAIN250 8BITMIME
Troubleshooting
This section introduces some common ways to determine the cause if problems arise.Escaping chroot
22 | P a g e
The Ubuntu postfix package will by default install into a chroot environment for security reasons. This can add greater complexity when troubleshooting problems.
To turn off the chroot operation locate for the following line in the /etc/postfix/master.cf configuration file:
smtp inet n - - - - smtpd
and modify it as follows:
smtp inet n - n - - smtpd
You will then need to restart Postfix to use the new configuration. From a terminal prompt enter:
sudo /etc/init.d/postfix restart
Log Files
Postfix sends all log messages to /var/log/mail.log. However error and warning messages can sometimes get lost in the normal log output so they are also logged to /var/log/mail.err and /var/log/mail.warn respectively.
To see messages entered into the logs in real time you can use the tail -f command:
tail -f /var/log/mail.err
The amount of detail that is recorded in the logs can be increased. Below are some configuration options for increasing the log level for some of the areas covered above.
To increase TLS activity logging set the smtpd_tls_loglevel option to a value from 1 to 4.
sudo postconf -e 'smtpd_tls_loglevel = 4'
If you are having trouble sending or receiving mail from a specific domain you can add the domain to the debug_peer_list parameter.
sudo postconf -e 'debug_peer_list = problem.domain'
You can increase the verbosity of any Postfix daemon process by editing the /etc/postfix/master.cf and adding a -v after the entry. For example edit the smtp entry:
23 | P a g e
smtp unix - - - - - smtp -v
Note: It is important to note that after making one of the logging changes above the Postfix process will need to be reloaded in order to recognize the new configuration: sudo /etc/init.d/postfix reload
To increase the amount of information logged when troubleshooting SASL issues you can set the following options in /etc/dovecot/dovecot.conf
auth_debug=yes auth_debug_passwords=yes
Note: Just like Postfix if you change a Dovecot configuration the process will need to be reloaded:
sudo /etc/init.d/dovecot reload.
Note: Some of the options above can drastically increase the amount of information sent to the log files. Remember to return the log level back to normal after you have corrected the problem. Then reload the appropriate daemon for the new configuration to take affect.References
Administering a Postfix server can be a very complicated task. At some point you may need to turn to the Ubuntu community for more experienced help.
A great place to ask for Postfix assistance, and get involved with the Ubuntu Server community, is the #ubuntu-server IRC channel on freenode. You can also post a message to one of the Web Forums.
For in depth Postfix information Ubuntu developers highly recommend: The Book of Postfix.
Finally, the Postfix website also has great documentation on all the different configuration options available.
Also, the Ubuntu Wiki Postifx page has more information.
10. Creating a Self-Signed Certificate
24 | P a g e
One of the most common forms of cryptography today is public-key cryptography. Public-key cryptography utilizes a public key and a private key. The system works by encrypting information using the public key. The information can then only be decrypted using the private key.
A common use for public-key cryptography is encrypting application traffic using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) connection. For example, configuring Apache to provide HTTPS, the HTTP protocol over SSL. This allows a way to encrypt traffic using a protocol that does not itself provide encryption.
A Certificate is a method used to distribute a public key and other information about a server and the organization who is responsible for it. Certificates can be digitally signed by a Certification Authority or CA. A CA is a trusted third party that has confirmed that the information contained in the certificate is accurate.
The process of getting a certificate from a CA is fairly easy. A quick overview is as follows:
1. Create a private and public encryption key pair.2. Create a certificate request based on the public key. The certificate request contains information about your server and the company hosting it.
3. Send the certificate request, along with documents proving your identity, to a CA. We cannot tell you which certificate authority to choose. Your decision may be based on your past experiences, or on the experiences of your friends or colleagues, or purely on monetary factors.
Once you have decided upon a CA, you need to follow the instructions they provide on how to obtain a certificate from them.
4. When the CA is satisfied that you are indeed who you claim to be, they send you a digital certificate.5. Install this certificate on your secure server, and configure the appropriate applications to use the certificate.
10.1 Generating a Certificate Signing Request (CSR)
Whether you are getting a certificate from a CA or generating your own self-signed certificate, the first step is to generate a key.
If the certificate will be used by service daemons, such as Apache, Postfix, Dovecot, etc, a key without a passphrase is often appropriate. Not having a passphrase allows the services to start without manual intervention, usually the preferred way to start a daemon.
This section will cover generating a key with a passphrase, and one without. The non-passphrase key will then be used to generate a certificate that can be used with various service daemons.
Running your secure service without a passphrase is convenient because you will not need to enter the passphrase every time you start your secure service. But it is insecure and a compromise of the key
25 | P a g e
means a compromise of the server as well.
To generate the keys for the Certificate Signing Request (CSR) run the following command from a terminal prompt: openssl genrsa -des3 -out server.key 1024Generating RSA private key, 1024 bit long modulus.....................++++++.................++++++unable to write 'random state'e is 65537 (0x10001)Enter pass phrase for server.key:
You can now enter your passphrase. For best security, it should at least contain eight characters. The minimum length when specifying -des3 is four characters. It should include numbers and/or punctuation and not be a word in a dictionary. Also remember that your passphrase is case-sensitive.
Re-type the passphrase to verify. Once you have re-typed it correctly, the server key is generated and stored in the server.key file.
Now create the insecure key, the one without a passphrase, and shuffle the key names: openssl rsa -in server.key -out server.key.insecuremv server.key server.key.securemv server.key.insecure server.key
The insecure key is now named server.key, and you can use this file to generate the CSR without passphrase.
To create the CSR, run the following command at a terminal prompt: openssl req -new -key server.key -out server.csr
It will prompt you enter the passphrase. If you enter the correct passphrase, it will prompt you to enter Company Name, Site Name, Email Id, etc. Once you enter all these details, your CSR will be created and it will be stored in the server.csr file.
You can now submit this CSR file to a CA for processing. The CA will use this CSR file and issue the certificate. On the other hand, you can create self-signed certificate using this CSR.
Creating a Self-Signed Certificate
To create the self-signed certificate, run the following command at a terminal prompt: openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
The above command will prompt you to enter the passphrase. Once you enter the correct passphrase, your certificate will be created and it will be stored in the server.crt file.
26 | P a g e
If your secure server is to be used in a production environment, you probably need a CA-signed certificate. It is not recommended to use self-signed certificate.
10.2. Installing the Certificate
You can install the key file server.key and certificate file server.crt, or the certificate file issued by your CA, by running following commands at a terminal prompt: sudo cp server.crt /etc/ssl/certssudo cp server.key /etc/ssl/private
Now simply configure any applications, with the ability to use public-key cryptography, to use the certificate and key files. For example, Apache can provide HTTPS, Dovecot can provide IMAPS and POP3S, etc.
10.3. Certification Authority
If the services on your network require more than a few self-signed certificates it may be worth the additional effort to setup your own internal Certification Authority (CA). Using certificates signed by your own CA, allows the various services using the certificates to easily trust other services using certificates issued from the same CA.
1. First, create the directories to hold the CA certificate and related files: 2. sudo mkdir /etc/ssl/CA3. sudo mkdir /etc/ssl/newcerts4. The CA needs a few additional files to operate, one to keep track of the last serial
number used by the CA, each certificate must have a unique serial number, and another file to record which certificates have been issued:
5. sudo sh -c "echo '01' > /etc/ssl/CA/serial"6. sudo touch /etc/ssl/CA/index.txt7. The third file is a CA configuration file. Though not strictly necessary, it is very
convenient when issuing multiple certificates. Edit /etc/ssl/openssl.cnf, and in the [ CA_default ] change:
8. dir = /etc/ssl/ # Where everything is kept9. database = $dir/CA/index.txt # database index file.10. certificate = $dir/certs/cacert.pem # The CA certificate11. serial = $dir/CA/serial # The current serial number12. private_key = $dir/private/cakey.pem# The private key13. Next, create the self-singed root certificate:
14. openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
You will then be asked to enter the details about the certificate.
27 | P a g e
15. Now install the root certificate and key: 16. sudo mv cakey.pem /etc/ssl/private/17. sudo mv cacert.pem /etc/ssl/certs/18. You are now ready to start signing certificates. The first item needed is a Certificate
Signing Request (CSR), see the section called “Generating a Certificate Signing Request (CSR)” for details. Once you have a CSR, enter the following to generate a certificate signed by the CA:
19. sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf
After entering the password for the CA key, you will be prompted to sign the certificate, and again to commit the new certificate. You should then see a somewhat large amount of output related to the certificate creation.
20. There should now be a new file, /etc/ssl/newcerts/01.pem, containing the same output. Copy and paste everything beginning with the line: -----BEGIN CERTIFICATE----- and continuing through the line: ----END CERTIFICATE----- lines to a file named after the hostname of the server where the certificate will be installed. For example mail.example.com.crt, is a nice descriptive name.
Subsequent certificates will be named 02.pem, 03.pem, etc.
Replace mail.example.com.crt with your own descriptive name.
21. Finally, copy the new certificate to the host that needs it, and configure the appropriate applications to use it. The default location to install certificates is /etc/ssl/certs. This enables multiple services to use the same certificate without overly complicated file permissions.
For applications that can be configured to use a CA certificate, you should also copy the /etc/ssl/certs/cacert.pem file to the /etc/ssl/certs/ directory on each server.
11. Configuration of smsd.conf
This smsd.conf file specifies the device or the GSM/GPRS modem utilize in the development of the project. For structure of the smsd.conf file, the global environment variables are set first followed by the modem settings.
28 | P a g e
The actual configuration of smsd.conf file in the project.
devices = GSM1,GSM2
outgoing = /var/spool/sms/outgoingchecked = /var/spool/sms/checkedincoming = /var/spool/sms/incomingfailed = /var/spool/sms/failedsent = /var/spool/sms/sentstats = /var/spool/sms/statsstats_interval = 0status_interval = 1
logtime_ms = yeslogfile = /var/log/smsd.log#infofile = /var/run/smsd.workingpidfile = /var/run/smsd.pidloglevel = 5
receive_before_send = yeseventhandler = /usr/local/bin/mysmsdautosplit = 3max_continuous_sending = 7200trust_outgoing = yesreport = /var/spool/sms/report#store_original_filename = yes
29 | P a g e
[queues]GSM1 = /var/spool/sms/GSM1GSM2 = /var/spool/sms/GSM2
[provider]# Commented lines are examples for philippinesGSM1 = 63907,63908,63909,63910,63912,63918,63919,63920,63921,63928,63929,63930,63938,63939,63948,63949,63989GSM2 = 63905,63906,63915,63916,63917,63925,63926,63927,63935,63936,63937,63996,63997,63922,63923,63932,63933,63942,63943
[GSM1]# SMART MODEM#queues = GSM1device = /dev/ttyUSB2init = AT+CPMS="SM","SM","SM"check_network = 0trust_spool = noreport = yesincoming = yesoutgoing = yes#pin = ignorestatus_signal_quality = nobaudrate = 115200smsc = 639180000101queues = GSM1#datetime = %d%m%Y %H:%M:%S
[GSM2]# wavecom fasttrack supreme 20#queues = GSM2device = /dev/ttyUSB0init = AT+CPMS="ME","ME","ME" check_network = 0trust_spool = noreport = yesincoming = yes outgoing = yes
30 | P a g e
#pin = ignorestatus_signal_quality = nobaudrate = 115200smsc = 639170000130queues = GSM2
12. Configuration of mysmsd file
In the project, the mysmsd file handles the event processed by smstools3 such as incoming, outgoing, failed, checked and sent sms. The file is located in the /usr/local/bin and can be edited using any linux text editor application. Below is the actual setting of mysmsd file for reference.
#!/bin/sh
# This script logs all events into an SQL database# You need a MYSQL database as described in the documentation.# Please read the documentation before using this script.
SQL_HOST="192.168.1.113"SQL_USER=rootSQL_PASSWORD="gasparhowell"SQL_DATABASE=playsmsSQL_TABLE=playsms_tblSMSOutgoingSQL_TABLE2=playsms_tblUserInboxSQL_TABLE3=cltsmsSQL_TABLE4=playsms_subscribeSQL_TABLE5=playsms_messageSQL_TABLE6=playsms_rrmcheadSQL_TABLE8=playsms_alSQL_TABLE9=playsms_deviceSQL_TABLE10=playsms_tblStatisticsSQL_TABLE11=sms_log
SQL_DATABASE2=ictbdmfsSQL_TABLE12=ict_pbook_cp_numbers
DATE=`date +"%Y-%m-%d %H:%M:%S"`#Extract data from the SMS fileFROM=`formail -zx From: < $2 | sed 's/"//g'`TO=`formail -zx To: < $2`
31 | P a g e
#Remove plus sign, spaces, minus and short number prefixTO=`echo "$TO" | sed 's/ //g' | sed 's/+//g' | sed 's/s//g' | sed 's/-//g'`SUBJECT=`formail -zx Subject: < $2`SENT=`formail -zx Sent: < $2`MSGID=`formail -zx Message_id: <$2`#Text is not used but could be used TEXT=`formail -I "" <$2`
#Set some SQL parametersif [ "$SQL_PASSWORD" != "" ]; then SQL_ARGS="-p$SQL_PASSWORD"; else SQL_ARGS=""; fi
SQL_ARGS="-h $SQL_HOST -u $SQL_USER $SQL_ARGS -D $SQL_DATABASE -s -e"
#Set some SQL parametersif [ "$SQL_PASSWORD" != "" ]; then SQL_ARGS2="-p$SQL_PASSWORD"; else SQL_ARGS2=""; fi
SQL_ARGS2="-h $SQL_HOST -u $SQL_USER $SQL_ARGS2 -D $SQL_DATABASE2 -s -e"
#Insert a new entry into the SQL table
if [ "$1" = "FAILED" ] || [ "$1" = "SENT" ]; then mysql $SQL_ARGS "insert into $SQL_TABLE11 (type,sent,sender,receiver,msgid) values (\"$1\",\"$DATE\",\"$FROM\",\"$TO\",\"$3\");";
elif [ "$1" = "RECEIVED" ]; then
#Extract data from SMS that receivedFROM=`formail -zx From: < $2`ISTEXTS=`formail -I "" <$2`#GASTEXT=`echo $ISTEXT|cut -f2 -d#`
#first=`echo $ISTEXTS | sed 's/\([^]*\).*/\1'`#second=`echo $ISTEXTS | sed 's/[^]*\(.*\)/\1'`
32 | P a g e
#Check message if contain tag 'reg'ISTEXTS=`echo $TEXT|sed -e's/[\t]//g'`
if echo $ISTEXTS|grep -q "\bREGS" #keyword for registrationthen
A=`mysql $SQL_ARGS "select s_phonenumber,s_log from $SQL_TABLE4 where s_phonenumber=\"$FROM\" and s_log=\"0\""`
if [ "$A" ]; then #if subscriber is already registered#Create SMS confirmation to clientFILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX`echo "To: $FROM">$FILENAMEecho "" >> $FILENAMEecho "You are already registered to the server and no need for double registration."
>>$FILENAME else #new subscriberGASTEXT=`echo $ISTEXTS|cut -d " " -f 1`GASTEXT2=`echo $ISTEXTS|cut -d " " -f 2`
A=`mysql $SQL_ARGS "insert into $SQL_TABLE4 (datetime,s_name,s_phonenumber,s_log) values(\"$DATE\",\"$GASTEXT2\",\"$FROM\",\"0\");"`
echo "$A"
#Create SMS confirmation to client if format is valid#Include ID (generated by server) and client nameFILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX`#FILENAME= `mktemp /tmp/REGBXXXXXX`echo "To: $FROM" >$FILENAMEecho "" >> $FILENAMEecho "$GASTEXT2, you are now a registered volunteer. To report a flood situation type
FLOOD#<message>. To ask for weather update type WEATHER#<location> then send to 09498919023" >>$FILENAME
echo "To unregister type UREG then send to 09498919023" >>$FILENAME fi
elif echo $ISTEXTS|grep -q "\bUREG\b"then
33 | P a g e
A=`mysql $SQL_ARGS "UPDATE $SQL_TABLE4 set s_log=\"1\", u_datetime=\"$DATE\" where s_phonenumber=\"$FROM\" and s_log=\"0\""`
echo "$A"
#Create SMS confirmation for unregistration from the database#Include ID (generated by server) and client nameFILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX`#FILENAME= `mktemp /tmp/REGBXXXXXX`echo "To: $FROM" >$FILENAMEecho "" >> $FILENAMEecho "You are now successfully unregister to the system." >>$FILENAME
elif echo $ISTEXTS|grep -qi "\bHELP" #need of helpthen
A=`mysql $SQL_ARGS "SELECT s_phonenumber,s_log from $SQL_TABLE4 where s_phonenumber=\"$FROM\" and s_log=\"0\""`
#echo "$A"
B=`mysql $SQL_ARGS2 "SELECT cp_number1, cp_number2 from $SQL_TABLE12 where cp_number1=\"$FROM\" or cp_number2=\"$FROM\""`
if [ "$A" ] || [ "$B" ]; then#then
GASTEXT=`echo $ISTEXTS|cut -d " " -f 1`GASTEXT2=`echo $ISTEXTS|cut -d " " -f 2`GASTEXT3=`echo $ISTEXTS|cut -d " " -f 2-`
A=`mysql $SQL_ARGS "insert into $SQL_TABLE5 (msg_date, msg_keyword, msg_message) values(\"$DATE\",\"$GASTEXT\",\"$GASTEXT3\");"`
#echo "$A"
#Create SMS confirmation to client if format is valid#Include ID (generated by server) and client nameFILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX`#FILENAME= `mktemp /tmp/REGBXXXXXX`echo "To: $FROM" >$FILENAMEecho "" >> $FILENAME
34 | P a g e
echo "Help or assistance will be brought to you immediately as soon as posible. We will call you for some information. Hold on." >>$FILENAME
mysql $SQL_ARGS "insert into $SQL_TABLE2 (c_timestamp, in_sender, in_msg, in_datetime, in_hidden, is_read) values (\"$DATE\", \"$FROM\",\"$ISTEXTS\",\"$DATE\",\"0\",\"0\");";
else#Create SMS confirmation to client if cellphone number is registered or notFILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX`echo "To: $FROM" >$FILENAMEecho "" >> $FILENAMEecho "You are not yet register. To register type REGS#<name> and send to
09155703137." >>$FILENAMEfi
elif echo $ISTEXTS|grep -qi "\bFLOOD" #reporting a flooded or any incidents happened around the AOR
then
A=`mysql $SQL_ARGS "SELECT s_phonenumber,s_log from $SQL_TABLE4 where s_phonenumber=\"$FROM\" and s_log=\"0\""`
#echo "$A"
B=`mysql $SQL_ARGS2 "SELECT cp_number1, cp_number2 from $SQL_TABLE12 where cp_number1=\"$FROM\" or cp_number2=\"$FROM\""`
#A=`mysql $SQL_ARGS "SELECT s_phonenumber,s_log from $SQL_TABLE4 where s_phonenumber=\"$FROM\" and s_log=\"0\""`
#echo "$A"
if [ "$A" ] || [ "$B" ] ; then#then
GASTEXT=`echo $ISTEXTS|cut -d " " -f 1`GASTEXT2=`echo $ISTEXTS|cut -d " " -f 2`GASTEXT3=`echo $ISTEXTS|cut -d " " -f 2-`
A=`mysql $SQL_ARGS "insert into $SQL_TABLE5 (msg_date, msg_keyword, msg_message) values(\"$DATE\",\"$GASTEXT\",\"$GASTEXT3\");"`
#echo "$A"
#Create SMS confirmation to client if format is valid35 | P a g e
#Include ID (generated by server) and client nameFILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX`#FILENAME= `mktemp /tmp/REGBXXXXXX`
echo "To: $FROM" >$FILENAMEecho "" >> $FILENAMEecho "Thanks for supporting us an information. God bless." >>$FILENAME
else#Create SMS confirmation to client if cellphone number is registered or notFILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX`echo "To: $FROM" >$FILENAMEecho "" >> $FILENAMEecho "You are not yet register. To register type REGS#<name> and send to
09498919023." >>$FILENAMEfi
elif echo $ISTEXTS|grep -q "\bFEED" #reporting a flooded or any incidents happened around the AOR
thenA=`mysql $SQL_ARGS "insert into $SQL_TABLE2 (c_timestamp, in_sender, in_msg,
in_datetime, in_hidden, is_read) values (\"$DATE\", \"$FROM\",\"$ISTEXTS\",\"$DATE\",\"0\",\"0\");";`
#Create SMS confirmation to client if format is valid#Include ID (generated by server) and client nameFILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX`#FILENAME= `mktemp /tmp/REGBXXXXXX`
echo "To: $FROM" >$FILENAMEecho "" >> $FILENAMEecho "Thanks for supporting us an information. God bless." >>$FILENAME
elif echo $ISTEXTS|grep -qi "ICT" #format in reporting amount of rain and water levelthen
A=`mysql $SQL_ARGS "SELECT s_phonenumber,s_log from $SQL_TABLE4 where s_phonenumber=\"$FROM\" and s_log=\"0\""`
#echo "$A"
36 | P a g e
B=`mysql $SQL_ARGS2 "SELECT cp_number1, cp_number2 from $SQL_TABLE12 where cp_number1=\"$FROM\" or cp_number2=\"$FROM\""`
#A=`mysql $SQL_ARGS "SELECT s_phonenumber,s_log from $SQL_TABLE4 where s_phonenumber=\"$FROM\" and s_log=\"0\""`
#echo "$A"
if [ "$A" ] || [ "$B" ]; then#then
GASTEXT=`echo $ISTEXTS|cut -d " " -f 1`GASTEXT2=`echo $ISTEXTS|cut -d " " -f 2`GASTEXT3=`echo $ISTEXTS|cut -d " " -f 3`GASTEXT4=`echo $ISTEXTS|cut -d " " -f 4`GASTEXT5=`echo $ISTEXTS|cut -d " " -f 5`GASTEXT6=`echo $ISTEXTS|cut -d " " -f 6`DATE2=`echo $DATE|cut -d " " -f 2`DATE1=`echo $DATE|cut -d " " -f 1`
#Insert into table cltsmsA=`mysql $SQL_ARGS "insert into $SQL_TABLE3
(r_date,r_time,r_from,r_file,r_file2,r_rg,r_rgunit,r_wl,r_wlunit) values(\"$DATE1\",\"$DATE2\",\"$FROM\",\"$GASTEXT\",\"$GASTEXT2\",\"$GASTEXT3\",\"$GASTEXT4\",\"$GASTEXT5\",\"$GASTEXT6\");"`
B=`mysql $SQL_ARGS "insert into $SQL_TABLE2 (c_timestamp, in_sender, in_msg, in_datetime, in_hidden, is_read) values (\"$DATE\", \"$FROM\",\"$ISTEXTS\",\"$DATE\",\"0\",\"0\");"`
echo "$A"
if [ $GASTEXT3 -le "30" ]; then
#Create SMS confirmation to client if format is valid#Include ID (generated by server) and client nameFILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX`#FILENAME= `mktemp /tmp/REGBXXXXXX`echo "To: $FROM" >$FILENAMEecho "" >> $FILENAMEecho "Data collected $DATE1 at $DATE2 is $GASTEXT3. Light rainfall is experienced. "
>>$FILENAME
37 | P a g e
elif [ $GASTEXT3 -le "80" ]; then#Create SMS confirmation to client if format is valid#Include ID (generated by server) and client nameFILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX`#FILENAME= `mktemp /tmp/REGBXXXXXX`echo "To: $FROM" >$FILENAMEecho "" >> $FILENAMEecho "Data collected $DATE1 at $DATE2 is $GASTEXT3. Moderate rainfall is experienced.
" >>$FILENAME
elif [ $GASTEXT3 -gt "80" ]; then#Create SMS confirmation to client if format is valid#Include ID (generated by server) and client nameFILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX`#FILENAME= `mktemp /tmp/REGBXXXXXX`echo "To: $FROM" >$FILENAMEecho "" >> $FILENAMEecho "Data collected $DATE1 at $DATE2 is $GASTEXT3. Heavy rainfall is experienced. "
>>$FILENAME
B=`mysql $SQL_ARGS "SELECT phonenumber from $SQL_TABLE6 where acode=\"$GASTEXT2\""`
#Create SMS confirmation to client if format is valid#Include ID (generated by server) and client nameFILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX`#FILENAME= `mktemp /tmp/REGBXXXXXX`echo "To: $B" >$FILENAMEecho "" >> $FILENAMEecho "WARNING ALERT: Heavy rainfall is experience by community $GASTEXT2 "
>>$FILENAME C="+639053008283"#Create SMS confirmation to client if format is valid#Include ID (generated by server) and client nameFILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX`#FILENAME= `mktemp /tmp/REGBXXXXXX`echo "To: $C" >$FILENAMEecho "" >> $FILENAMEecho "#PWD427727#OUT6=ON" >>$FILENAME
else38 | P a g e
#Create SMS confirmation to client if format is valid#Include ID (generated by server) and client nameFILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX`#FILENAME= `mktemp /tmp/REGBXXXXXX`echo "To: $FROM" >$FILENAMEecho "" >> $FILENAMEecho "Invalid input. key in
ICT<space>station<space>rr<space>unit<space>wl<space>unit send to 09498919023" >>$FILENAMEfi
else#Create SMS confirmation to client if cellphone number is registered or notFILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX`echo "To: $FROM" >$FILENAMEecho "" >> $FILENAMEecho "You are not yet register. To register type REGS#<name> and send to
09498919023." >>$FILENAMEfi
elif echo $ISTEXTS|grep -qi "OUT6 ON OK" #received from the warning devicethen
A=`mysql $SQL_ARGS "SELECT dev_simnr from $SQL_TABLE9 where dev_simnr=\"$FROM\""`
if [ "$A" ]; then
GASTEXT=`echo $ISTEXTS|cut -d " " -f 1`GASTEXT2=`echo $ISTEXTS|cut -d " " -f 2`GASTEXT3=`echo $ISTEXTS|cut -d " " -f 2-`
A=`mysql $SQL_ARGS "insert into $SQL_TABLE8 (r_from,datetime_on, d_msg1) values(\"$FROM\",\"$DATE\",\"$GASTEXT2\");"`
#echo "$A"
else#Create SMS confirmation to client if cellphone number is registered or notFILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX`echo "To: $FROM" >$FILENAMEecho "" >> $FILENAMEecho "you are not a registered device!" >>$FILENAME
fi39 | P a g e
elif echo $ISTEXTS|grep -qi "OUT6 OFF OK" #received from the warning devicethen
A=`mysql $SQL_ARGS "SELECT dev_simnr from $SQL_TABLE9 where dev_simnr=\"$FROM\""`
if [ "$A" ]; then
GASTEXT=`echo $ISTEXTS|cut -d " " -f 1`GASTEXT2=`echo $ISTEXTS|cut -d " " -f 2`GASTEXT3=`echo $ISTEXTS|cut -d " " -f 2-`
mysql $SQL_ARGS "UPDATE $SQL_TABLE8 SET datetime_off=\"$DATE\", d_msg1=\"$GASTEXT2\" where r_from=\"$FROM\" and d_msg1=\"ON\""
else#Create SMS confirmation to client if cellphone number is registered or notFILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX`echo "To: $FROM" >$FILENAMEecho "" >> $FILENAMEecho "you are not a registered device!" >>$FILENAME
fi
elif echo $ISTEXTS|grep -qi "OFF" #received from the warning devicethen
C="+639053008283"#Create SMS confirmation to client if format is valid#Include ID (generated by server) and client nameFILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX`#FILENAME= `mktemp /tmp/REGBXXXXXX`echo "To: $C" >$FILENAMEecho "" >> $FILENAMEecho "#PWD427727#OUT6=OFF" >>$FILENAME
else#Create SMS confirmation to client if format is wrongFILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX`#FILENAME=`mktemp /tmp/REGSXXXXXX`echo "To: $FROM" >$FILENAMEecho "" >> $FILENAME
40 | P a g e
echo "You input a wrong keyword. To register key in REGS<space>name then send to 09498919023" >>$FILENAME
fi#mysql $SQL_ARGS "insert into $SQL_TABLE2 (c_timestamp, in_sender, in_msg, in_datetime,
in_hidden, is_read) values (\"$DATE\", \"$FROM\",\"$ISTEXTS\",\"$DATE\",\"0\",\"0\");";Fi
13. Setting up cron jobs on crontab
In the project, all the weather data that are displayed in the website are downloaded from the ftp site assigned by Advance Science and Technology Institute (ASTI). We will now setup a cron job that will download data every minute for the current date. Type crontab –e in the CLI. The crontab file will now open and will look like this:
Explanation:
* * * * * = the cron job is scheduled to execute every minutewget = command used to get the files in the ftp.http:// 202.90.128.12 /AWSFTP/4A/BRGY\.\ MAGSAYSAY\,\ INFANTA\,\ QUEZON_AWS/ = location of the folder containing the weather data file in the ftp site.
4A_`date +\%Y\%m\%d`.csv = filename of the weather data file in comma separated value (csv) format.
41 | P a g e
/home/ict/infanta/infanta_`date +\%Y\%m\%d`.csv = destination location of the csv file and its filename.
Save and exit the editor.
14. Creating script to run on crontab
We notice in the crontab that there is another command executing a perl script. This perl script is assigned to insert the newly added data in the downloaded csv file. The perl file will look like this:
#!/usr/bin/perl //declaring that it is a perl file
use POSIX; //inherit posix for the date & time functionmy $today = POSIX::strftime('%Y%m%d', localtime); //assigning $today variable as the date
use DBI; //inherit DBI as database interface
$dbh = DBI->connect("dbi:mysql:ictbdmfs:192.168.1.113", "root", "gasparhowell",{ RaiseError => 1}) or die "Could not connect to database! $DBI::errstr"; //assigning $dbh variable as database connection string
42 | P a g e
$dbh->do("load data local infile '/home/ict/bats/batangas_$today.csv' replace into table ict_batangas_arg fields terminated by ',' lines terminated by '\n' ignore 2 lines;") ; //connect to the database and load the new data from csv file in the table using load data local infile command.
Save and exit the editor.
15. Creating a Folder for the csv file
We must create a folder where the csv file must be stored and should be match with the filename. For example, a csv file named cavite_<date>.csv. A folder named cavite should exist for our cron job to execute properly. The command in creating a directory is:
#mkdir <directory_name> then press enter.
43 | P a g e
16. Restarting smstools3
If there is a problem encountered in transmitting and receiving SMS, you may restart the smstools3 service by typing:
#/etc/init.d/sms3 restart
17. Restarting the ICT Server
If there are some scripts added in the file and the script did not execute correctly, restart the server to make it effect. In restarting the server, just type in the CLI:
#shutdown –r now
44 | P a g e
