Tikejhya: Ashish Nepal

Knowledgebase

Category: Installation

Installing Skype on Linux (centos 5.6) and sending message using zabbix

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

Subject itself sounds crazy, yet intresting.

Installing Skype on Linux (centos 5.6) and sending message using zabbix

Installing skype on Linux 5.6
Installing skype 2.2 on linux 6.2 is easy peasy 😀

Download static version of skype for linux, if you are installing skype on linux 5.6 you better pick, older skype version

Download skype of version that suits you.
skype_static-2.1.0.81.tar
skypeAPI (Skype4Py – i have been using 1.0.31.0)

Skype would need to install either GUI or Use vnc server in order to be able to accept terms and condition (checkbox) and to accept skypeAPI integration.

1) If you follow to do with GUI (easiest just install KDE, GNOME according to your suit and install x windows)

2) If you follow to do with VNC (you would need to install Xvfb, fluxbox, x11vnc, dbus and modules according to need all problem i faced during the process is mentioned below).

Simply extract skype_static tarball and cp skype to /usr/bin/skype.

Install skype4Py with following command:

cd Skype4Py-1.0.31.0/
python setup.py install

Implementing skype on zabbix to send message

You will need to setup Media type and user profile.
which is pretty much simple for those user who has used zabbix.
And Action on configuration, which will define how to treat on alert and choose skype and user to alert.

with the given script (sendim.sh and sendim.py)

skype message on the server as skype user: ./sendim.sh ‘tikejhya’ ‘test this’

Script:
Sendim.sh

#!/bin/bash
DISPLAY=localhost:0.0
export DISPLAY
my_arg="${@:2:6}"
python ./sendim.py "$1" "$my_arg"

[Note: I used Display localhost to ensure tranporting display which can be in bash_profile]
[Note: Zabbix sends message as script username message so i wanted to use all message apart from username
this will allow you to send multiple macros.]

./sendim.py

import Skype4Py
import sys

# Create an instance of the Skype class.
skype = Skype4Py.Skype()

# Connect the Skype object to the Skype client.
skype.Attach()
user = sys.argv[1]
msg = ' '.join(sys.argv[2:])
message = skype.SendMessage(user, msg)

[This script imports skype4py which you might have installed already in above given tips.]

./skype_login.sh

#!/bin/bash
echo tikejhya password | skype --pipelogin&

[this is how you can login to skype from CLI]

Did i miss anything?

This link was really helpful to get me going
http://www.qxs.ch/2011/01/07/skype-instant-messages-from-zabbix/

###########################################################
Problem i faced during installation.

Install Skype in EL6

yum install skype

If you do not have my repo installed:

wget http://li.nux.ro/download/nux/dextop/el6/x86_64/skype-2.2.0.35-3.el6.nux.i586.rpm
yum localinstall --nogpgcheck ./skype-2.2.0.35-3.el6.nux.i586.rpm

All of the above needs to be done as root, obviously.

#############################################################

rpm -Uvh http://ftp.ntua.gr/pub/linux/fedora-epel/6/x86_64/epel-release-6-6.noarch.rpm

(if unable to open web, and search for which epel-release version is available)

yum install wine

############################################################

/usr/bin/python2.5: bad interpreter: No such file or directory

To get around this, open skysentials.py with your favourite text editor and change the very first line from:

  #!/usr/bin/python2.5

to:

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

#!/usr/bin/python

###########################################################

Changing dbus to x11 (BTW you dont need to change build one but compile again)

vi skype4py/build/lib/Skype4Py/api/posix.py	
vi skype4py/Skype4Py/api/posix.py

def SkypeAPI(opts):
trans = opts.pop(‘Transport’, ‘x11’)
if trans == ‘dbus’:
from posix_dbus import SkypeAPI
elif trans == ‘x11’:
from posix_x11 import SkypeAPI
else:
raise SkypeAPIError(‘Unknown transport: %s’ % trans)
############################################################

How to setup Skype headless on centos 5.6

Download Skype Static Package version:
skype_static-2.1.0.81.tar

tar -xvf skype_static-2.1.0.81.tar
cd skype_static-2.1.0.81

############################################################
Problem: libstdc++ GLIBC error
Solution: Older Skype version
############################################################

[root@ashishnepal Skype4Py-1.0.32.0]# Xvfb :1 -screen 0 800x600x24
Couldn’t open RGB_DB ‘/usr/share/X11/rgb’
_XSERVTransSocketOpenCOTSServer: Unable to open socket for inet6
_XSERVTransOpen: transport open failed for inet6/ashishnepal:1
_XSERVTransMakeAllCOTSServerListeners: failed to open listener for inet6
error opening security policy file /usr/lib64/xserver/SecurityPolicy
Could not init font path element unix/:7100, removing from list!
FreeFontPath: FPE “built-ins” refcount is 2, should be 1; fixing.

solution: Comment out ipv6 , disable = 1

[root@ashishnepal Skype4Py]# cat /etc/modprobe.conf
alias scsi_hostadapter mptbase
alias scsi_hostadapter1 mptspi
alias scsi_hostadapter2 ata_piix
alias net-pf-10 off
# alias ipv6 off
# options ipv6 disable=1
# Added by VMware Tools
install pciehp /sbin/modprobe -q --ignore-install acpiphp; /bin/true
install pcnet32 (/sbin/modprobe -q --ignore-install vmxnet || /sbin/modprobe -q --ignore-install pcnet32 $CMDLINE_OPTS);/bin/true
alias eth0 e1000

###########################################################

Xvfb :1 -screen 0 800x600x24

export Display
DISPLAY=localhost:0.0
export DISPLAY

Pipe Login.
echo tikejhya Password | skype --pipelogin

###########################################################
If you are willing to run zabbix in diff server and have centos with skype in diff server this may totally make sense.

sudo: no tty present and no askpass program specified

# %users  localhost=/sbin/shutdown -h now
%tikejhya    ALL=(ALL)      NOPASSWD: ALL

#########################################################
[root@ashishnepal skype4py]# sudo /root/sendim.sh tikejhya “Ok this is it”
Xlib: connection to “localhost:0.0” refused by server
Xlib: No protocol specified

Traceback (most recent call last):
File “/root/sendim.py”, line 4, in ?
skype = Skype4Py.Skype()
File “/usr/lib/python2.4/site-packages/Skype4Py/skype.py”, line 250, in __init__
self._Api = SkypeAPI(Options)
File “/usr/lib/python2.4/site-packages/Skype4Py/api/posix.py”, line 40, in SkypeAPI
return SkypeAPI(opts)
File “/usr/lib/python2.4/site-packages/Skype4Py/api/posix_x11.py”, line 254, in __init__
raise SkypeAPIError(‘Could not open XDisplay’)
Skype4Py.errors.SkypeAPIError: Could not open XDisplay
/root/sendim.sh: line 6: 5816 Segmentation fault python /root/sendim.py “$1” “$2”

Solution:

[root@ashishnepal skype4py]# su -
[root@ashishnepal ~]# /root/sendim.sh tikejhya "Ok this is it"

[environmental variable plus exporting display is sometimes tricky]

Also if you want to make more certain

[root@ashishnepal.com Skype4Py]# echo tikejhya password | skype –pipelogin
Xlib: connection to “localhost:0.0” refused by server
Xlib: No protocol specified

this is becuase of .xauthority file…

su –
and it should be fine…

or need to find way to use .xauthority file..

/usr/bin/mkxauth [-q] [-u ] -m 

-u     create/merge .Xauthority for user 

Best practice: mkxauth -u skype -m root

###############################################################
skype not snyncing

http://www.mydigitallife.info/how-to-disable-upnp-in-skype-to-remove-open-tcp-and-udp-ports-in-firewall/
Its all in all upnp play.
###############################################################

Debugging shell script arguments.

While implementing skype in zabbix we normally dont see any logs so it was important for me to see weather message were being passed or not.

Simple script.

#!/bin/bash
KEY="/home/zabbix/id_rsa"
PORT=2222
USER="skype@ashishnepal.com"
SCRIPT="/home/skype/sendim.sh"
# my_arg="${@:2:6}"

echo "..............">>skypelog.txt

echo "Total Arguments: $#" >> skypelog.txt
i=1;
echo ".........................">>skypelog.txt
for var in "$@"
        do
          echo "Argument $i is $var" >> skypelog.txt
          let i=$i+1;
        done

ssh -p${PORT} -i $KEY $USER "$SCRIPT "$1" "$2""

Delay on message arrival : Firewall
Skype message not delivered yet?

Allways allow from the SKYPEAPI Server IP (from port) 1024 (to port) 65535.

This should solve issue.

##########################################################

GUI for sending skype message

Sending Skype Message from Web:





undefined reference to ‘pthread_’

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

compiler error: undefined reference to ‘pthread_’

undefined reference to ‘pthread_%’
undefined reference to ‘dl%’

./configure –with-mysql –with-mysql-libraries=/usr/lib64/ LIBS=”-lpthread -ldl”

SVN (subversion) installation and configuration Centos

# yum install mod_dav_svn subversion
# service httpd start
# cd /etc/httpd/conf.d/
# vi subversion.conf

#####Make sure you uncomment the following if they are commented out
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so

###### Add the following to allow a basic authentication and point Apache to where the actual
###### repository resides.

DAV svn
SVNPath /var/www/svn/repos
AuthzSVNAccessFile /auctions_access
AuthType Basic
AuthName “Subversion repos”
AuthUserFile /etc/svn-auth-conf
Require valid-user

Creating User
# htpasswd -cm /etc/svn-auth-conf username
# cd /var/www/
# mkdir svn
# cd svn
# svnadmin create repos
# chown -R apache.apache repos
# service httpd restart

# cd /tmp
# mkdir mytestproj
# cd mytestproj
# mkdir configurations options main
# vi configurations/test.txt (Add whatever you want to these files.)
# vi options/test.txt
# vi main/test.txt

# svn import /tmp/mytestproj/ file:///var/www/svn/repos/mytestproj -m “Initial repository layout for mytestproj”

# cd /tmp
# svn co http://www.example.com/repos/mytestproj

# cd mytestproj
# vim configurations/testconf1.cfg — Add or delete something and save.
# svn commit -m “Added a line to test.txt”
# svn co http://www.example.com/repos/mytestproj

# cd mytestproj
# cp /etc/yum.repos.d/test2.txt configurations/
# svn add configurations/test2.txt
# svn commit -m “Added the test2.txt file.”

After making changes:
svn add configurations/test2.txt
svn commit -m “Added the test2.txt file.”

centos NetInstallation Guide.

Website Name: mirror.centos.org/centos/6.0/os/i386 or centos/6.0/os/x86_64
Centos 6.0 does accept st. url

Setup CentOS 5.8 Netinstall URL (Installation Web site name and CentOS directory)

Web site name:
mirror.centos.org
CentOS directory for i386:
/centos/5/os/i386
or
/centos/5.8/os/i386
CentOS directory for x86_64:
/centos/5/os/x86_64
or
/centos/5.8/os/x86_64

Rsyslog installation in Centos (Encryption, Monitoring and Mysql)

#yum install rsyslog rsyslog-mysql mysql-server php php-mysql php-gd httpd mod_ssl

download From here to accept tls support on rsyslog http://www.rsyslog.com/download/
If i am not wrong rsyslog lower version doesnot support TLS encryption.

#chkconfig –levels 345 rsyslog on
#chkconfig –levels 345 httpd on
#chkconfig –levels 345 mysqld on
#service syslog stop
#chkconfig –del syslog

Note
rSyslog uses the same syntax as syslog.conf.
copy syslog.conf over rsyslog.conf


To rSyslog have access to MySQL it’s necessary to load the ommysql plugin, add this line at the begin of the /etc/rsyslog.conf file.
$ModLoad ommysql.so

please find below all client and server configuration

Creating a MySQL database for rSyslog
Before everything, it’s needed to start MySQL service
service mysqld start

As root, lets create the access for the user from rSyslog to connect do database
mysql
mysql> CREATE USER ‘rsyslog’@’localhost’ IDENTIFIED BY ‘password’;
mysql> GRANT ALL PRIVILEGES ON rsyslog.* TO ‘rsyslog’@’localhost’ WITH GRANT OPTION;

Now, create the database that will be used by rSyslog

As root, run
mysql < /usr/share/doc/rsyslog-mysql-2.0.6/createDB.sql Note: Version of rsyslog-mysql-may be different. Back to the file, /etc/rsyslog.conf add this line before the rsyslog directives
*.* :ommysql:localhost,Syslog,rsyslog,P45sword

At the end of this process, the file /etc/rsyslog.conf will look like
$ModLoad ommysql.so

*.* :ommysql:localhost,Syslog,rsyslog,P45sword

*.info;mail.none;authpriv.none;cron.none /var/log/messages
authpriv.* /var/log/secure
mail.* -/var/log/maillog
cron.* /var/log/cron
*.emerg *
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log

Allowing remote connections to rSyslog

Edit the /etc/sysconfig/rsyslog file and add the parameter -r at line 6
SYSLOGD_OPTIONS=”-r -m 0″

It’s possible to start rsyslog right now, so you can see if everything gonna ok
service rsyslog start

Installing the Web UI client for rSyslog

With the rsyslog service ok, comes the part where we configure the web interface to make de filters, queries etc.

Download the frontend Log Analyzerto your server
wget http://download.adiscon.com/loganalyzer/loganalyzer-3.2.1.tar.gz
(Check for the latest Version @ http://loganalyzer.adiscon.com/downloads )

Extract to /usr/src

Go to directory where you extracted it, in this case /usr/src/loganalyzer-3.2.1 and copy the directory src to /var/www/html
cp -R src /var/www/html/syslog
cd /var/www/html/syslog
touch config.php
chown apache config.php

If you haven’t started apache yet, you can do it now
service httpd start

http://ip.of.mach.ine/syslog

Note the error, it’s normal and awaited. Click in “here” to start configuring LogAnalayzer

The installer will check the OS for the prerequisites to start the program. Click “Next”.

The test was done on the phpLogCon has write access to config.php file that we created and defined the permission. Click “Next” to continue.

On Basic Configuration, let the default options selected. Click “Next”.

This is the most important part, it’s here that will be configured the data sources from Syslog.

Change the field “Source Type” to “MySQL” and fill the fields on block “Database Type Options”, like the figure above.

Click Next.

Ready!

Click “Finish!” and you will be redirected to the main screen for the phpLogCon.

Setting clients to log on Syslog server

On Linux clientes that you wanna log on a Syslog server, you must configure /etc/syslog.conf and add the following line:

*.* @here goes server ip or hostname

With this done, you need to restart Syslog service on host client
service syslog restart

Making rsyslog of server usageble by PHP, APACHE or any other application,

How to parse local files into mysql database.
Inside virtualhost, please sue this instead of own customLog or ErrorLog

ErrorLog “|/usr/bin/logger -p local2.info”
CustomLog “|/usr/bin/logger -p local1.info” combined

Getting TLS (passing Encrypted traffic from client machine to remote server.)

encrypt with TLS – Security.

Read More

Sending Logs to Central Log Server

On the log server :

Edit /etc/sysconfig/syslog and change SYSLOGD_OPTIONS

SYSLOGD_OPTIONS=”-m 0 -r -s ashishnepal.com”

-r : listen over the network, only necessary for log servers
-s : strip that value out of the logs (client.ashishnepal.com would become client in the logs)

To send name of host, /etc/hosts
sample
ip [space] hostname

# service syslog restart

start listening on UDP/514 (allow 514 in firewall configuration)

On the “client” – log sender machine :

Edit /etc/syslog.conf and add the following line :
*.* @ashishnepal.com (or ip)

Adding line the logs will be stored and sent as well.

Restart the service :
# service syslog restart

Restart a service

Disadvantage: UDP is an unreliable transport.
Also there’s no authentication, an attacker could send fake log messages to the log server.

PPTP VPN on CentOS

PPTP (Point-to-Point Tunneling Protocol)

#wget http://www.rockia.com/dl/pptpd.sh

Then hit “Enter”, the shell files should be downloaded on your server and now you can run it:

#sh pptpd.sh

#vi etc/ppp/chap-secrets

#

/etc/init.d/pptpd restart or service pptpd restart

 

Note: .sh files content:

yum remove -y pptpd
ppp
iptables –flush POSTROUTING –table nat
iptables –flush FORWARD
rm -rf /etc/pptpd.conf
rm -rf /etc/ppp

wget
http://www.diahosting.com/dload/dkms-2.0.17.5-1.noarch.rpm
wget http://www.diahosting.com/dload/kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm
wget http://www.diahosting.com/dload/pptpd-1.3.4-1.rhel5.1.i386.rpm
wget http://www.diahosting.com/dload/ppp-2.4.4-9.0.rhel5.i386.rpm

yum -y install make libpcap iptables gcc- c++ logrotate tar cpio perl pam tcp_wrappers

rpm -ivh dkms-2.0.17.5-1.noarch.rpm
rpm -ivh kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm
rpm -qa kernel_ppp_mppe
rpm -Uvh ppp-2.4.4-9.0.rhel5.i386.rpm
rpm -ivh pptpd-1.3.4-1.rhel5.1.i386.rpm

mknod /dev/ppp c 108 0
echo 1 > /proc/sys/net/ipv4/ip_forward

echo “mknod /dev/ppp c 108 0″ >> /etc/rc.local
echo”
echo 1 > /proc/sys/net/ipv4/ip_forward” >> /etc/rc.local
echo “localip 172.16.36.1” >> /etc/pptpd.conf
echo “remoteip 172.16.36.2-254” >> /etc/pptpd.conf
echo “ms-dns 8.8.8.8” >> /etc/ppp/options.pptpd
echo “ms-dns 8.8.4.4” >> /etc/ppp/options.pptpd

pass=`openssl rand 6 -base64`
if [ “$1” != “” ]
then pass=$1
fi
echo “vpn pptpd ${pass} *” >> /etc/ppp/chap-secrets

iptables -t nat -A POSTROUTING -s 172.16.36.0/24 -j SNAT –to-source `ifconfig  | grep ‘inet addr:’| grep -v ‘127.0.0.1’ | cut -d: -f2 | awk ‘NR==1 { print $1}’`
iptables -A FORWARD -p tcp –syn -s 172.16.36.0/24 -j TCPMSS –set-mss 1356

service iptables save

chkconfig iptables on
chkconfig pptpd on
service iptables start
service pptpd start

echo “VPN service is installed, your VPN username is vpn, VPN password is ${pass}”

 

Powered by WordPress & Theme by Anders Norén