Category: GNU/Linux

Stuff about GNU/Linux distro, tips and tricks or information

Posted on

A Bash script for sending telegram messages in Linux

Would it be nice to be able to receive notification from your Linux system in Telegram?

t_logo

I’ve come up with a rudimentary bash script which lets you integrate the telegram-cli into your own script which is useful for sending messages or notification within automated process to your Telegram account.

The bash script is very useful when you want to send notification to your Telegram account. Example usage: notifying you instantly whenever a backup has been completed or whenever somebody logged into your system or if there’s a brute-force attempt to log into your SSH. Basically anything that you can imagine!

First Step: Install telegram-cli

The first step is to install the telegram-cli client on your Linux system. You may choose to:

  1. Build it on your own – using source code, or
  2. Install telegram-cli from *.deb (Ubuntu LTS only)

IMPORTANT: Please read on how to initialize and sign-in the telegram-cli and key in the required telegram “CODE” in your phone.

Second Step: Copy send-telegram.sh script to /usr/local/bin

You may copy this telegram bash script and chmod it to be executed from command line (up to you).

Download the script at: https://blog.mypapit.net/upload/files/send-telegram.sh.txt

#!/bin/bash
######
###
# telegram-cli bash script r0.1
# change 'to' to your own  Telegram account name
# by =  Mohammad Hafiz bin Ismail  [mypapit@gmail.com]
# url=  https://blog.mypapit.net/
###
######

## Replace 'to' with your account name

to=Replace_this_with_your-Telegram_account_name
##


function show_usage {

 echo "Usage $0 [message]"
 exit
}




if [ $# -lt 1 ]
then
  show_usage
fi


telegram-cli -W -e "msg $to $1"

IMPORTANT: Do not forget to “chmod a+x” the “send-telegram.sh” script.
IMPORTANT: Change the “to” variable in the script to match your own Telegram username.

Third Step: Using the send-telegram.sh script

Using the send-telegram.sh is easy!

Once you’ve logged in and initialized your telegram-cli application. You only need to execute the “send-telegram.sh” to send instant messages to your Telegram account!

Just do this

wget -c https://blog.mypapit.net/upload/files/send-telegram.sh.txt
cp send-telegram.sh.txt /usr/local/bin/send-telegram.sh

Then chmod it, to make it executable,

sudo chmod a+x  /usr/local/bin/send-telegram.sh

IMPORTANT: Change the “to” variable in the send-telegram.sh script to match your own Telegram username.

sudo nano /usr/local/bin/send-telegram.sh

To test your telegram script, just make sure you’ve logged into Telegram and telegram-cli, and have entered the correct activation “CODE”. Read Step 1, if you are unsure.

Then you may try out the send-telegram.sh script

send-telegram.sh "this is my message"

To send telegram message with timestamp type:

send-telegram.sh "`date -I` : this is a message with timestamp"

What should I do next?

Use your imagination! You can integrate this script in crontab, or put it inside another another bash script or conditional operation, or even launch it from a web application, the potential is limitless.

Happy trying!

Posted on

Howto install OwnCloud with NGINX in Ubuntu LTS

OwnCloud is a PHP-based Cloud-storage web application for remote storage with file synchronization capabilities.

Step 1
You need to install several packages in order to configure OwnCloud with nginx in your server

sudo apt-get -y install nginx-full php5-fpm php5-sqlite

Step 2: Download Owncloud
Download Owncloud, replace $OWNCLOUD_VER with the latest Owncloud version.

export OWNCLOUD_VER="8.1.0"
cd /var/www/
sudo wget -c https://download.owncloud.org/community/owncloud-${OWNCLOUD-VER}.tar.bz2

Step 3: Extract Owncloud
This will extract owncloud to /var/www/owncloud/

cd /var/www/
tar jxvf owncloud-${OWNCLOUD-VER}.tar.bz2

Step 4: Setup Nginx
You need to setup NGINX

cd /etc/nginx/sites-available
sudo nano -c /etc/nginx/sites-available/owncloud

Step 4a: Setup ‘owncloud’ nginx site

Please change server_name directive to your own ip address or your own domain.
You can also download textfile and upload it directly to your server: http://pastebin.com/2P8h1zNB

#
#/etc/nginx/sites-available/owncloud
# 
server {
  listen 80;
server_name cloud.example.com;
server_name 192.168.1.47;

  # Path to the root of your owncloud installation
  root /var/www/owncloud/;
  # set max upload size
  client_max_body_size 10G;
  fastcgi_buffers 64 4K;

  # Disable gzip to avoid the removal of the ETag header
  gzip off;

  # Uncomment if your server is build with the ngx_pagespeed module
  # This module is currently not supported.
  #pagespeed off;

  rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
  rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
  rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;

  index index.php;
  error_page 403 /core/templates/403.php;
  error_page 404 /core/templates/404.php;

  location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
    }

  location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){
    deny all;
    }

  location / {
   # The following 2 rules are only needed with webfinger
   rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
   rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

   rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
   rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;

   rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

   try_files $uri $uri/ /index.php;
   }

   location ~ \.php(?:$|/) {
   fastcgi_split_path_info ^(.+\.php)(/.+)$;
   include fastcgi_params;
   fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
   fastcgi_param PATH_INFO $fastcgi_path_info;
	  fastcgi_pass unix:/var/run/php5-fpm.sock;
   }

   location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
       expires 30d;
       # Optional: Don't log access to assets
         access_log off;
   }

  }

Step 4b: Enable ‘owncloud’ settings

cd /etc/nginx/sites-enable/
sudo ln -sf ../sites-available/owncloud .
nginx -t
service nginx restart
service php5-fpm restart

Step 5: Finishing off Owncloud setup

cd /var/www/
mkdir /var/www/owncloud/data
chmod 0770 /var/www/owncloud/data
chmod 0770 /var/www/owncloud/lib/private/
sudo chown -R www-data.www-data /var/www/owncloud

Step 6: Goto the IP-Address or domain name of your owncloud installation

First screen
setup-owncloud-first

Welcome to Owncloud
welcome-to-owncloud

Owncloud File Manager and Settings
owncloud-filemanager

What’s Next?

After completing installation you may:

  1. Install Android, iPhone or Desktop client to sync all your files
  2. Install TLS/SSL Certificates to secure your Owncloud connection
  3. Install MariaDB/MySQL for efficient synchronization

Warning: Do not enable Pagespeed and SPDY in OwnCloud

OwnCloud servers does not support PageSpeed and SPDY module, so please disable those extension if its exists within your nginx configuration.

Recommended Owncloud book

Posted on

How to Change OpenSSH port or listen to multiple SSH ports

OpenSSH usually listens on TCP port 22. However, there are some people who wish to change OpenSSH port to avoid brute-force bot attacks or to avoid from being blocked by restrictive firewall.

To change OpenSSH port, one only need to edit “/etc/ssh/sshd_config” file and change the port at “Port 22” to something else, like “Port 8080” or “Port 443”

#/etc/ssh/sshd_config
# What ports, IPs and protocols we listen for
Port 8080

Save, and restart ssh server.

sudo service ssh restart

Additionally you can also configure OpenSSH to listen to multiple port (usually to avoid restrictive firewall rules)

#/etc/ssh/sshd_config
# What ports, IPs and protocols we listen for
Port 22
Port 8080
Port 443

The example above shows a configuration which lets OpenSSH to listen to port 22, 443 (TLS/SSL) and port 8080 (HTTP-PROXY), these are the ports that usually unblocked by corporate firewall.

Don’t forget to restart ssh service as soon as you’ve save the file!!

Posted on

How to Hide OpenSSH Ubuntu version from Nmap and other scanners

In Ubuntu or Debian, a default OpenSSH server will display OpenSSH version alongside with Ubuntu/Debian distribution banner:

$ telnet repeater.my 172.16.91.20 22 
Trying 172.16.91.20...
Connected to 172.16.91.20.
Escape character is '^]'.
SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2

You can hide the identifying part of Ubuntu-2ubuntu2 from the server banner by editing /etc/ssh/sshd_config file, and adding “DebianBanner no” either at the end of the file, or just under “Port 22” configuration in “/etc/ssh/sshd_config

#/etc/ssh/sshd_config 
# What ports, IPs and protocols we listen for

Port 22
DebianBanner no

Save and restart OpenSSH server by typing

sudo service ssh restart

Now the response will just be:

Trying 172.16.91.20...
Connected to 172.16.91.20.
Escape character is '^]'.
SSH-2.0-OpenSSH_6.6.1p1

Happy trying!

Further Reading: Ubuntu Server Administrator Reference

Posted on

Install NGINX with PageSpeed using *.deb for Ubuntu LTS (AMD64)

Hello there, I’ve made an easily installable *.deb NGINX package with PageSpeed. The package is made for Ubuntu LTS on AMD64 machine.

Ubuntu 14.04 LTS – nginx 1.8.0 with PageSpeed

  1. nginx-full_1.8.0-1+trusty1-mypapitubuntu4_amd64.deb Full package
  2. nginx-extras_1.8.0-1+trusty1-mypapitubuntu4_amd64.deb Extra package

Ubuntu 14.04 LTS – nginx 1.8.0 with PageSpeed: Other Package

  1. nginx-common_1.8.0-1+trusty1-mypapitubuntu4_all.deb
  2. nginx_1.8.0-1+trusty1-mypapitubuntu4_all.deb
  3. nginx-doc_1.8.0-1+trusty1-mypapitubuntu4_all.deb

Installing nginx-extras or nginx-full is as easy as running this command

sudo dpkg -i nginx-common_1.8.0-1+trusty1-mypapitubuntu4_all.deb
sudo dpkg -i nginx-full_1.8.0-1+trusty1-mypapitubuntu4_amd64.deb
sudo dpkg -i nginx_1.8.0-1+trusty1-mypapitubuntu4_all.deb

Attention : Once installed, the PageSpeed configuration file can be found in “/etc/nginx/conf.d/pagespeed.conf”

Verify Installation
To verify whether nginx with pagespeed has been installed, type

nginx -V

Verify Installation with a preinstalled nginx
If you’ve another version of nginx installed on your system, take note that the nginx-pagespeed from *.deb is installed in “/usr/local/bin”

/usr/local/bin/nginx -V

It will output something like this:

nginx version: nginx/1.8.0
built with OpenSSL 1.0.1f 6 Jan 2014
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_spdy_module --with-http_sub_module --with-http_xslt_module --with-mail --with-mail_ssl_module --add-module=/home/mypapit/source/nginx-1.8.0-1+trusty1/debian/modules/nginx-auth-pam --add-module=/home/mypapit/source/nginx-1.8.0-1+trusty1/debian/modules/nginx-dav-ext-module --add-module=/home/mypapit/source/nginx-1.8.0-1+trusty1/debian/modules/nginx-echo --add-module=/home/mypapit/source/nginx-1.8.0-1+trusty1/debian/modules/nginx-upstream-fair --add-module=/home/mypapit/source/nginx-1.8.0-1+trusty1/debian/modules/ngx_http_substitutions_filter_module --add-module=/home/mypapit/source/nginx-1.8.0-1+trusty1/debian/modules/ngx_pagespeed-release-1.9.32.4-beta

Take note at the bolded text to verify whether pagespeed module has been installed.

Posted on

An easy way to Install OpenVPN in CentOS – snippet

Source: https://zulfah.my/files/openvpnsetup/vpn_install.txt

Got this while surfing the internet. A no brainer way to install and setup OpenVPN in CentOS. The only thing left is to open port 1194/udp 1337/udp from firewall / router

yum update -y && yum -y install nano unzip wget gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel

cd /home

wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm && rpm -Uvh epel-release-6-8.noarch.rpm

yum update -y && yum -y install openvpn

cd /etc/openvpn

wget https://zulfah.my/files/openvpnsetup/configuration-OpenVPN/server.conf.txt

wget https://zulfah.my/files/openvpnsetup/configuration-OpenVPN/easy-rsa-2.2.0_master.tar.gz

mv server.conf.txt server.conf

tar -zxvf easy-rsa-2.2.0_master.tar.gz

cd /etc/openvpn/easy-rsa-2.2.0_master/easy-rsa/2.0

rm -rf vars

rm -rf openssl-1.0.0.cnf

wget https://zulfah.my/files/openvpnsetup/configuration-OpenVPN/easyrsa/vars

wget https://zulfah.my/files/openvpnsetup/configuration-OpenVPN/easyrsa/openssl-1.0.0.cnf

chmod 755 *

source ./vars

./vars

./clean-all

./build-ca
*change hostname

./build-key-server server
*change hostname

./build-dh

cd /etc/openvpn/easy-rsa-2.2.0_master/easy-rsa/2.0/keys

cp dh1024.pem ca.crt server.crt server.key /etc/openvpn

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

service iptables save

nano -w /etc/sysctl.conf
*change net.ipv4.ip_forward = 1

sysctl -p

echo 0 > /selinux/enforce

cd /etc/openvpn

wget https://zulfah.my/files/openvpnsetup/configuration-OpenVPN/openvpn-auth-pam.zip

unzip openvpn-auth-pam.zip

service openvpn start

chkconfig openvpn on

useradd testuser -d /dev/null

passwd testuser