How to make deb or rpm packages

for Creating deb or rpm package we need to install the following services

  1. ruby
  2. gem (auto-installed with ruby)
  3. fpm
  4. package_cloud (optional)
  5. rpm-build ( For rpm package only)

For installing ruby, use this link. after that install fpm and package_cloud

gem install fpm
gem install package_cloud

Use following script for creating package

#!/bin/bash
version=`date +%Y%m%d%H%M`
PACKAGE_DIR=/usr/local/src/installer/install-builder/
POSTINSTALL_MESSAGE_SH_FILE=$PACKAGE_DIR/build/postinst.sh
rm -rf $PACKAGE_DIR/*.deb
rm -rf $PACKAGE_DIR/*.rpm
fpm --after-install $POSTINSTALL_MESSAGE_SH_FILE -s dir  -t deb -n installer -v $version -C $PACKAGE_DIR/build/hepic-installer/ -d apt-transport-https -d ca-certificates -d dirmngr -d debconf -d debconf-utils -d libboost-regex-dev -d libmariadb-dev -d libboost-program-options-dev -d libboost-date-time-dev -d libboost-thread-dev -d git -d curl -d wget -d vim -d nano -d sudo -d software-properties-common -d apt-transport-https -d libboost-iostreams-dev -d shc

fpm --after-install $POSTINSTALL_MESSAGE_SH_FILE -s dir  -t rpm -n installer -v $version -C $PACKAGE_DIR/build/hepic-installer/ -d git -d curl -d gnupg2 -d boost-regex -d wget -d vim -d nano -d sudo -d shc

mv $PACKAGE_DIR/*.deb $PACKAGE_DIR/installer_$version-amd64.deb

and for pushing the package to the packagecloud use the following script

#!/bin/bash
## PUSH
PACKAGE_DIR==/usr/local/src/installer/install-builder/
RPM_PACKAGE=$PACKAGE_DIR/installer-202211291639-1.x86_64.rpm
DEB_PACKAGE=$PACKAGE_DIR/installer_202211291639-amd64.deb
package_cloud push PACKAGE/repo-dev/el/7 $RPM_PACKAGE
package_cloud push PACKAGE/repo-dev/ol/7 $RPM_PACKAGE
package_cloud push PACKAGE/repo-dev/debian/buster $DEB_PACKAGE
package_cloud push PACKAGE/repo
-dev/debian/stretch $DEB_PACKAGE

Enjoy ;)

How to install Ruby

Go to Ruby Official Website ( https://www.ruby-lang.org/en/downloads/ ) and download the latest stable version

wget https://cache.ruby-lang.org/pub/ruby/3.1/ruby-3.1.3.tar.gz

Extract files

tar -xvf ruby-3.1.3.tar.gz

install some basic dependencies

  1. autoconf
  2. openssl-devel / libssl
  3. numactl
cd ruby-3.1.3
./autogen.sh
./configure --with-openssl
make
make install

Enjoy ;)

How to install google/stenographer on Rocky Linux v8


Disable SELINUX First

1. vim /etc/selinux/config
2. Set SELINUX=disabled
3. reboot

Make directories for future use

4. mkdir -p /etc/stenographer/
5. adduser -M -U stenographer
6. mkdir -p /data/stenographer/
7. chown -R stenographer:stenographer /data/stenographer

Download Stenographer

8. dnf groupinstall "Development Tools"
9. dnf --enablerepo=powertools install snappy-devel snappy.x86_64 libseccomp-devel.x86_64 libseccomp.x86_64 libaio.x86_64 libaio-devel.x86_64 leveldb leveldb-devel.x86_64 jq rsyslog tcpdump
10. cd /usr/local/src/
11. git clone https://github.com/google/stenographer.git

Build Stenographer from Source (Install go if not installed before)

12. cd /usr/local/src/stenographer/
13. go mod init stenographer
14. go mod tidy
15. go build
16. cp stenographer /usr/bin/
17. cp stenoread /usr/bin/
18. cp stenocurl /usr/bin/

Install Stenotype

19. cd stenotype
20. make
21. cp stenotype /bin/
22. cp stenotype /usr/sbin/
23. setcap 'CAP_NET_RAW+ep CAP_NET_ADMIN+ep CAP_IPC_LOCK+ep' /bin/stenotype
24. setcap 'CAP_NET_RAW+ep CAP_NET_ADMIN+ep CAP_IPC_LOCK+ep' /usr/sbin/stenotype

Create system unit file and stenographer configuration files

25. cd ../configs/
    cp systemd.conf /etc/systemd/system/stenographer.service
26. cp steno.conf /etc/stenographer/config
27. vim /etc/stenographer/config

{
  "Threads": [
    { "PacketsDirectory": "/data/stenographer/thread0/packets/directory"
    , "IndexDirectory": "/data/stenographer/thread0/index/directory"
    , "MaxDirectoryFiles": 30000
    , "DiskFreePercentage": 70
    }
  ]
  , "StenotypePath": "/usr/bin/stenotype"
  , "Interface": "enp0s3"
  , "Port": 4321
  , "Host": "192.168.0.147"
  , "Flags": ["-vv", "--seccomp=none"]
  , "CertPath": "/etc/stenographer/certs"
}

Create SSL keys for stenographer

    cd /usr/local/src/stenographer
	./stenokeys.sh

not its time to start the Service

systemctl start stenographer
systemctl status stenographer	

make test, if the stenographer is working or not

stenoread 'port 22 and after 1m ago'

Use the following method to find the required data

stenoread '( host 192.168.0.184 and port 14795)  and (host 192.168.0.132 and port 5060 ) or ( host 192.168.0.132 and port 5060)  and (host 192.168.0.110 and port 51410 ) or ( host 192.168.0.110 and port 20004)  or ( host 192.168.0.132 and port 37622)  or ( host 192.168.0.132 and port 37672)  or ( host 192.168.0.184 and port 10400)  and after 2024-08-28T06:29:52Z and before 2024-08-28T06:40:21Z' -w /home/hrhashmi/call.pcap

Enjoy 😉

How to Install go in Rocky Linux v8

1. dnf update
2. dnf install wget
3. cd /usr/local/src/
4. wget https://go.dev/dl/go1.19.2.linux-amd64.tar.gz
5. cd /usr/local/
6. tar -xvf /usr/local/src/go1.19.2.linux-amd64.tar.gz 
7. vim /etc/profile.d/go.sh
8. export PATH=$PATH:/usr/local/go/bin
9. close the terminal and start again
10. go version

Enjoy :)

Postgresql basic SQL Alternate Commands

How to connect with postgres CLI

su postgres
psql -U postgres -W Password

Postgress keywords in comparison to MySQL

database=# \l                       //show databases
database=# \c database              // use database
database=# \dt                      // show tables;
database=# \d table                 // describe table
database=# \x on                    //syntax enabled


PG_VERSION is the necessary data directory of that table pg_filenode.map is necessary

how to take backup in psql

export PGPASSWORD=`cat /etc/heplify-server.toml | grep DBPass | awk '{print $3}' | tr -d '"'`
pg_dump -U homer_user -h localhost -d homer_config -t users > /root/backup.sql

How to configure SSL

Go to this Link

Enjoy 😉

How to create your own IP-Location API

First, install Maxmind ip-location service ip-location

$ apt install geoip-bin geoip-database geoip-database-extra

now go to the Maxmind website create your account and download Geolite2-City-CSV file.

now use the following tool to convert the Maxmind rev2 database to the rev1 database with the following tool

$ git clone https://github.com/hepictel/geolite2legacy.git
$ cd geolite2legacy/
$ chmod +x geolite2legacy.py
$ ./geolite2legacy.py -i /root/GeoLite2-City-CSV_20220125.zip -o GeoLite2-City.dat
$ ./geolite2legacy.py -i /root/GeoLite2-City-CSV_20220125.zip -o GeoLite2-City.dat

Move this newly created database file to the location /usr/share/GeoIP/GeoIPCity.dat

mv /usr/share/GeoIP/GeoIPCity.dat /root/
mv GeoLite2-City.dat /usr/share/GeoIP/GeoIPCity.dat

now try searching the IP

geoiplookup 213.207.186.42 | grep Rev | awk '{ print $6}' | head -c -2

write a small PHP script to convert it in an API

<?php
date_default_timezone_set("Europe/London");
$ip_address = $_SERVER['REMOTE_ADDR'];
if (strpos($ip_address, ".") === false) $family = "IPv6"; else $family = "IPv4";
$command = "geoiplookup $ip_address | grep Rev | awk '{ print $6}' | head -c -2";
$ip_location=NULL;
if ($family == "IPv4") exec($command,$ip_location, $ip_location_code);
$data = [ 'ip_address' => $ip_address, 'family' => $family, 'ip_location' => $ip_location[0], 'time' => date("c") ];
header('Content-Type: application/json');
echo json_encode($data);
?>

Enjoy ;)

SIPp UAC test Scenario with 407 Proxy Authentication

First, create a username sipp with password 123456 in Freeswitch or on your own SIP server and create a dialplan that you call got answered for +923000000000

save the following lines in uac_407.xml

<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE scenario SYSTEM "sipp.dtd">

<!-- This program is free software; you can redistribute it and/or      -->
<!-- modify it under the terms of the GNU General Public License as     -->
<!-- published by the Free Software Foundation; either version 2 of the -->
<!-- License, or (at your option) any later version.                    -->
<!--                                                                    -->
<!-- This program is distributed in the hope that it will be useful,    -->
<!-- but WITHOUT ANY WARRANTY; without even the implied warranty of     -->
<!-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the      -->
<!-- GNU General Public License for more details.                       -->
<!--                                                                    -->
<!-- You should have received a copy of the GNU General Public License  -->
<!-- along with this program; if not, write to the                      -->
<!-- Free Software Foundation, Inc.,                                    -->
<!-- 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA             -->
<!--                                                                    -->
<!--                 Sipp default 'uac' scenario.                       -->
<!--                                                                    -->

<scenario name="Basic Sipstone UAC">
  <!-- In client mode (sipp placing calls), the Call-ID MUST be         -->
  <!-- generated by sipp. To do so, use [call_id] keyword.                -->
  <send retrans="500">
    <![CDATA[

      INVITE sip:[service]@[remote_ip]:[remote_port] SIP/2.0
      Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
      From: sipp <sip:sipp@[local_ip]:[local_port]>;tag=[pid]SIPpTag00[call_number]
      To: sut <sip:[service]@[remote_ip]:[remote_port]>
      Call-ID: [call_id]
      CSeq: 1000 INVITE
      Contact: sip:sipp@[local_ip]:[local_port]
      Max-Forwards: 70
      Subject: Performance Test
      Content-Type: application/sdp
      Content-Length: [len]

      v=0
      o=user1 53655765 2353687637 IN IP[local_ip_type] [local_ip]
      s=-
      c=IN IP[media_ip_type] [media_ip]
      t=0 0
      m=audio [media_port] RTP/AVP 0
      a=rtpmap:0 PCMU/8000

    ]]>
  </send>

  <recv response="407" auth="true">
        <action>
                <ereg regexp="tag=([^ ]*)" search_in="hdr" header="To" check_it="true" assign_to="4,3" />
                <log message="tag is [$4], [$3]"/>
        </action>
  </recv>

  <send>
   <![CDATA[

    ACK sip:[service]@[remote_ip]:[remote_port] SIP/2.0
    Via: SIP/2.0/[transport] [local_ip]:[local_port]
    From: sipp <sip:sipp@[local_ip]:[local_port]>;tag=[pid]SIPpTag00[call_number]
    To: sut <sip:[service]@[remote_ip]:[remote_port]>;tag=[$3]
    Call-ID: [call_id]
    CSeq: 1000 ACK
    Contact: sip:sipp@[local_ip]:[local_port]
    Max-Forwards: 70
    Subject: Performance Test
    Content-Length: 0

   ]]>
 </send>

  <send retrans="500">
    <![CDATA[

      INVITE sip:[service]@[remote_ip]:[remote_port] SIP/2.0
      Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
      From: sipp <sip:sipp@[local_ip]:[local_port]>;tag=[pid]SIPpTag00[call_number]
      To: sut <sip:[service]@[remote_ip]:[remote_port]>
      Call-ID: [call_id]
      CSeq: 1001 INVITE
      Contact: sip:sipp@[local_ip]:[local_port]
      [authentication]
      Max-Forwards: 70
      Subject: Performance Test
      Content-Type: application/sdp
      Content-Length: [len]

      v=0
      o=user1 53655765 2353687637 IN IP[local_ip_type] [local_ip]
      s=-
      c=IN IP[media_ip_type] [media_ip]
      t=0 0
      m=audio [media_port] RTP/AVP 0
      a=rtpmap:0 PCMU/8000

    ]]>
  </send>

  <recv response="407" optional="true">
  </recv>

  <recv response="100"
        optional="true">
  </recv>

  <recv response="180" optional="true">
  </recv>

  <!-- By adding rrs="true" (Record Route Sets), the route sets         -->
  <!-- are saved and used for following messages sent. Useful to test   -->
  <!-- against stateful SIP proxies/B2BUAs.                             -->
  <recv response="200" rtd="true">
        <action>
                <ereg regexp="tag=([^ ]*)" search_in="hdr" header="To" check_it="true" assign_to="1,2" />
                <log message="tag is [$1], [$2]"/>
        </action>
  </recv>

  <!-- Packet lost can be simulated in any send/recv message by         -->
  <!-- by adding the 'lost = "10"'. Value can be [1-100] percent.       -->
  <send>
    <![CDATA[

      ACK sip:[service]@[remote_ip]:[remote_port] SIP/2.0
      Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
      From: sipp <sip:sipp@[local_ip]:[local_port]>;tag=[pid]SIPpTag00[call_number]
      To: sut <sip:[service]@[remote_ip]:[remote_port]>;tag=[$2]
      Call-ID: [call_id]
      CSeq: 1001 ACK
      Contact: sip:sipp@[local_ip]:[local_port]
      Max-Forwards: 70
      Subject: Performance Test
      Content-Length: 0

    ]]>
  </send>


  <!-- This delay can be customized by the -d command-line option       -->
  <!-- or by adding a 'milliseconds = "value"' option here.             -->
  <pause/>

  <!-- The 'crlf' option inserts a blank line in the statistics report. -->
  <send retrans="500">
    <![CDATA[

      BYE sip:[service]@[remote_ip]:[remote_port] SIP/2.0
      Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
      From: sipp <sip:sipp@[local_ip]:[local_port]>;tag=[pid]SIPpTag00[call_number]
      To: sut <sip:[service]@[remote_ip]:[remote_port]>;tag=[$2]
      Call-ID: [call_id]
      CSeq: 1002 BYE
      Contact: sip:sipp@[local_ip]:[local_port]
      Max-Forwards: 70
      Subject: Performance Test
      Content-Length: 0

    ]]>
  </send>

  <recv response="200" crlf="true">
  </recv>

  <!-- definition of the response time repartition table (unit is ms)   -->
  <ResponseTimeRepartition value="10, 20, 30, 40, 50, 100, 150, 200"/>

  <!-- definition of the call length repartition table (unit is ms)     -->
  <CallLengthRepartition value="10, 50, 100, 500, 1000, 5000, 10000"/>

</scenario>

execute the sipp scenario like below

sipp -sf /root/uac_407.xml sipserver.io:7060 -s +923000000000 -au sipp -ap 123456 -d 500

Enjoy ;)

Install FreeSwitch for Production with BCG729 Codec and Systemd Service File

Add the repo to install freeswitch repo

apt-get update && apt-get install -yq gnupg2 wget lsb-release
wget -O - https://files.freeswitch.org/repo/deb/debian-release/fsstretch-archive-keyring.asc | apt-key add - 
echo "deb http://files.freeswitch.org/repo/deb/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list
echo "deb-src http://files.freeswitch.org/repo/deb/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list 
apt-get update

Install dependencies required for the build

apt-get build-dep freeswitch

Now download the Latest Freeswitch release

cd /usr/local/src/
wget https://github.com/signalwire/freeswitch/archive/refs/tags/v1.10.7.tar.gz
tar -xvf v1.10.7.tar.gz

Now try start Compiling

cd freeswitch-1.10.7
./bootstrap.sh -j

Try to add some modules

vim modules.conf
# uncomment
applications/mod_curl
formats/mod_shout
xml_int/mod_xml_curl
# comment
applications/mod_signalwire
./configure --prefix=/opt/SOMME/
make
make install

Confirm Freeswitch Version

/opt/SOMME/bin/freeswitch -version

Install system service file

cd debian
cp freeswitch-systemd.freeswitch.service /etc/systemd/system/freeswitch.service
vim /etc/systemd/system/freeswitch.service
# replace following lines
PIDFile=/opt/SOMME/var/run/freeswitch/freeswitch.pid
PIDFile=/opt/SOMME/var/run/freeswitch/freeswitch.pid
ExecStartPre=/bin/chown -R ${USER}:${GROUP} /opt/SOMME
ExecStart=/opt/SOMME/bin/freeswitch -u ${USER} -g ${GROUP} -ncwait ${DAEMON_OPTS}
# change user to root
User = root
Group = root
chmod +x /etc/systemd/system/freeswitch.service

Start Freeswitch

systemctl daemon-reload
systemctl start freeswitch

Make a Soft link for fs_cli

ln -s /opt/SOMME/bin/fs_cli /usr/bin/fs_cli
fs_cli

No Install G729 (BCG729) codec

git clone https://github.com/xadhoom/mod_bcg729.git
cd mod_bcg729/
apt install libfreeswitch-dev
ldconfig
FS_MODULES=/opt/SOMME/lib/freeswitch/mod/
FS_INCLUDES=/opt/SOMME/include/freeswitch/
make clean
make
make install
mv mod_bcg729.so /opt/SOMME/lib/freeswitch/mod/
systemctl restart freeswitch
fs_cli

Configure SIP port and Directory

update domain and port in vars.xml
add line followind line 
autoload_configs/xml_curl.conf.xml
<binding name="user_directory"> <param name="gateway-url" value="https://prod3.api.com/directory" bindings="directory" /> </binding>

Enjoy ;)

Some Basic Firewall Rules Each SIP Server Must Have

Please find the bash script to allow and block some unwanted traffic

#!/bin/bash

#DROP all rules
`sudo iptables -F`

# Local Communication
`sudo iptables -A INPUT -i lo -j ACCEPT`
`sudo iptables -A OUTPUT -o lo -j ACCEPT`

#SSH
`sudo iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT`
`sudo iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT`

# HTTPS
`sudo iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT`
`sudo iptables -A OUTPUT -p tcp --sport 80 -m conntrack --ctstate ESTABLISHED -j ACCEPT`

# HTTPS
`sudo iptables -A INPUT -p tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT`
`sudo iptables -A OUTPUT -p tcp --sport 443 -m conntrack --ctstate ESTABLISHED -j ACCEPT`

# Homer
`sudo iptables -A INPUT -p tcp --dport 9080 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT`
`sudo iptables -A OUTPUT -p tcp --sport 9080 -m conntrack --ctstate ESTABLISHED -j ACCEPT`

# HEPLIFY Server
`sudo iptables -A INPUT -p tcp --dport 9060 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT`
`sudo iptables -A OUTPUT -p tcp --sport 9060 -m conntrack --ctstate ESTABLISHED -j ACCEPT`
`sudo iptables -A INPUT -p udp --dport 9060 -j ACCEPT`
`sudo iptables -A OUTPUT -p udp --sport 9060 -j ACCEPT`

# SIP over TCP
`sudo iptables -A INPUT -p tcp --dport 5060 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT`
`sudo iptables -A OUTPUT -p tcp --sport 5060 -m conntrack --ctstate ESTABLISHED -j ACCEPT`
# SIP over TLS
`sudo iptables -A INPUT -p tcp --dport 5061 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT`
`sudo iptables -A OUTPUT -p tcp --sport 5061 -m conntrack --ctstate ESTABLISHED -j ACCEPT`
# SIP over UDP
`sudo iptables -A INPUT -p udp --dport 5060 -j ACCEPT`
`sudo iptables -A OUTPUT -p udp --sport 5060 -j ACCEPT`

# Prometheus Node Exporter
`sudo iptables -A INPUT -p tcp --dport 9100 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT`
`sudo iptables -A OUTPUT -p tcp --sport 9100 -m conntrack --ctstate ESTABLISHED -j ACCEPT`


# DROP INVALID Packets
`sudo iptables -A INPUT -m conntrack --ctstate INVALID -j DROP`

# DROP all other unwanted Traffic
`sudo iptables -A INPUT -j DROP`

How to compile and run a next application ?

Install nodejs Use  this  link for further reading curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.0/install.sh | bash nvm inst...