How to make deb or rpm packages

for Creating deb or rpm package we need to install the following services

1. ruby
2. gem (auto-installed with ruby)
3. fpm
4. package_cloud (optional)
5. rpm-build ( For rpm package only)

For installing ruby, use this link. after that install fpm and package_cloud

gem install fpm
gem install package_cloud

Use following script for creating package

#!/bin/bash
version=`date +%Y%m%d%H%M`
PACKAGE_DIR=/usr/local/src/installer/install-builder/
POSTINSTALL_MESSAGE_SH_FILE=$PACKAGE_DIR/build/postinst.sh
rm -rf $PACKAGE_DIR/*.deb
rm -rf $PACKAGE_DIR/*.rpm
fpm --after-install $POSTINSTALL_MESSAGE_SH_FILE -s dir  -t deb -n installer -v $version -C $PACKAGE_DIR/build/hepic-installer/ -d apt-transport-https -d ca-certificates -d dirmngr -d debconf -d debconf-utils -d libboost-regex-dev -d libmariadb-dev -d libboost-program-options-dev -d libboost-date-time-dev -d libboost-thread-dev -d git -d curl -d wget -d vim -d nano -d sudo -d software-properties-common -d apt-transport-https -d libboost-iostreams-dev -d shc

fpm --after-install $POSTINSTALL_MESSAGE_SH_FILE -s dir  -t rpm -n installer -v $version -C $PACKAGE_DIR/build/hepic-installer/ -d git -d curl -d gnupg2 -d boost-regex -d wget -d vim -d nano -d sudo -d shc

mv $PACKAGE_DIR/*.deb $PACKAGE_DIR/installer_$version-amd64.deb

and for pushing the package to the packagecloud use the following script

#!/bin/bash
## PUSH
PACKAGE_DIR==/usr/local/src/installer/install-builder/
RPM_PACKAGE=$PACKAGE_DIR/installer-202211291639-1.x86_64.rpm
DEB_PACKAGE=$PACKAGE_DIR/installer_202211291639-amd64.deb
package_cloud push PACKAGE/repo-dev/el/7 $RPM_PACKAGE
package_cloud push PACKAGE/repo-dev/ol/7 $RPM_PACKAGE
package_cloud push PACKAGE/repo-dev/debian/buster $DEB_PACKAGE
package_cloud push PACKAGE/repo-dev/debian/stretch $DEB_PACKAGE

Enjoy ;)

How to install Ruby

Go to Ruby Official Website ( https://www.ruby-lang.org/en/downloads/ ) and download the latest stable version

wget https://cache.ruby-lang.org/pub/ruby/3.1/ruby-3.1.3.tar.gz

Extract files

tar -xvf ruby-3.1.3.tar.gz

install some basic dependencies

1. autoconf
2. openssl-devel / libssl
3. numactl

cd ruby-3.1.3
./autogen.sh
./configure --with-openssl
make
make install

Enjoy ;)

How to install google/stenographer on Rocky Linux v8

Disable SELINUX First

1. vim /etc/selinux/config
2. Set SELINUX=disabled
3. reboot

Make directories for future use

4. mkdir -p /etc/stenographer/
5. adduser -M -U stenographer
6. mkdir -p /data/stenographer/
7. chown -R stenographer:stenographer /data/stenographer

Download Stenographer

8. dnf groupinstall "Development Tools"
9. dnf --enablerepo=powertools install snappy-devel snappy.x86_64 libseccomp-devel.x86_64 libseccomp.x86_64 libaio.x86_64 libaio-devel.x86_64 leveldb leveldb-devel.x86_64 jq rsyslog tcpdump
10. cd /usr/local/src/
11. git clone https://github.com/google/stenographer.git

Build Stenographer from Source (Install go if not installed before)

12. cd /usr/local/src/stenographer/
13. go mod init stenographer
14. go mod tidy
15. go build
16. cp stenographer /usr/bin/
17. cp stenoread /usr/bin/
18. cp stenocurl /usr/bin/

Install Stenotype

19. cd stenotype
20. make
21. cp stenotype /bin/
22. cp stenotype /usr/sbin/
23. setcap 'CAP_NET_RAW+ep CAP_NET_ADMIN+ep CAP_IPC_LOCK+ep' /bin/stenotype
24. setcap 'CAP_NET_RAW+ep CAP_NET_ADMIN+ep CAP_IPC_LOCK+ep' /usr/sbin/stenotype

Create system unit file and stenographer configuration files

25. cd ../configs/
    cp systemd.conf /etc/systemd/system/stenographer.service
26. cp steno.conf /etc/stenographer/config
27. vim /etc/stenographer/config

{
  "Threads": [
    { "PacketsDirectory": "/data/stenographer/thread0/packets/directory"
    , "IndexDirectory": "/data/stenographer/thread0/index/directory"
    , "MaxDirectoryFiles": 30000
    , "DiskFreePercentage": 70
    }
  ]
  , "StenotypePath": "/usr/bin/stenotype"
  , "Interface": "enp0s3"
  , "Port": 4321
  , "Host": "192.168.0.147"
  , "Flags": ["-vv", "--seccomp=none"]
  , "CertPath": "/etc/stenographer/certs"
}

Create SSL keys for stenographer

    cd /usr/local/src/stenographer
	./stenokeys.sh

not its time to start the Service

systemctl start stenographer
systemctl status stenographer	

make test, if the stenographer is working or not

stenoread 'port 22 and after 1m ago'

Enjoy ;)

How to Install go in Rocky Linux v8

1. dnf update

2. dnf install wget

3. cd /usr/local/src/

4. wget https://go.dev/dl/go1.19.2.linux-amd64.tar.gz

5. cd /usr/local/

6. tar -xvf /usr/local/src/go1.19.2.linux-amd64.tar.gz 

7. vim /etc/profile.d/go.sh

8. export PATH=$PATH:/usr/local/go/bin

9. close the terminal and start again

10. go version

Enjoy :)

Postgresql basic SQL Alternate Commands

How to connect with postgres CLI

su postgres
psql -U postgres -W Password

Postgress keywords in comparison to mysql

database=# \l                                           //show databases
database=# \c database                           // use database
database=# \dt                                        // show tables;
database=# \d table                                // describe table

PG_VERSION is the necessary data directory of that table pg_filenode.map is necessary

how to take backup in psql

export PGPASSWORD=`cat /etc/heplify-server.toml | grep DBPass | awk '{print $3}' | tr -d '"'`
pg_dump -U homer_user -h localhost -d homer_config -t users > /root/backup.sql

How to configure SSL

Go to this Link

Enjoy 😉

How to create your own IP-Location API

First, install Maxmind ip-location service ip-location

$ apt install geoip-bin geoip-database geoip-database-extra

now go to the Maxmind website create your account and download Geolite2-City-CSV file.

now use the following tool to convert the Maxmind rev2 database to the rev1 database with the following tool

$ git clone https://github.com/hepictel/geolite2legacy.git
$ cd geolite2legacy/
$ chmod +x geolite2legacy.py
$ ./geolite2legacy.py -i /root/GeoLite2-City-CSV_20220125.zip -o GeoLite2-City.dat
$ ./geolite2legacy.py -i /root/GeoLite2-City-CSV_20220125.zip -o GeoLite2-City.dat

Move this newly created database file to the location /usr/share/GeoIP/GeoIPCity.dat

mv /usr/share/GeoIP/GeoIPCity.dat /root/
mv GeoLite2-City.dat /usr/share/GeoIP/GeoIPCity.dat

now try searching the IP

geoiplookup 213.207.186.42 | grep Rev | awk '{ print $6}' | head -c -2

write a small PHP script to convert it in an API

<?php
date_default_timezone_set("Europe/London");
$ip_address = $_SERVER['REMOTE_ADDR'];
if (strpos($ip_address, ".") === false) $family = "IPv6"; else $family = "IPv4";
$command = "geoiplookup $ip_address | grep Rev | awk '{ print $6}' | head -c -2";
$ip_location=NULL;
if ($family == "IPv4") exec($command,$ip_location, $ip_location_code);
$data = [ 'ip_address' => $ip_address, 'family' => $family, 'ip_location' => $ip_location[0], 'time' => date("c") ];
header('Content-Type: application/json');
echo json_encode($data);
?>

Enjoy ;)

SIPp UAC test Scenario with 407 Proxy Authentication

First, create a username sipp with password 123456 in Freeswitch or on your own SIP server and create a dialplan that you call got answered for +923000000000

save the following lines in uac_407.xml

<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE scenario SYSTEM "sipp.dtd">

<!-- This program is free software; you can redistribute it and/or      -->
<!-- modify it under the terms of the GNU General Public License as     -->
<!-- published by the Free Software Foundation; either version 2 of the -->
<!-- License, or (at your option) any later version.                    -->
<!--                                                                    -->
<!-- This program is distributed in the hope that it will be useful,    -->
<!-- but WITHOUT ANY WARRANTY; without even the implied warranty of     -->
<!-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the      -->
<!-- GNU General Public License for more details.                       -->
<!--                                                                    -->
<!-- You should have received a copy of the GNU General Public License  -->
<!-- along with this program; if not, write to the                      -->
<!-- Free Software Foundation, Inc.,                                    -->
<!-- 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA             -->
<!--                                                                    -->
<!--                 Sipp default 'uac' scenario.                       -->
<!--                                                                    -->

<scenario name="Basic Sipstone UAC">
  <!-- In client mode (sipp placing calls), the Call-ID MUST be         -->
  <!-- generated by sipp. To do so, use [call_id] keyword.                -->
  <send retrans="500">
    <![CDATA[

      INVITE sip:[service]@[remote_ip]:[remote_port] SIP/2.0
      Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
      From: sipp <sip:sipp@[local_ip]:[local_port]>;tag=[pid]SIPpTag00[call_number]
      To: sut <sip:[service]@[remote_ip]:[remote_port]>
      Call-ID: [call_id]
      CSeq: 1000 INVITE
      Contact: sip:sipp@[local_ip]:[local_port]
      Max-Forwards: 70
      Subject: Performance Test
      Content-Type: application/sdp
      Content-Length: [len]

      v=0
      o=user1 53655765 2353687637 IN IP[local_ip_type] [local_ip]
      s=-
      c=IN IP[media_ip_type] [media_ip]
      t=0 0
      m=audio [media_port] RTP/AVP 0
      a=rtpmap:0 PCMU/8000

    ]]>
  </send>

  <recv response="407" auth="true">
        <action>
                <ereg regexp="tag=([^ ]*)" search_in="hdr" header="To" check_it="true" assign_to="4,3" />
                <log message="tag is [$4], [$3]"/>
        </action>
  </recv>

  <send>
   <![CDATA[

    ACK sip:[service]@[remote_ip]:[remote_port] SIP/2.0
    Via: SIP/2.0/[transport] [local_ip]:[local_port]
    From: sipp <sip:sipp@[local_ip]:[local_port]>;tag=[pid]SIPpTag00[call_number]
    To: sut <sip:[service]@[remote_ip]:[remote_port]>;tag=[$3]
    Call-ID: [call_id]
    CSeq: 1000 ACK
    Contact: sip:sipp@[local_ip]:[local_port]
    Max-Forwards: 70
    Subject: Performance Test
    Content-Length: 0

   ]]>
 </send>

  <send retrans="500">
    <![CDATA[

      INVITE sip:[service]@[remote_ip]:[remote_port] SIP/2.0
      Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
      From: sipp <sip:sipp@[local_ip]:[local_port]>;tag=[pid]SIPpTag00[call_number]
      To: sut <sip:[service]@[remote_ip]:[remote_port]>
      Call-ID: [call_id]
      CSeq: 1001 INVITE
      Contact: sip:sipp@[local_ip]:[local_port]
      [authentication]
      Max-Forwards: 70
      Subject: Performance Test
      Content-Type: application/sdp
      Content-Length: [len]

      v=0
      o=user1 53655765 2353687637 IN IP[local_ip_type] [local_ip]
      s=-
      c=IN IP[media_ip_type] [media_ip]
      t=0 0
      m=audio [media_port] RTP/AVP 0
      a=rtpmap:0 PCMU/8000

    ]]>
  </send>

  <recv response="407" optional="true">
  </recv>

  <recv response="100"
        optional="true">
  </recv>

  <recv response="180" optional="true">
  </recv>

  <!-- By adding rrs="true" (Record Route Sets), the route sets         -->
  <!-- are saved and used for following messages sent. Useful to test   -->
  <!-- against stateful SIP proxies/B2BUAs.                             -->
  <recv response="200" rtd="true">
        <action>
                <ereg regexp="tag=([^ ]*)" search_in="hdr" header="To" check_it="true" assign_to="1,2" />
                <log message="tag is [$1], [$2]"/>
        </action>
  </recv>

  <!-- Packet lost can be simulated in any send/recv message by         -->
  <!-- by adding the 'lost = "10"'. Value can be [1-100] percent.       -->
  <send>
    <![CDATA[

      ACK sip:[service]@[remote_ip]:[remote_port] SIP/2.0
      Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
      From: sipp <sip:sipp@[local_ip]:[local_port]>;tag=[pid]SIPpTag00[call_number]
      To: sut <sip:[service]@[remote_ip]:[remote_port]>;tag=[$2]
      Call-ID: [call_id]
      CSeq: 1001 ACK
      Contact: sip:sipp@[local_ip]:[local_port]
      Max-Forwards: 70
      Subject: Performance Test
      Content-Length: 0

    ]]>
  </send>


  <!-- This delay can be customized by the -d command-line option       -->
  <!-- or by adding a 'milliseconds = "value"' option here.             -->
  <pause/>

  <!-- The 'crlf' option inserts a blank line in the statistics report. -->
  <send retrans="500">
    <![CDATA[

      BYE sip:[service]@[remote_ip]:[remote_port] SIP/2.0
      Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
      From: sipp <sip:sipp@[local_ip]:[local_port]>;tag=[pid]SIPpTag00[call_number]
      To: sut <sip:[service]@[remote_ip]:[remote_port]>;tag=[$2]
      Call-ID: [call_id]
      CSeq: 1002 BYE
      Contact: sip:sipp@[local_ip]:[local_port]
      Max-Forwards: 70
      Subject: Performance Test
      Content-Length: 0

    ]]>
  </send>

  <recv response="200" crlf="true">
  </recv>

  <!-- definition of the response time repartition table (unit is ms)   -->
  <ResponseTimeRepartition value="10, 20, 30, 40, 50, 100, 150, 200"/>

  <!-- definition of the call length repartition table (unit is ms)     -->
  <CallLengthRepartition value="10, 50, 100, 500, 1000, 5000, 10000"/>

</scenario>

execute the sipp scenario like below

sipp -sf /root/uac_407.xml sipserver.io:7060 -s +923000000000 -au sipp -ap 123456 -d 500

Enjoy ;)

Install FreeSwitch for Production with BCG729 Codec and Systemd Service File

Add the repo to install freeswitch repo

apt-get update && apt-get install -yq gnupg2 wget lsb-release
wget -O - https://files.freeswitch.org/repo/deb/debian-release/fsstretch-archive-keyring.asc | apt-key add - 
echo "deb http://files.freeswitch.org/repo/deb/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list
echo "deb-src http://files.freeswitch.org/repo/deb/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list 
apt-get update

Install dependencies required for the build

apt-get build-dep freeswitch

Now download the Latest Freeswitch release

cd /usr/local/src/
wget https://github.com/signalwire/freeswitch/archive/refs/tags/v1.10.7.tar.gz
tar -xvf v1.10.7.tar.gz

Now try start Compiling

cd freeswitch-1.10.7
./bootstrap.sh -j

Try to add some modules

vim modules.conf
# uncomment
applications/mod_curl
formats/mod_shout
xml_int/mod_xml_curl
# comment
applications/mod_signalwire
./configure --prefix=/opt/SOMME/
make
make install

Confirm Freeswitch Version

/opt/SOMME/bin/freeswitch -version

Install system service file

cd debian
cp freeswitch-systemd.freeswitch.service /etc/systemd/system/freeswitch.service
vim /etc/systemd/system/freeswitch.service
# replace following lines
PIDFile=/opt/SOMME/var/run/freeswitch/freeswitch.pid
PIDFile=/opt/SOMME/var/run/freeswitch/freeswitch.pid
ExecStartPre=/bin/chown -R ${USER}:${GROUP} /opt/SOMME
ExecStart=/opt/SOMME/bin/freeswitch -u ${USER} -g ${GROUP} -ncwait ${DAEMON_OPTS}
# change user to root
User = root
Group = root
chmod +x /etc/systemd/system/freeswitch.service

Start Freeswitch

systemctl daemon-reload
systemctl start freeswitch

Make a Soft link for fs_cli

ln -s /opt/SOMME/bin/fs_cli /usr/bin/fs_cli
fs_cli

No Install G729 (BCG729) codec

git clone https://github.com/xadhoom/mod_bcg729.git
cd mod_bcg729/
apt install libfreeswitch-dev
ldconfig
FS_MODULES=/opt/SOMME/lib/freeswitch/mod/
FS_INCLUDES=/opt/SOMME/include/freeswitch/
make clean
make
make install
mv mod_bcg729.so /opt/SOMME/lib/freeswitch/mod/
systemctl restart freeswitch
fs_cli

Configure SIP port and Directory

update domain and port in vars.xml
add line followind line 
autoload_configs/xml_curl.conf.xml
<binding name="user_directory"> <param name="gateway-url" value="https://prod3.api.com/directory" bindings="directory" /> </binding>

Enjoy ;)

Some Basic Firewall Rules Each SIP Server Must Have

Please find the bash script to allow and block some unwanted traffic

#!/bin/bash

#DROP all rules
`sudo iptables -F`

# Local Communication
`sudo iptables -A INPUT -i lo -j ACCEPT`
`sudo iptables -A OUTPUT -o lo -j ACCEPT`

#SSH
`sudo iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT`
`sudo iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT`

# HTTPS
`sudo iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT`
`sudo iptables -A OUTPUT -p tcp --sport 80 -m conntrack --ctstate ESTABLISHED -j ACCEPT`

# HTTPS
`sudo iptables -A INPUT -p tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT`
`sudo iptables -A OUTPUT -p tcp --sport 443 -m conntrack --ctstate ESTABLISHED -j ACCEPT`

# Homer
`sudo iptables -A INPUT -p tcp --dport 9080 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT`
`sudo iptables -A OUTPUT -p tcp --sport 9080 -m conntrack --ctstate ESTABLISHED -j ACCEPT`

# HEPLIFY Server
`sudo iptables -A INPUT -p tcp --dport 9060 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT`
`sudo iptables -A OUTPUT -p tcp --sport 9060 -m conntrack --ctstate ESTABLISHED -j ACCEPT`
`sudo iptables -A INPUT -p udp --dport 9060 -j ACCEPT`
`sudo iptables -A OUTPUT -p udp --sport 9060 -j ACCEPT`

# SIP over TCP
`sudo iptables -A INPUT -p tcp --dport 5060 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT`
`sudo iptables -A OUTPUT -p tcp --sport 5060 -m conntrack --ctstate ESTABLISHED -j ACCEPT`
# SIP over TLS
`sudo iptables -A INPUT -p tcp --dport 5061 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT`
`sudo iptables -A OUTPUT -p tcp --sport 5061 -m conntrack --ctstate ESTABLISHED -j ACCEPT`
# SIP over UDP
`sudo iptables -A INPUT -p udp --dport 5060 -j ACCEPT`
`sudo iptables -A OUTPUT -p udp --sport 5060 -j ACCEPT`

# Prometheus Node Exporter
`sudo iptables -A INPUT -p tcp --dport 9100 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT`
`sudo iptables -A OUTPUT -p tcp --sport 9100 -m conntrack --ctstate ESTABLISHED -j ACCEPT`


# DROP INVALID Packets
`sudo iptables -A INPUT -m conntrack --ctstate INVALID -j DROP`

# DROP all other unwanted Traffic
`sudo iptables -A INPUT -j DROP`