Department of Science and Technology IV-A

Jamboree Rd., Timugan, Los Baos, Laguna

ICT Based Disaster Communication System Installation Manual

Prepared by: Gaspar Howell F. Miga Date: May 14, 2012

1|Page

CONTENTS
1. Introduction . 4 2. Pre-requisite . 4 3. Tools needed . 4 4. Pre-installation requirement . 4 5. Installation of Ubuntu Operating System .. 4 5.1 Minimum Server Requirements .. 4 5.2 Installation process 4 6. INSTALLATION OF playSMS 5 6.1 Introduction .. 5 6.2 Description ... 5 6.3 Requirement 6 6.4 Minimum Required Software 6 6.5 Minimum Required Server Administrator (or Developer) . 6 6.6 Installation instruction .. 6 6.7 playSMS Web Interface . 6 7. INSTALLATION OF SMSSERVERTOOLS3 8 7.1 Introduction .. 8 2|Page

8.

7.2 Installation instruction . 8 Hardening the ICT Server 10 8.1 Change settings for increased security . 10 8.2 Disable root SSH login . 10 8.3 Only allow admin users to use su .. 11 8.4 Add yourself to the admin group .. 11 8.5 Restrict access to /bin/su to admin group members .. 11 8.6 Check permissions for /bin/su .. 11 8.7 Do not permit source routing of incoming packets .. 11 8.8. Dont allow system users to access an FTP server .. 11 8.9. Edit /etc/ftpusers 12 8.10. UFW: basic firewall 12 8.11. Install and enable Uncomplicated Firewall 12 8.12 Display available UFW commands .. 12 8.13 Display UFW configuration . 13 8.14 Allow SSH and HTTP access to the Apache server . 13 8.15 See services running and which names to use . 13 8.16 Denyhosts: to avoid SSH attacks . 13 8.17 Tiger: security system scanner . 13 8.18 Detect attempted intrusions with psad .. 14 8.19 Nmap: port scanning 15 8.20 LogWatch 15 8.21 Ongoing maintenance 16 8.22 Updating software 16 3|Page

9.

10.

11. 12. 13. 14. 15. 16. 17.

8.23 Check for attempted instrusions 16 CONFIGURING THE MAIL SERVER Using POSTFIX . 17 9.1 Installation .. 17 9.2 Basic Configuration 18 Creating a Self-Signed Certificate .. 24 10.1. Generating a Certificate Signing Request (CSR) .. 25 10.2. Installing the Certificate . 27 10.3. Certification Authority . 27 Configuration of smsd.conf 28 Configuration of mysmsd file . 30 Setting up cron jobs on crontab . 40 Creating script to run on crontab . 41 Creating a Folder for the csv file . 42 Restarting SMSTools3 43 Restarting the ICT Server 43

4|Page

1. Introduction The purpose of this documentation is to provide a step by step guide for Ubuntu OS, playSMS, smstools3 installation and editing some configuration files.

2. Pre-requisite - The person to perform the server installation should be knowledgeable in computer hardware and software especially linux operating system. 3. Tools needed - Server computer - Ubuntu linux Operating System (version 10.04 or latest) - playSMS and smstools3 application package 4. Pre-installation requirement - make sure that you are connected to the network and have internet access while installing the Ubuntu linux Operating system.

5. Installation of Ubuntu Operating System 5.1Minimum Server Requirements a. At least Pentium 4 Processor b. At least 40 GB HDD c. At least 512 MB RAM d. DVD ROM

5.2 Installation process insert the installer cd select english for the language then select install ubuntu server in the countries or regions select philippines in detecting the keyboard layout, select yes and follow the instruction and it should be detected or appear as "us", then select continue no problem should be encounter in detecting the hardware loading additional requirement should be completed in configuring the network, select cancel. a network configuration method window will appear, select configure network manually a. ipaddress - 202.90.131.20 b. netmask - 255.255.255.248 c. gateway - 202.90.131.17 5|Page

d. nameserver address - 202.90.131.3 202.90.128.3 202.90.128.8 e. hostname - ictbdmfs f. domain name - ictbdmfs.dost.gov.ph configuring the clock - time zone is Asia/Manila, select yes starting up the partitioner - select guided (use entire disk and set up LVM) g. select the disk for partition h. at this point you will be ask to remove existing logical volume data, select yes i. write the changes to disks and configure LVM, select yes j. amount of volume group to use for guided partitioning input "max" k. write the changes to disks, select yes in installing the base system, it should be completed username and password configuration l. username - ict m. username of the account - ict n. password dostiva123 o. encrypt home directory - yes in proxy information leave it blank and select continue configuring the "apt" should be completed select and install software select no automatic updates software to install p. DNS server q. LAMP server r. Mail server s. OpenSSH server Password for the MySQL - 'gasparhowell' installing GRUB boot loader, select yes finishing installation, restart the cpu

6. INSTALLATION OF playSMS 6.1 Introduction PlaySMS is an application use to send Short Message Service (SMS) via gateway. This application contains some functions that can be embedded in a user developed SMS System. Such functions can be found in the playsms library (eg. /var/www/playsms/lib/fn_sendsms). There are lot of SMS gateway application that can be used in implementing the playSMS application. In this project, we choose to custom SMSTOOLS3 as the gateway. 6.2 Description a. This document explain about howto install or setup playSMS

6.3 Requirement a. Minimum Required Hardware 6|Page

b. Web server capable hardware 6.4 Minimum Required Software - Operating System (Ubuntu 10.04 Lucid) - Web Server (Apache2) - Database Server (MySQL 5.1.41) - PHP 5.3.2 or latest stable release with mysql module enabled and CLI version available - PHP gettext extension (this is a must for text translation) - PHP multibyte string function (should be able to call mb_convert_encoding) - Access to SMTP server (playSMS will use this to send email) 6.5 Minimum Required Server Administrator (or Developer) - Understand howto make sure installed PHP has MySQL module enabled/loaded - Understand howto create/drop MySQL database - Understand howto insert SQL statements into created database - Basic knowledges to operate and manage Linux (skill to navigate in console mode) 6.6 Installation instruction Note: (You must be in root priviledge when installing playSMS. If not, please understand that this documentation is trying to guide you to install playSMS on /var/www/playsms under user 'playsms'. You may use your own useroname, your own home directory or any preferred directory. This installation instructions might be working also for other *NIX based operating system) 6.7 playSMS Web Interface: 1. It is important to meet all minimum requiments above 2. Setup a system user named 'playsms' to manage playSMS # adduser playsms # passwd playsms Note: on some Linux distributions adduser and passwd combined (Debian, Ubuntu and maybe others) 3. On most Linux distributions actions (2) will create system user and group named 'playsms' with home directory /home/playsms, but you will install playSMS in different directory

7|Page

4. Create playSMS web root, spool and log and set ownership to user wwwdata or web server user # mkdir -p /var/www/playsms # mkdir -p /var/spool/playsms # mkdir -p /var/log/playsms # chown -R www-data /var/www/playsms # chown -R www-data /var/spool/playsms # chown -R www-data /var/log/playsms 5. Extract playSMS package in /usr/local/src # tar -zxvf playsms-x.x.x.tar.gz -C /usr/local/src Note: x.x.x may vary according to the package name you've download 6. Copy files and directories inside 'web' directory to playSMS web root and set ownership again to user www-data or apache web server user # cd /usr/local/src/playsms-x.x.x/web # cp -rR * /var/www/playsms # chown -R www-data /var/www/playsms Note: assumed your web server user is www-data 7. Setup database (import database) # mysqladmin -u root -p create playsms # mysql -u root -p playsms < /usr/local/src/playsms-x.x.x/db/playsms.sql Note: you dont need to use MySQL root access nor this method to setup playSMS database, but this is beyond our scope, you should read MySQL manual's for custom installation method or howto insert SQL statements into existing database 8. Copy config-dist.php to config.php and edit config.php # cd /var/www/playsms # cp config-dist.php config.php # mcedit config.php or # vi config.php Note: please read and fill all required fields with coutious 9. Enter bin directory, copy playsms, playsmsd, playsmsd.php, playsmsd_start to directory default # cd /usr/local/src/playsms-x.x.x/bin # cp playsmsd playsmsd.php playsmsd_start /usr/local/bin/ # cp playsms /etc/default/ Note: please note the different between playsms and playsmsd 8|Page

10. Look for rc.local on /etc and its subdirectories (usualy /etc, /etc/init.d or /etc/rc.d/init.d) Edit rc.local and put: "/usr/local/bin/playsmsd_start" (without quotes) on the bottom of the file (before exit if theres exit command). This way playsmsd_start will start automatically on boot. Note: you need 'root' access to do this 11 Browse http://localhost/playsms/ and login using default administrator user username: admin password: admin 12. At this point you should be able to login to playSMS web interface and manage playSMS (Thanks to Anton Raharja for sharing this opensource application.)

7. INSTALLATION OF SMSSERVERTOOLS3 7.1 Introduction The smsservertools3 is an SMS Gateway software which can send and receive short messages through GSM modems and mobile phones. You can send short messages by simply storing text files into a special spool directory. The program monitors this directory and sends new files automatically. It also stores received short messages into another directory as text files. The program can be run as a SMS daemon which can be started automatically when the operating system starts. High availability can be ensured by using multiple GSM devices (currently up to 64, this limit is easily changeable). The program can run other external programs or scripts after events like reception of a new message, successful sending and also when the program detects a problem. These programs can inspect the related text files and perform automatic actions, for example storing information into a database (for example MySQL or Microsoft SQL Server), sending an automatic reply, forwarding messages via eMail (SMS to eMail gateway), ... and whatever you like. Reference : http://smstools3.kekekasvi.com 7.2 Installation instruction 9|Page

This manual is also compatible with original SMS Server Tools. This step by step installation instruction is designed for playSMS are as follows: 1. Extract SMS Server Tools source package in /usr/local/src # tar -zxvf smstools3-3.1.3.tar.gz 2. Enter the extracted source codes directory and execute make to compile followed by installing smstools3 # cd smstools3 # make # make install 4. Back to playSMS source directory, copy smsd.conf from contrib/smstools/ to /etc # cd <playsms source codes directory> # cp contrib/smstools/smsd.conf /etc/ 5. Make changes on /etc/smsd.conf (just comment the default value as a guide and custom it with your gsm modem) 6. Create some important directories for smstools3 # mkdir -p /var/spool/sms/checked # mkdir -p /var/spool/sms/failed # mkdir -p /var/spool/sms/incoming # mkdir -p /var/spool/sms/outgoing # mkdir -p /var/spool/sms/sent # mkdir -p /var/log/sms 7. Change permissions on some directories so that web server user can write files on it # chmod -R 777 /var/spool/sms or # chown -R www-data /var/spool/sms 8. Enter playSMS from web and login as administrator user and activate Gateway smstools Note if you are using Ubuntu or Debian and alike: - To get smstools3 running automatically on every boot, type this command: # update-rc.d sms3 defaults For smstools, type following command: # update-rc.d sms defaults 10 | P a g e

(Thanks to Mr. Keijo "Keke" Kasvi for sharing this opensource application.) 8. Hardening the ICT Server Security is relative. These steps make ICT Server more secure than it was before. Security is an on-going process. It includes settings, practices and procedures. Make it your business to regularly read about security and to understand the concepts and our system. Paranoia is useful with regard to server security. Ubuntu server is well designed, regularly updated and relatively secure. The Ubuntu Security Team manifests an onging effort to keep Ubuntu secure. Regular security updates are available and easy to implement.

No open ports Role-based administration No X server Security updates Kernel and compiler hardening

In this documentation, we are going to meet the security challenge in with multipronged effort that will include: system analysis, changing settings for additional hardening against attack, installing a firewall maintenance system, scanning for rootkits, and offering a regular maintenance regimen.

Change settings for increased security Implement UFW, the uncomplicated firewall Use denyhosts to automatically blacklist attackers Scan the system for vulnerabilities with Tiger Detect attempted intrusions with psad Install nmap and scan the system for open ports Check the system for rootkits with chkrootkit Monitor logs

8.1 Change settings for increased security see also: https://help.ubuntu.com/community/StricterDefaults Secure shared memory /dev/shm can be used in an attack against a running service, such as httpd. Modify /etc/fstab to make it more secure. sudo vi /etc/fstab Add this line: tmpfs /dev/shm tmpfs defaults,noexec,nosuid 0 0 11 | P a g e

8.2 Disable root SSH login The root account is disabled by default in Ubuntu. In any case, it is a good idea to disable root SSH access. Edit /etc/ssh/sshd_config and set PermitRootLogin to no. sudo vi /etc/ssh/sshd_config Change PermitRootLogin to no: Of course, if you access your server via SSH, you should make sure you have sudo working for your user before disabling SSH root access. 8.3 Only allow admin users to use su This helps prevent privilege escalation. By default, Ubuntu does not have an admin group. Create an admin group: sudo groupadd admin 8.4. Add yourself to the admin group: sudo usermod -a -G admin andrew 8.5. Restrict access to /bin/su to admin group members: sudo dpkg-statoverride --update --add root admin 4750 /bin/su 8.6. Check permissions for /bin/su with: ls -lh /bin/su and see the following: -rwsr-x--- 1 root admin 31K 2010-01-26 17:09 /bin/su 8.7 Do not permit source routing of incoming packets sudo sysctl -w net.ipv4.conf.all.accept_source_route=0 sudo sysctl -w net.ipv4.conf.default.accept_source_route=0 8.8 Dont allow system users to access an FTP server

12 | P a g e

This is only needed is ftpd is installed and running. Only if youve installed ftpd. However, it is Ok to do this anyway and it will remove a FAIL from the tiger report. SFTP is probably better than FTP, if it is usable for your files transfer needs. 8.9 Edit /etc/ftpusers: sudo vi /etc/ftpusers Add system users to deny use of ftpd: 01.backup 02.bin 03.daemon 04.games 05.gnats 06.irc 07.libuuid 08.list 09.lp 10.mail 11.man 12.mysql 13.news 14.ntp 15.postfix 16.proxy 17.sshd 18.sync 19.sys 20.syslog 21.uucp 22.www-data 8.10. UFW: basic firewall UFW (Uncomplicated Firewall) provides an easy to understand interface to control iptables (iptables control Netfilter, which is built into the kernel). Will just a few commands, your server can control access. Checking status is also easy. UFW (uncomplicated firewall) is a simple interface used to configure iptables. 8.11 Install and enable Uncomplicated Firewall: sudo aptitude install -y ufw sudo ufw enable 13 | P a g e

8.12 Display available UFW commands: sudo ufw show 8.13 Display UFW configuration: sudo ufw status 8.14 Allow SSH and HTTP access to the Apache server: sudo ufw allow ssh sudo ufw allow http In the above example, ports for OpenSSH and Apache were opened by service name (ssh and http). You can use a port number instead of the service name (like 80 instead of http). 8.15 See services running and which names to use: The practice here is to open only ports that you use ports that use a service that have a service running. To see a list of services that you have running for which you might want to open ports for: sudo ufw app list To see a list of services that UFW uses (like in the sudo ufw allow ssh example, above): less /etc/services 8.16 Denyhosts: to avoid SSH attacks Looking at /var/log/auth.log on servers that I manage shows a steady streams of attacks on SSH. I am countering these attacks in a number of ways, starting with denyhosts. Denyhosts periodically scans /var/log/auth.log for repeated failures to access the system via SSH. It then adds these offenders to /etc/hosts.deny. sudo aptitude -y install denyhosts That does it the rest is automatic. You can see the IP addresses added to /etc/hosts.deny with: sudo less /etc/hosts.deny 8.17 Tiger: security system scanner 14 | P a g e

Tiger creates an automated security audit by analyzing files and settings on the system and creating a report listing what has been analyzed and listing warning, alerts and failures. The tiger command creates a report of potential security problems in /var/log/tiger. The use the tigexp command to look up the resulting codes generated for a detailed explanation and what to do to make the system more secure. The problems tiger considers most serious are marked with FAIL. It has been a while since Tiger has been updated. It still produces a useful report. Install tiger: sudo aptitude -y install tiger Run tiger to create a report of security issues. sudo tiger Use less to view the most recent tiger report: sudo -i less /var/log/tiger/`ls -t1 /var/log/tiger | head -1` exit Use tigexp to list explanations for FAIL codes: tigexp dev002f Ignore these: 1.--FAIL-- [dev002f] /dev/fuse has world permissions 2.--FAIL-- [logf005f] Log file /var/log/btmp permission should be 660 Changing permissions for these could cause problems. 8.18 Detect attempted intrusions with psad project: http://www.cipherdyne.org/psad/ Psad is a collection of lightweight daemons that log attempted intrusions, in particular monitoring iptables. Installation: sudo aptitude -y install psad 15 | P a g e

The daemons will run automatically. To check current status: sudo psad -S You can modify psad settings to e-mail the admin in the event of intrusion detection. 8.19 Nmap: port scanning project: http://nmap.org/ This allows you to see which ports are open, verifying that UFW/iptables is working correctly. Installing nmap: sudo aptitude install -y nmap Port scanning: nmap -v -sT localhost SYN Scanning: sudo nmap -v -sS localhost scan type techniques.html explanations: http://nmap.org/book/man-port-scanning-

Chkrootkit: check for rootkit presence project: http://www.chkrootkit.org/ Chkrootkit scans the system for evidence that a rootkit has been installed. This is a confidence test to be used to test whether your system has been compromised. In a perfect world you would not need thisbut in this world, it is good to run periodically. Installing chkrootkit: sudo aptitude install -y chkrootkit Running chkrootkit: sudo chkrootkit 16 | P a g e

8.20 LogWatch Ubuntu community https://help.ubuntu.com/community/Logwatch documentation:

The most detailed and informative logs in the world are useless if no one looks at them. Logwatch winnows the deluge to a succinct reportwhich you will look at. Even so, familiarize yourself with your systems logs and review them on a regular basis. A daily logwatch habit would be a good start. Installation: sudo aptitude -y install logwatch Usage: sudo logwatch | less 8.21 Ongoing maintenance Your server is now more secure. Once a week, perform on-going maintenance. 8.22 Updating software: sudo aptitude update sudo aptitude safe-upgrade The safe-upgrade action is preferred by me because it does not upgrade packages that rely on dependencies that have not been upgraded to required levels. see: http://wiki.debian.org/Aptitude Or, you could set-up automatic security updates, if you cannot do the weekly maintenance. This is not a perfect solution because an administrator is not monitoring what is being updated and testing after updates. see: https://help.ubuntu.com/10.04/serverguide/C/automatic-updates.html 8.23 Check for attempted instrusions: sudo psad -S UPDATED: Analyze system with tiger. Because the tiger reports in /var/log/tiger/are owned by root, run these commands one at a time. (This solves a problem some people were having with permissions.) sudo -i tiger 17 | P a g e

grep FAIL /var/log/tiger/`ls -t1 /var/log/tiger | head -1` exit In the above, FAILs are pulled from the newest report file with grep. The ls clause in backticks gives grep the newest file in the directory. The sudo -i command allows you to run multiple commands as root, ending with exit. Use tigexp to list explanations for FAIL codes: tigexp dev002f Scan ports with nmap: sudo nmap -v -sS localhost Check for rootkits sudo chkrootkit Look at logs: sudo logwatch | less Keep up with trends visit: http://www.linuxsecurity.com/ 9. CONFIGURING THE MAIL SERVER Using POSTFIX Postfix is the default Mail Transfer Agent (MTA) in Ubuntu. It attempts to be fast and easy to administer and secure. It is compatible with the MTA sendmail. This section explains how to install and configure postfix. It also explains how to set it up as an SMTP server using a secure connection (for sending emails securely). Note: This guide does not cover setting up Postfix Virtual Domains, for information on Virtual Domains and other advanced configurations see the section called References. 9.1 Installation To install postfix run the following command: sudo apt-get install postfix Simply press enter key when the installation process asks questions, the configuration will be done in greater detail in the next stage. 18 | P a g e

9.2 Basic Configuration To configure postfix, run the following command: sudo dpkg-reconfigure postfix The user interface will be displayed. On each screen, select the following values: Internet Site mail.example.com steve mail.example.com, localhost.localdomain, localhost No 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24 0 + all Note: Replace mail.example.com with the domain for which you'll accept email, 192.168.0.0/24 with the actual network and class range of your mail server, and steve with the appropriate username. Now is a good time to decide which mailbox format you want to use. By default Postfix will use mbox for the mailbox format. Rather than editing the configuration file directly, you can use the postconf command to configure all postfix parameters. The configuration parameters will be stored in /etc/postfix/main.cf file. Later if you wish to re-configure a particular parameter, you can either run the command or change it manually in the file. To configure the mailbox format for Maildir: sudo postconf -e 'home_mailbox = Maildir/'

19 | P a g e

Note: This will place new mail in /home/username/Maildir so you will need to configure your Mail Delivery Agent (MDA) to use the same path. SMTP Authentication SMTP-AUTH allows a client to identify itself through an authentication mechanism (SASL). Transport Layer Security (TLS) should be used to encrypt the authentication process. Once authenticated the SMTP server will allow the client to relay mail. Configure Postfix for SMTP-AUTH using SASL (Dovecot SASL): sudo postconf -e 'smtpd_sasl_type = dovecot' sudo postconf -e 'smtpd_sasl_path = private/auth-client' sudo postconf -e 'smtpd_sasl_local_domain =' sudo postconf -e 'smtpd_sasl_security_options = noanonymous' sudo postconf -e 'broken_sasl_auth_clients = yes' sudo postconf -e 'smtpd_sasl_auth_enable = yes' sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destinatio n' sudo postconf -e 'inet_interfaces = all' Note: The smtpd_sasl_path configuration is a path relative to the Postfix queue directory. Next, obtain a digital certificate for TLS. See the section called Certificates for details. This example also uses a Certificate Authority (CA). For information on generating a CA certificate see the section called Certification Authority. Note: You can get the digital certificate from a certificate authority. But unlike web clients, SMTP clients rarely complain about "self-signed certificates", so alternatively, you can create the certificate yourself. Refer to the section called Creating a Self-Signed Certificate for more details. Once you have a certificate, configure Postfix to provide TLS encryption for both incoming and outgoing mail: sudo postconf -e sudo postconf -e sudo postconf -e sudo postconf -e sudo postconf -e sudo postconf -e sudo postconf -e 'smtpd_tls_auth_only = no' 'smtp_tls_security_level = may' 'smtpd_tls_security_level = may' 'smtp_tls_note_starttls_offer = yes' 'smtpd_tls_key_file = /etc/ssl/private/server.key' 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt' 'smtpd_tls_loglevel = 1' 20 | P a g e

sudo postconf -e sudo postconf -e sudo postconf -e sudo postconf -e

'smtpd_tls_received_header = yes' 'smtpd_tls_session_cache_timeout = 3600s' 'tls_random_source = dev:/dev/urandom' 'myhostname = mail.example.com'

If you are using your own Certificate Authority to sign the certificate enter: sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem' Again, for more details about certificates see the section called Certificates. Note: After running all the commands, Postfix is configured for SMTP-AUTH and a self-signed certificate has been created for TLS encryption. Now, the file /etc/postfix/main.cf should look like this. The postfix initial configuration is complete. Run the following command to restart the postfix daemon: sudo /etc/init.d/postfix restart Postfix supports SMTP-AUTH as defined in RFC2554. It is based on SASL. However it is still necessary to set up SASL authentication before you can use SMTP-AUTH. Configuring SASL Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To enable Dovecot SASL the dovecot-common package will need to be installed. From a terminal prompt enter the following: sudo apt-get install dovecot-common Next you will need to edit /etc/dovecot/dovecot.conf. In the auth default section uncomment the socket listen option and change the following: socket listen { #master { # Master socket provides access to userdb information. It's typically # used to give Dovecot's local delivery agent access to userdb so it # can find mailbox locations. #path = /var/run/dovecot/auth-master #mode = 0600 # Default user/group is the one who started dovecot-auth (root) #user = 21 | P a g e

#group = #} client { # The client socket is generally safe to export to everyone. Typical use # is to export it to your SMTP server so it can do SMTP AUTH lookups # using it. path = /var/spool/postfix/private/auth-client mode = 0660 user = postfix group = postfix } } In order to let Outlook clients use SMTPAUTH, in the auth default section of /etc/dovecot/dovecot.conf add "login": mechanisms = plain login Once you have Dovecot configured restart it with: sudo /etc/init.d/dovecot restart Postfix-Dovecot Another option for configuring Postfix for SMTP-AUTH is using the dovecotpostfix package. This package will install Dovecot and configure Postfix to use it for both SASL authentication and as a Mail Delivery Agent (MDA). The package also configures Dovecot for IMAP, IMAPS, POP3, and POP3S.

Note: You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail server. For example, if you are configuring your server to be a mail gateway, spam/virus filter, etc. If this is the case it may be easier to use the above commands to configure Postfix for SMTPAUTH. To install the package, from a terminal prompt enter: sudo apt-get install dovecot-postfix You should now have a working mail server, but there are a few options that you may wish to further customize. For example, the package uses the certificate and key from the ssl-cert package, and in a production environment 22 | P a g e

you should use a certificate and key generated for the host. See the section called Certificates for more details. Once you have a customized certificate and key for the host, change the following options in /etc/postfix/main.cf: smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key Then restart Postfix: sudo /etc/init.d/postfix restart Testing SMTP-AUTH configuration is complete. Now it is time to test the setup. To see if SMTP-AUTH and TLS work properly, run the following command: telnet mail.example.com 25 After you have established the connection to the postfix mail server, type: ehlo mail.example.com If you see the following lines among others, then everything is working perfectly. Type quit to exit. 250-STARTTLS 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250 8BITMIME Troubleshooting This section introduces some common ways to determine the cause if problems arise. Escaping chroot The Ubuntu postfix package will by default install into a chroot environment for security reasons. This can add greater complexity when troubleshooting problems.

23 | P a g e

To turn off the chroot operation locate for the following line in the /etc/postfix/master.cf configuration file: smtp inet n smtpd

and modify it as follows: smtp inet n n smtpd

You will then need to restart Postfix to use the new configuration. From a terminal prompt enter: sudo /etc/init.d/postfix restart Log Files Postfix sends all log messages to /var/log/mail.log. However error and warning messages can sometimes get lost in the normal log output so they are also logged to /var/log/mail.err and /var/log/mail.warn respectively. To see messages entered into the logs in real time you can use the tail -f command: tail -f /var/log/mail.err The amount of detail that is recorded in the logs can be increased. Below are some configuration options for increasing the log level for some of the areas covered above. To increase TLS activity logging set the smtpd_tls_loglevel option to a value from 1 to 4. sudo postconf -e 'smtpd_tls_loglevel = 4' If you are having trouble sending or receiving mail from a specific domain you can add the domain to the debug_peer_list parameter. sudo postconf -e 'debug_peer_list = problem.domain' You can increase the verbosity of any Postfix daemon process by editing the /etc/postfix/master.cf and adding a -v after the entry. For example edit the smtp entry: smtp unix smtp -v 24 | P a g e

Note: It is important to note that after making one of the logging changes above the Postfix process will need to be reloaded in order to recognize the new configuration: sudo /etc/init.d/postfix reload To increase the amount of information logged when troubleshooting SASL issues you can set the following options in /etc/dovecot/dovecot.conf auth_debug=yes auth_debug_passwords=yes Note: Just like Postfix if you change a Dovecot configuration the process will need to be reloaded: sudo /etc/init.d/dovecot reload. Note: Some of the options above can drastically increase the amount of information sent to the log files. Remember to return the log level back to normal after you have corrected the problem. Then reload the appropriate daemon for the new configuration to take affect. References Administering a Postfix server can be a very complicated task. At some point you may need to turn to the Ubuntu community for more experienced help. A great place to ask for Postfix assistance, and get involved with the Ubuntu Server community, is the #ubuntu-server IRC channel on freenode. You can also post a message to one of the Web Forums. For in depth Postfix information Ubuntu developers highly recommend: The Book of Postfix. Finally, the Postfix website also has great documentation on all the different configuration options available. Also, the Ubuntu Wiki Postifx page has more information.

10. Creating a Self-Signed Certificate One of the most common forms of cryptography today is public-key cryptography. Public-key cryptography utilizes a public key and a private key. The system works by encrypting information using the public key. The information can then only be decrypted using the private key. 25 | P a g e

A common use for public-key cryptography is encrypting application traffic using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) connection. For example, configuring Apache to provide HTTPS, the HTTP protocol over SSL. This allows a way to encrypt traffic using a protocol that does not itself provide encryption. A Certificate is a method used to distribute a public key and other information about a server and the organization who is responsible for it. Certificates can be digitally signed by a Certification Authority or CA. A CA is a trusted third party that has confirmed that the information contained in the certificate is accurate. The process of getting a certificate from a CA is fairly easy. A quick overview is as follows: 1. Create a private and public encryption key pair. 2. Create a certificate request based on the public key. The certificate request contains information about your server and the company hosting it. 3. Send the certificate request, along with documents proving your identity, to a CA. We cannot tell you which certificate authority to choose. Your decision may be based on your past experiences, or on the experiences of your friends or colleagues, or purely on monetary factors. Once you have decided upon a CA, you need to follow the instructions they provide on how to obtain a certificate from them. 4. When the CA is satisfied that you are indeed who you claim to be, they send you a digital certificate. 5. Install this certificate on your secure server, and configure the appropriate applications to use the certificate. 10.1 Generating a Certificate Signing Request (CSR) Whether you are getting a certificate from a CA or generating your own selfsigned certificate, the first step is to generate a key. If the certificate will be used by service daemons, such as Apache, Postfix, Dovecot, etc, a key without a passphrase is often appropriate. Not having a passphrase allows the services to start without manual intervention, usually the preferred way to start a daemon. This section will cover generating a key with a passphrase, and one without. The non-passphrase key will then be used to generate a certificate that can be used with various service daemons. Running your secure service without a passphrase is convenient because you will not need to enter the passphrase every time you start your secure service. But it is insecure and a compromise of the key means a compromise of the server as well.

26 | P a g e

To generate the keys for the Certificate Signing Request (CSR) run the following command from a terminal prompt: openssl genrsa -des3 -out server.key 1024 Generating RSA private key, 1024 bit long modulus .....................++++++ .................++++++ unable to write 'random state' e is 65537 (0x10001) Enter pass phrase for server.key: You can now enter your passphrase. For best security, it should at least contain eight characters. The minimum length when specifying -des3 is four characters. It should include numbers and/or punctuation and not be a word in a dictionary. Also remember that your passphrase is case-sensitive. Re-type the passphrase to verify. Once you have re-typed it correctly, the server key is generated and stored in the server.key file. Now create the insecure key, the one without a passphrase, and shuffle the key names: openssl rsa -in server.key -out server.key.insecure mv server.key server.key.secure mv server.key.insecure server.key The insecure key is now named server.key, and you can use this file to generate the CSR without passphrase. To create the CSR, run the following command at a terminal prompt: openssl req -new -key server.key -out server.csr It will prompt you enter the passphrase. If you enter the correct passphrase, it will prompt you to enter Company Name, Site Name, Email Id, etc. Once you enter all these details, your CSR will be created and it will be stored in the server.csr file. You can now submit this CSR file to a CA for processing. The CA will use this CSR file and issue the certificate. On the other hand, you can create self-signed certificate using this CSR. Creating a Self-Signed Certificate To create the self-signed certificate, run the following command at a terminal prompt: openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt The above command will prompt you to enter the passphrase. Once you enter the correct passphrase, your certificate will be created and it will be stored in the server.crt file. 27 | P a g e

If your secure server is to be used in a production environment, you probably need a CA-signed certificate. It is not recommended to use self-signed certificate. 10.2. Installing the Certificate You can install the key file server.key and certificate file server.crt, or the certificate file issued by your CA, by running following commands at a terminal prompt: sudo cp server.crt /etc/ssl/certs sudo cp server.key /etc/ssl/private Now simply configure any applications, with the ability to use public-key cryptography, to use the certificate and key files. For example, Apache can provide HTTPS, Dovecot can provide IMAPS and POP3S, etc. 10.3. Certification Authority If the services on your network require more than a few self-signed certificates it may be worth the additional effort to setup your own internal Certification Authority (CA). Using certificates signed by your own CA, allows the various services using the certificates to easily trust other services using certificates issued from the same CA. 1. First, create the directories to hold the CA certificate and related files: 2. sudo mkdir /etc/ssl/CA 3. sudo mkdir /etc/ssl/newcerts 4. The CA needs a few additional files to operate, one to keep track of the last serial number used by the CA, each certificate must have a unique serial number, and another file to record which certificates have been issued: 5. sudo sh -c "echo '01' > /etc/ssl/CA/serial" 6. sudo touch /etc/ssl/CA/index.txt 7. The third file is a CA configuration file. Though not strictly necessary, it is very convenient when issuing multiple certificates. Edit /etc/ssl/openssl.cnf, and in the [ CA_default ] change: 8. dir = /etc/ssl/ # Where everything is kept 9. database = $dir/CA/index.txt # database index file. 10. certificate = $dir/certs/cacert.pem # The CA certificate 11. serial = $dir/CA/serial # The current serial number 12. private_key = $dir/private/cakey.pem# The private key 13. Next, create the self-singed root certificate: 14.openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 You will then be asked to enter the details about the certificate. 15. Now install the root certificate and key: 28 | P a g e

16.sudo mv cakey.pem /etc/ssl/private/ 17.sudo mv cacert.pem /etc/ssl/certs/ 18. You are now ready to start signing certificates. The first item needed is a Certificate Signing Request (CSR), see the section called Generating a Certificate Signing Request (CSR) for details. Once you have a CSR, enter the following to generate a certificate signed by the CA: 19.sudo openssl ca -in server.csr -config /etc/ssl/openssl.cnf After entering the password for the CA key, you will be prompted to sign the certificate, and again to commit the new certificate. You should then see a somewhat large amount of output related to the certificate creation. 20. There should now be a new file, /etc/ssl/newcerts/01.pem, containing the same output. Copy and paste everything beginning with the line: -----BEGIN CERTIFICATE----- and continuing through the line: ----END CERTIFICATE----- lines to a file named after the hostname of the server where the certificate will be installed. For example mail.example.com.crt, is a nice descriptive name. Subsequent certificates will be named 02.pem, 03.pem, etc. Replace mail.example.com.crt descriptive name. with your own

21. Finally, copy the new certificate to the host that needs it, and configure the appropriate applications to use it. The default location to install certificates is /etc/ssl/certs. This enables multiple services to use the same certificate without overly complicated file permissions. For applications that can be configured to use a CA certificate, you should also copy the /etc/ssl/certs/cacert.pem file to the /etc/ssl/certs/ directory on each server. 11. Configuration of smsd.conf This smsd.conf file specifies the device or the GSM/GPRS modem utilize in the development of the project. For structure of the smsd.conf file, the global environment variables are set first followed by the modem settings.

29 | P a g e

The actual configuration of smsd.conf file in the project. devices = GSM1,GSM2 outgoing = /var/spool/sms/outgoing checked = /var/spool/sms/checked incoming = /var/spool/sms/incoming failed = /var/spool/sms/failed sent = /var/spool/sms/sent stats = /var/spool/sms/stats stats_interval = 0 status_interval = 1 logtime_ms = yes logfile = /var/log/smsd.log #infofile = /var/run/smsd.working pidfile = /var/run/smsd.pid loglevel = 5 receive_before_send = yes eventhandler = /usr/local/bin/mysmsd autosplit = 3 max_continuous_sending = 7200 trust_outgoing = yes report = /var/spool/sms/report #store_original_filename = yes [queues] GSM1 = /var/spool/sms/GSM1 GSM2 = /var/spool/sms/GSM2 30 | P a g e

[provider] # Commented lines are examples for philippines GSM1 = 63907,63908,63909,63910,63912,63918,63919,63920,63921,63928,63929,63930 ,63938,63939,63948,63949,63989 GSM2 = 63905,63906,63915,63916,63917,63925,63926,63927,63935,63936,63937,63996 ,63997,63922,63923,63932,63933,63942,63943

[GSM1] # SMART MODEM #queues = GSM1 device = /dev/ttyUSB2 init = AT+CPMS="SM","SM","SM" check_network = 0 trust_spool = no report = yes incoming = yes outgoing = yes #pin = ignore status_signal_quality = no baudrate = 115200 smsc = 639180000101 queues = GSM1 #datetime = %d%m%Y %H:%M:%S [GSM2] # wavecom fasttrack supreme 20 #queues = GSM2 device = /dev/ttyUSB0 init = AT+CPMS="ME","ME","ME" check_network = 0 trust_spool = no report = yes incoming = yes outgoing = yes #pin = ignore status_signal_quality = no baudrate = 115200 smsc = 639170000130 queues = GSM2 31 | P a g e

12. Configuration of mysmsd file In the project, the mysmsd file handles the event processed by smstools3 such as incoming, outgoing, failed, checked and sent sms. The file is located in the /usr/local/bin and can be edited using any linux text editor application. Below is the actual setting of mysmsd file for reference. #!/bin/sh # This script logs all events into an SQL database # You need a MYSQL database as described in the documentation. # Please read the documentation before using this script. SQL_HOST="192.168.1.113" SQL_USER=root SQL_PASSWORD="gasparhowell" SQL_DATABASE=playsms SQL_TABLE=playsms_tblSMSOutgoing SQL_TABLE2=playsms_tblUserInbox SQL_TABLE3=cltsms SQL_TABLE4=playsms_subscribe SQL_TABLE5=playsms_message SQL_TABLE6=playsms_rrmchead SQL_TABLE8=playsms_al SQL_TABLE9=playsms_device SQL_TABLE10=playsms_tblStatistics SQL_TABLE11=sms_log SQL_DATABASE2=ictbdmfs SQL_TABLE12=ict_pbook_cp_numbers

DATE=`date +"%Y-%m-%d %H:%M:%S"` #Extract data from the SMS file FROM=`formail -zx From: < $2 | sed 's/"//g'` TO=`formail -zx To: < $2` #Remove plus sign, spaces, minus and short number prefix TO=`echo "$TO" | sed 's/ //g' | sed 's/+//g' | sed 's/s//g' | sed 's/-//g'` SUBJECT=`formail -zx Subject: < $2` SENT=`formail -zx Sent: < $2` MSGID=`formail -zx Message_id: <$2` #Text is not used but could be used TEXT=`formail -I "" <$2` 32 | P a g e

#Set some SQL parameters if [ "$SQL_PASSWORD" != "" ]; then SQL_ARGS="-p$SQL_PASSWORD"; else SQL_ARGS=""; fi SQL_ARGS="-h $SQL_HOST -u $SQL_USER $SQL_ARGS -D $SQL_DATABASE -s -e" #Set some SQL parameters if [ "$SQL_PASSWORD" != "" ]; then SQL_ARGS2="-p$SQL_PASSWORD"; else SQL_ARGS2=""; fi SQL_ARGS2="-h $SQL_HOST -u $SQL_USER $SQL_ARGS2 -D $SQL_DATABASE2 -s -e" #Insert a new entry into the SQL table if [ "$1" = "FAILED" ] || [ "$1" = "SENT" ]; then mysql $SQL_ARGS "insert into $SQL_TABLE11 (type,sent,sender,receiver,msgid) values (\"$1\",\"$DATE\",\"$FROM\",\"$TO\",\"$3\");"; elif [ "$1" = "RECEIVED" ]; then #Extract data from SMS that received FROM=`formail -zx From: < $2` ISTEXTS=`formail -I "" <$2` #GASTEXT=`echo $ISTEXT|cut -f2 -d#` #first=`echo $ISTEXTS | sed 's/\([^]*\).*/\1'` #second=`echo $ISTEXTS | sed 's/[^]*\(.*\)/\1'` #Check message if contain tag 'reg' ISTEXTS=`echo $TEXT|sed -e's/[\t]//g'` if echo $ISTEXTS|grep -q "\bREGS" #keyword for registration then A=`mysql $SQL_ARGS "select s_phonenumber,s_log from $SQL_TABLE4 where s_phonenumber=\"$FROM\" and s_log=\"0\""` 33 | P a g e

if [ "$A" ]; then #if subscriber is already registered #Create SMS confirmation to client FILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX` echo "To: $FROM">$FILENAME echo "" >> $FILENAME echo "You are already registered to the server and no need for double registration." >>$FILENAME else #new subscriber GASTEXT=`echo $ISTEXTS|cut -d " " -f 1` GASTEXT2=`echo $ISTEXTS|cut -d " " -f 2` A=`mysql $SQL_ARGS "insert (datetime,s_name,s_phonenumber,s_log) values(\"$DATE\",\"$GASTEXT2\",\"$FROM\",\"0\");"` echo "$A" into $SQL_TABLE4

#Create SMS confirmation to client if format is valid #Include ID (generated by server) and client name FILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX` #FILENAME= `mktemp /tmp/REGBXXXXXX` echo "To: $FROM" >$FILENAME echo "" >> $FILENAME echo "$GASTEXT2, you are now a registered volunteer. To report a flood situation type FLOOD#<message>. To ask for weather update type WEATHER#<location> then send to 09498919023" >>$FILENAME echo "To unregister type UREG then send to 09498919023" >>$FILENAME fi elif echo $ISTEXTS|grep -q "\bUREG\b" then A=`mysql $SQL_ARGS "UPDATE $SQL_TABLE4 set s_log=\"1\", u_datetime=\"$DATE\" where s_phonenumber=\"$FROM\" and s_log=\"0\""` echo "$A" #Create SMS confirmation for unregistration from the database #Include ID (generated by server) and client name FILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX` #FILENAME= `mktemp /tmp/REGBXXXXXX` echo "To: $FROM" >$FILENAME echo "" >> $FILENAME 34 | P a g e

echo >>$FILENAME

"You

are

now

successfully

unregister

to

the

system."

elif echo $ISTEXTS|grep -qi "\bHELP" #need of help then A=`mysql $SQL_ARGS "SELECT s_phonenumber,s_log $SQL_TABLE4 where s_phonenumber=\"$FROM\" and s_log=\"0\""` #echo "$A" B=`mysql $SQL_ARGS2 "SELECT cp_number1, cp_number2 $SQL_TABLE12 where cp_number1=\"$FROM\" or cp_number2=\"$FROM\""` from

from

if [ "$A" ] || [ "$B" ]; then #then GASTEXT=`echo $ISTEXTS|cut -d " " -f 1` GASTEXT2=`echo $ISTEXTS|cut -d " " -f 2` GASTEXT3=`echo $ISTEXTS|cut -d " " -f 2-` A=`mysql $SQL_ARGS "insert into $SQL_TABLE5 (msg_date, msg_keyword, msg_message) values(\"$DATE\",\"$GASTEXT\",\"$GASTEXT3\");"` #echo "$A" #Create SMS confirmation to client if format is valid #Include ID (generated by server) and client name FILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX` #FILENAME= `mktemp /tmp/REGBXXXXXX` echo "To: $FROM" >$FILENAME echo "" >> $FILENAME echo "Help or assistance will be brought to you immediately as soon as posible. We will call you for some information. Hold on." >>$FILENAME mysql $SQL_ARGS "insert into $SQL_TABLE2 (c_timestamp, in_sender, in_msg, in_datetime, in_hidden, is_read) values (\"$DATE\", \"$FROM\",\"$ISTEXTS\",\"$DATE\",\"0\",\"0\");"; else #Create SMS confirmation to client if cellphone number is registered or not FILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX` echo "To: $FROM" >$FILENAME echo "" >> $FILENAME 35 | P a g e

echo "You are not yet register. To register type REGS#<name> and send to 09155703137." >>$FILENAME fi elif echo $ISTEXTS|grep -qi "\bFLOOD" #reporting a flooded or any incidents happened around the AOR then A=`mysql $SQL_ARGS "SELECT s_phonenumber,s_log $SQL_TABLE4 where s_phonenumber=\"$FROM\" and s_log=\"0\""` #echo "$A" B=`mysql $SQL_ARGS2 "SELECT cp_number1, cp_number2 $SQL_TABLE12 where cp_number1=\"$FROM\" or cp_number2=\"$FROM\""` #A=`mysql $SQL_ARGS "SELECT s_phonenumber,s_log $SQL_TABLE4 where s_phonenumber=\"$FROM\" and s_log=\"0\""` #echo "$A" if [ "$A" ] || [ "$B" ] ; then #then GASTEXT=`echo $ISTEXTS|cut -d " " -f 1` GASTEXT2=`echo $ISTEXTS|cut -d " " -f 2` GASTEXT3=`echo $ISTEXTS|cut -d " " -f 2-` A=`mysql $SQL_ARGS "insert into $SQL_TABLE5 (msg_date, msg_keyword, msg_message) values(\"$DATE\",\"$GASTEXT\",\"$GASTEXT3\");"` #echo "$A" #Create SMS confirmation to client if format is valid #Include ID (generated by server) and client name FILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX` #FILENAME= `mktemp /tmp/REGBXXXXXX` echo "To: $FROM" >$FILENAME echo "" >> $FILENAME echo "Thanks for supporting us an information. God bless." >>$FILENAME else #Create SMS confirmation to client if cellphone number is registered or not FILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX` echo "To: $FROM" >$FILENAME 36 | P a g e from

from

from

echo "" >> $FILENAME echo "You are not yet register. To register type REGS#<name> and send to 09498919023." >>$FILENAME fi elif echo $ISTEXTS|grep -q "\bFEED" #reporting a flooded or any incidents happened around the AOR then A=`mysql $SQL_ARGS "insert into $SQL_TABLE2 (c_timestamp, in_sender, in_msg, in_datetime, in_hidden, is_read) values (\"$DATE\", \"$FROM\",\"$ISTEXTS\",\"$DATE\",\"0\",\"0\");";` #Create SMS confirmation to client if format is valid #Include ID (generated by server) and client name FILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX` #FILENAME= `mktemp /tmp/REGBXXXXXX` echo "To: $FROM" >$FILENAME echo "" >> $FILENAME echo "Thanks for supporting us an information. God bless." >>$FILENAME elif echo $ISTEXTS|grep -qi "ICT" #format in reporting amount of rain and water level then A=`mysql $SQL_ARGS "SELECT s_phonenumber,s_log $SQL_TABLE4 where s_phonenumber=\"$FROM\" and s_log=\"0\""` #echo "$A" B=`mysql $SQL_ARGS2 "SELECT cp_number1, cp_number2 $SQL_TABLE12 where cp_number1=\"$FROM\" or cp_number2=\"$FROM\""` #A=`mysql $SQL_ARGS "SELECT s_phonenumber,s_log $SQL_TABLE4 where s_phonenumber=\"$FROM\" and s_log=\"0\""` #echo "$A" from

from

from

if [ "$A" ] || [ "$B" ]; then #then GASTEXT=`echo $ISTEXTS|cut -d " " -f 1` GASTEXT2=`echo $ISTEXTS|cut -d " " -f 2` GASTEXT3=`echo $ISTEXTS|cut -d " " -f 3` 37 | P a g e

GASTEXT4=`echo $ISTEXTS|cut -d " " -f 4` GASTEXT5=`echo $ISTEXTS|cut -d " " -f 5` GASTEXT6=`echo $ISTEXTS|cut -d " " -f 6` DATE2=`echo $DATE|cut -d " " -f 2` DATE1=`echo $DATE|cut -d " " -f 1` #Insert into table cltsms A=`mysql $SQL_ARGS "insert into $SQL_TABLE3 (r_date,r_time,r_from,r_file,r_file2,r_rg,r_rgunit,r_wl,r_wlunit) values(\"$DATE1\",\"$DATE2\",\"$FROM\",\"$GASTEXT\",\"$GASTEXT2\",\"$GASTEX T3\",\"$GASTEXT4\",\"$GASTEXT5\",\"$GASTEXT6\");"` B=`mysql $SQL_ARGS "insert into $SQL_TABLE2 (c_timestamp, in_sender, in_msg, in_datetime, in_hidden, is_read) values (\"$DATE\", \"$FROM\",\"$ISTEXTS\",\"$DATE\",\"0\",\"0\");"` echo "$A" if [ $GASTEXT3 -le "30" ]; then #Create SMS confirmation to client if format is valid #Include ID (generated by server) and client name FILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX` #FILENAME= `mktemp /tmp/REGBXXXXXX` echo "To: $FROM" >$FILENAME echo "" >> $FILENAME echo "Data collected $DATE1 at $DATE2 is $GASTEXT3. Light rainfall is experienced. " >>$FILENAME elif [ $GASTEXT3 -le "80" ]; then #Create SMS confirmation to client if format is valid #Include ID (generated by server) and client name FILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX` #FILENAME= `mktemp /tmp/REGBXXXXXX` echo "To: $FROM" >$FILENAME echo "" >> $FILENAME echo "Data collected $DATE1 at $DATE2 is $GASTEXT3. Moderate rainfall is experienced. " >>$FILENAME elif [ $GASTEXT3 -gt "80" ]; then #Create SMS confirmation to client if format is valid #Include ID (generated by server) and client name FILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX` #FILENAME= `mktemp /tmp/REGBXXXXXX` echo "To: $FROM" >$FILENAME echo "" >> $FILENAME 38 | P a g e

echo "Data collected $DATE1 at $DATE2 is $GASTEXT3. Heavy rainfall is experienced. " >>$FILENAME B=`mysql $SQL_ARGS "SELECT phonenumber from $SQL_TABLE6 where acode=\"$GASTEXT2\""` #Create SMS confirmation to client if format is valid #Include ID (generated by server) and client name FILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX` #FILENAME= `mktemp /tmp/REGBXXXXXX` echo "To: $B" >$FILENAME echo "" >> $FILENAME echo "WARNING ALERT: Heavy rainfall is experience by community $GASTEXT2 " >>$FILENAME C="+639053008283" #Create SMS confirmation to client if format is valid #Include ID (generated by server) and client name FILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX` #FILENAME= `mktemp /tmp/REGBXXXXXX` echo "To: $C" >$FILENAME echo "" >> $FILENAME echo "#PWD427727#OUT6=ON" >>$FILENAME else #Create SMS confirmation to client if format is valid #Include ID (generated by server) and client name FILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX` #FILENAME= `mktemp /tmp/REGBXXXXXX` echo "To: $FROM" >$FILENAME echo "" >> $FILENAME echo "Invalid input. key in ICT<space>station<space>rr<space>unit<space>wl<space>unit send to 09498919023" >>$FILENAME fi else #Create SMS confirmation to client if cellphone number is registered or not FILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX` echo "To: $FROM" >$FILENAME echo "" >> $FILENAME echo "You are not yet register. To register type REGS#<name> and send to 09498919023." >>$FILENAME fi 39 | P a g e

elif echo $ISTEXTS|grep -qi "OUT6 ON OK" #received from the warning device then A=`mysql $SQL_ARGS "SELECT dev_simnr from $SQL_TABLE9 where dev_simnr=\"$FROM\""` if [ "$A" ]; then GASTEXT=`echo $ISTEXTS|cut -d " " -f 1` GASTEXT2=`echo $ISTEXTS|cut -d " " -f 2` GASTEXT3=`echo $ISTEXTS|cut -d " " -f 2-` A=`mysql $SQL_ARGS "insert into $SQL_TABLE8 (r_from,datetime_on, d_msg1) values(\"$FROM\",\"$DATE\",\"$GASTEXT2\");"` #echo "$A" else #Create SMS confirmation to client if cellphone number is registered or not FILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX` echo "To: $FROM" >$FILENAME echo "" >> $FILENAME echo "you are not a registered device!" >>$FILENAME fi elif echo $ISTEXTS|grep -qi "OUT6 OFF OK" #received from the warning device then A=`mysql $SQL_ARGS "SELECT dev_simnr from $SQL_TABLE9 where dev_simnr=\"$FROM\""` if [ "$A" ]; then GASTEXT=`echo $ISTEXTS|cut -d " " -f 1` GASTEXT2=`echo $ISTEXTS|cut -d " " -f 2` GASTEXT3=`echo $ISTEXTS|cut -d " " -f 2-` mysql $SQL_ARGS "UPDATE $SQL_TABLE8 SET datetime_off=\"$DATE\", d_msg1=\"$GASTEXT2\" where r_from=\"$FROM\" and d_msg1=\"ON\"" else 40 | P a g e

#Create SMS confirmation to client if cellphone number is registered or not FILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX` echo "To: $FROM" >$FILENAME echo "" >> $FILENAME echo "you are not a registered device!" >>$FILENAME fi elif echo $ISTEXTS|grep -qi "OFF" #received from the warning device then C="+639053008283" #Create SMS confirmation to client if format is valid #Include ID (generated by server) and client name FILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX` #FILENAME= `mktemp /tmp/REGBXXXXXX` echo "To: $C" >$FILENAME echo "" >> $FILENAME echo "#PWD427727#OUT6=OFF" >>$FILENAME else #Create SMS confirmation to client if format is wrong FILENAME=`mktemp /var/spool/sms/outgoing/out.X.X.XXXX` #FILENAME=`mktemp /tmp/REGSXXXXXX` echo "To: $FROM" >$FILENAME echo "" >> $FILENAME echo "You input a wrong keyword. To register key in REGS<space>name then send to 09498919023" >>$FILENAME fi #mysql $SQL_ARGS "insert into $SQL_TABLE2 (c_timestamp, in_sender, in_msg, in_datetime, in_hidden, is_read) values (\"$DATE\", \"$FROM\",\"$ISTEXTS\",\"$DATE\",\"0\",\"0\");"; Fi 13. Setting up cron jobs on crontab In the project, all the weather data that are displayed in the website are downloaded from the ftp site assigned by Advance Science and Technology Institute (ASTI). We will now setup a cron job that will download data every minute for the current date. Type crontab e in the CLI. The crontab file will now open and will look like this:

41 | P a g e

Explanation: ***** = the cron job is scheduled to execute every minute wget = command used to get the files in the ftp. http://202.90.128.12/AWSFTP/4A/BRGY\.\ MAGSAYSAY\,\ INFANTA\,\ QUEZON_AWS/ = location of the folder containing the weather data file in the ftp site. 4A_`date +\%Y\%m\%d`.csv = filename of the weather data file in comma separated value (csv) format. /home/ict/infanta/infanta_`date +\%Y\%m\%d`.csv = destination location of the csv file and its filename. Save and exit the editor. 14. Creating script to run on crontab We notice in the crontab that there is another command executing a perl script. This perl script is assigned to insert the newly added data in the downloaded csv file. The perl file will look like this:

42 | P a g e

#!/usr/bin/perl

//declaring that it is a perl file

use POSIX; //inherit posix for the date & time function my $today = POSIX::strftime('%Y%m%d', localtime); //assigning variable as the date use DBI; //inherit DBI as database interface

$today

$dbh = DBI->connect("dbi:mysql:ictbdmfs:192.168.1.113", "root", "gasparhowell",{ RaiseError => 1}) or die "Could not connect to database! $DBI::errstr"; //assigning $dbh variable as database connection string $dbh->do("load data local infile '/home/ict/bats/batangas_$today.csv' replace into table ict_batangas_arg fields terminated by ',' lines terminated by '\n' ignore 2 lines;"); //connect to the database and load the new data from csv file in the table using load data local infile command. Save and exit the editor. 15. Creating a Folder for the csv file We must create a folder where the csv file must be stored and should be match with the filename. For example, a csv file named cavite_<date>.csv. A folder named cavite should exist for our cron job to execute properly. The command in creating a directory is: 43 | P a g e

#mkdir <directory_name> then press enter.

44 | P a g e

16. Restarting smstools3 If there is a problem encountered in transmitting and receiving SMS, you may restart the smstools3 service by typing: #/etc/init.d/sms3 restart 17. Restarting the ICT Server If there are some scripts added in the file and the script did not execute correctly, restart the server to make it effect. In restarting the server, just type in the CLI: #shutdown r now

45 | P a g e