Lately we’ve heard over and over about alternative instant messaging applications similar to the more famous WhatsApp.
We’ve talked before about the possibility of implementing notifications from our monitoring system through Telegram.
In this article we’ll talk about an alternative application to these two: Signal is a cross-platform, centralized encrypted messaging service. It uses the internet to send one-to-one and group messages, which can include files, voice notes, images and videos.
Signal uses standard cellular telephone numbers as identifiers and secures all communications to other Signal users with end-to-end encryption. The apps include mechanisms by which users can independently verify the identity of their contacts and the integrity of the data channel. Signal’s software is free and open-source. Client code is published under the GPLv3 license, while the server code is published under the AGPLv3 license.
The steps for implementing Signal as a notification system within NetEye are the following:
export VERSION=0.7.4
wget https://github.com/AsamK/signal-cli/releases/download/v"${VERSION}"/signal-cli-"${VERSION}".tar.gz
sudo tar xf signal-cli-"${VERSION}".tar.gz -C /opt
sudo ln -sf /opt/signal-cli-"${VERSION}"/bin/signal-cli /usr/local/bin/
# Install OpenJDK 11
yum install java-11-openjdk-devel
# Install OpenJRE 11
yum install java-11-openjdk
# Install Oracle Java 11 from https://www.oracle.com/technetwork/java/javase/downloads/index.html
yum localinstall jdk-11.0.10_linux-x64_bin.rpm
cd /opt/signal-cli-0.7.4
# CAPTCHA CHECK
Open this link with your browser https://signalcaptchas.org/registration/generate.html
Then inspect the page with devTools and copy the string after signalcaptcha://
signal-cli -u +393331234567 register --captcha 03AGdBq25icLXBwqBIOo4qvk1rVZVMy8n1nOrqIZWl5k0xf7Onpuo2KVMiaWIcgOTFewVUupS_r3SKTMhOwcnGiU6LCTk7EOgCpyiPBy_n-jvs3XfJaFzqQynEUAaWVfZBayqGOGOOUA7vK4LUje2qNHZ4EChX75BL1H1z03eOzF4TaEhgbUwBwTMvl6JFjOjhzcMC8X1vGcbb69EGsS50weyptRfxFbHuOz0SEyvVe1zrteka2dyMutCol7rf05tCs2Xc6enTKSbHAl-sBTJy-X57TQM3ZJJtXtwFGwqpDWVlI3DxKxWbVaYoNbFp-DVfsGSYOv3e3nek2QXYhbE30siMBmf1fyyngse_6mDyQD232BZ07uErlQGBlvMek5mvv5rh0DVUNnsi4yhOrz7zEEukpjsvk1H8QUU0MfxFMEZdqYr3kcWnjMr0EnpkFEtKF89b0weEFaui
# Verify the number with the OTP code received by SMS
signal-cli -u +39331234567 verify 208915
# Check the device list
signal-cli listDevice
# Try to send a message
signal-cli send +393478888888 -m Ciao
Failed to send message: 1612261380329
Failed to send message:
Untrusted Identity for "+393478888888"
# We must to trust the recipient telephone number
signal-cli -u +393338888888 listIdentities
+393478888888: TRUSTED_UNVERIFIED Added: Tue Feb 02 11:18:32 CET 2021 Fingerprint: 05 2a 9c 6d b3 98 0d 75 3e 55 4e 1b 83 cb 7c 75 d4 9e 6a db 6e 8a f0 01 ef c5 13 1d fc 5e b2 80 4d Safety Number: 10214 08062 62441 28679 33918 33993 33503 80535 14414 91078 35359 39610
signal-cli trust +393478888888 -v "10214 08062 62441 28679 33918 33993 33503 80535 14414 91078 35359 39610"
signal-cli send +393478888888 -m Ciao
# Alternative
echo "Ciao" | sudo -u icinga signal-cli -u +393331234567 send +393478888888
Now we need to modify the original bash script. In our example we will consider only the host notification script (LINK)
diff mail-host-notification.sh signal-host-notification.sh
7c7
< MAILBIN="mail"
---
> SIGNALBIN="signal-cli"
9,10c9,10
< if [ -z "`which $MAILBIN`" ] ; then
< echo "$MAILBIN not found in \$PATH. Consider installing it."
---
> if [ -z "`which $SIGNALBIN`" ] ; then
> echo "$SIGNALBIN not found in \$PATH. Consider installing it."
152,155d151
< ## Send the mail using the $MAILBIN command.
< ## If an explicit sender was specified, try to set it.
< if [ -n "$MAILFROM" ] ; then
<
158,168d153
< ## Debian/Ubuntu use mailutils which requires `-a` to append the header
< if [ -f /etc/debian_version ]; then
< /usr/bin/printf "%b" "$NOTIFICATION_MESSAGE" | tr -d '\015' \
< | $MAILBIN -a "From: $MAILFROM" -s "$SUBJECT" $USEREMAIL
< ## Other distributions (RHEL/SUSE/etc.) prefer mailx which sets a sender address with `-r`
< else
< /usr/bin/printf "%b" "$NOTIFICATION_MESSAGE" | tr -d '\015' \
< | $MAILBIN -r "$MAILFROM" -s "$SUBJECT" $USEREMAIL
< fi
<
< else
170,171c155
< | $MAILBIN -s "$SUBJECT" $USEREMAIL
< fi
---
> | $SIGNALBIN send $USEREMAIL -m "$SUBJECT"
Now we can associate this script with a notification command and test it!
Enjoy your new end-to-end encryption alert notification!