08. 02. 2021 Stefano Bruno NetEye, Unified Monitoring

Signal Message Notification within NetEye

Lately we’ve heard over and over about alternative instant messaging applications similar to the more famous WhatsApp.

We’ve talked before about the possibility of implementing notifications from our monitoring system through Telegram.

In this article we’ll talk about an alternative application to these two: Signal is a cross-platform, centralized encrypted messaging service. It uses the internet to send one-to-one and group messages, which can include files, voice notes, images and videos.

Signal uses standard cellular telephone numbers as identifiers and secures all communications to other Signal users with end-to-end encryption. The apps include mechanisms by which users can independently verify the identity of their contacts and the integrity of the data channel. Signal’s software is free and open-source. Client code is published under the GPLv3 license, while the server code is published under the AGPLv3 license.

The steps for implementing Signal as a notification system within NetEye are the following:

  • Installation of packages and dependencies
  • Registration of the sender’s phone number
  • Trust the recipient’s number
  • Test from the command line
  • Create the notification script
  • Final testing from the NetEye GUI with a real event alarm

Install the Package from the AsamK GitHub Repository

export VERSION=0.7.4
wget https://github.com/AsamK/signal-cli/releases/download/v"${VERSION}"/signal-cli-"${VERSION}".tar.gz
sudo tar xf signal-cli-"${VERSION}".tar.gz -C /opt
sudo ln -sf /opt/signal-cli-"${VERSION}"/bin/signal-cli /usr/local/bin/

Install the Java 11 Environment

# Install OpenJDK 11
yum install java-11-openjdk-devel
 
# Install OpenJRE 11
yum install java-11-openjdk
 
# Install Oracle Java 11 from https://www.oracle.com/technetwork/java/javase/downloads/index.html
yum localinstall jdk-11.0.10_linux-x64_bin.rpm

cd /opt/signal-cli-0.7.4

# CAPTCHA CHECK
Open this link with your browser https://signalcaptchas.org/registration/generate.html
Then inspect the page with devTools and copy the string after signalcaptcha://

Registering the Phone Number

signal-cli -u +393331234567 register --captcha 03AGdBq25icLXBwqBIOo4qvk1rVZVMy8n1nOrqIZWl5k0xf7Onpuo2KVMiaWIcgOTFewVUupS_r3SKTMhOwcnGiU6LCTk7EOgCpyiPBy_n-jvs3XfJaFzqQynEUAaWVfZBayqGOGOOUA7vK4LUje2qNHZ4EChX75BL1H1z03eOzF4TaEhgbUwBwTMvl6JFjOjhzcMC8X1vGcbb69EGsS50weyptRfxFbHuOz0SEyvVe1zrteka2dyMutCol7rf05tCs2Xc6enTKSbHAl-sBTJy-X57TQM3ZJJtXtwFGwqpDWVlI3DxKxWbVaYoNbFp-DVfsGSYOv3e3nek2QXYhbE30siMBmf1fyyngse_6mDyQD232BZ07uErlQGBlvMek5mvv5rh0DVUNnsi4yhOrz7zEEukpjsvk1H8QUU0MfxFMEZdqYr3kcWnjMr0EnpkFEtKF89b0weEFaui

# Verify the number with the OTP code received by SMS
signal-cli -u +39331234567 verify 208915
 
# Check the device list
signal-cli listDevice

Trust the Recipient’s Number

# Try to send a message
signal-cli send +393478888888 -m Ciao
Failed to send message: 1612261380329
Failed to send message:
Untrusted Identity for "+393478888888"
 
# We must to trust the recipient telephone number
signal-cli -u +393338888888 listIdentities
+393478888888: TRUSTED_UNVERIFIED Added: Tue Feb 02 11:18:32 CET 2021 Fingerprint: 05 2a 9c 6d b3 98 0d 75 3e 55 4e 1b 83 cb 7c 75 d4 9e 6a db 6e 8a f0 01 ef c5 13 1d fc 5e b2 80 4d  Safety Number: 10214 08062 62441 28679 33918 33993 33503 80535 14414 91078 35359 39610
 
signal-cli trust +393478888888 -v "10214 08062 62441 28679 33918 33993 33503 80535 14414 91078 35359 39610"

signal-cli send +393478888888 -m Ciao

# Alternative
echo "Ciao" | sudo -u icinga signal-cli -u +393331234567 send +393478888888

Create the Notification Command Script

Now we need to modify the original bash script. In our example we will consider only the host notification script (LINK)

diff mail-host-notification.sh signal-host-notification.sh
7c7
< MAILBIN="mail"
---
> SIGNALBIN="signal-cli"
9,10c9,10
< if [ -z "`which $MAILBIN`" ] ; then
<   echo "$MAILBIN not found in \$PATH. Consider installing it."
---
> if [ -z "`which $SIGNALBIN`" ] ; then
>   echo "$SIGNALBIN not found in \$PATH. Consider installing it."
152,155d151
< ## Send the mail using the $MAILBIN command.
< ## If an explicit sender was specified, try to set it.
< if [ -n "$MAILFROM" ] ; then
<
158,168d153
<   ## Debian/Ubuntu use mailutils which requires `-a` to append the header
<   if [ -f /etc/debian_version ]; then
<     /usr/bin/printf "%b" "$NOTIFICATION_MESSAGE" | tr -d '\015' \
<     | $MAILBIN -a "From: $MAILFROM" -s "$SUBJECT" $USEREMAIL
<   ## Other distributions (RHEL/SUSE/etc.) prefer mailx which sets a sender address with `-r`
<   else
<     /usr/bin/printf "%b" "$NOTIFICATION_MESSAGE" | tr -d '\015' \
<     | $MAILBIN -r "$MAILFROM" -s "$SUBJECT" $USEREMAIL
<   fi
<
< else
170,171c155
<   | $MAILBIN -s "$SUBJECT" $USEREMAIL
< fi
---
>   | $SIGNALBIN send $USEREMAIL -m "$SUBJECT"

Now we can associate this script with a notification command and test it!

Enjoy your new end-to-end encryption alert notification!

Stefano Bruno

Stefano Bruno

Consultant at Würth Phoenix
Dear all, I'm Stefano and I was born in Milano. Since I was a little boy I've always been fascinated by the IT world. My first approach was with a 286 laptop with a 16 color graphic adapter (the early '90s). Before joining Würth Phoenix as SI consultant, I worked first as IT Consultant, and then for several years as Infrastructure Project Manager, with a strong knowledge in the global IT scenarios: Datacenter consolidation/migration, VMware, monitoring systems, disaster recovery, backup system. My various ITIL and TOGAF certification allowed me to be able to cooperate in the writing of many ITSM Processes. I like to play guitar, soccer and cycling, but... my very passion are my 3 baby and my lovely wife that has always encouraged me and helped me to realize my dreams.

Author

Stefano Bruno

Dear all, I'm Stefano and I was born in Milano. Since I was a little boy I've always been fascinated by the IT world. My first approach was with a 286 laptop with a 16 color graphic adapter (the early '90s). Before joining Würth Phoenix as SI consultant, I worked first as IT Consultant, and then for several years as Infrastructure Project Manager, with a strong knowledge in the global IT scenarios: Datacenter consolidation/migration, VMware, monitoring systems, disaster recovery, backup system. My various ITIL and TOGAF certification allowed me to be able to cooperate in the writing of many ITSM Processes. I like to play guitar, soccer and cycling, but... my very passion are my 3 baby and my lovely wife that has always encouraged me and helped me to realize my dreams.

Leave a Reply

Your email address will not be published.

Archive