Blogs on System Administration, Scripting, System Monitoring, Cloud Computing & Virtualizaton, VoIP Systems, SMS Systems and Web Applications Development.

How to install Homer SIPCapture Server in CentOS 7?


Introduction

HOMER is a robust, carrier-grade, scalable SIP Capture system and VoiP Monitoring Application offering HEP/EEP, IP Proto4 (IPIP) encapsulation & port mirroring/monitoring support right out of the box, ready to process & store insane amounts of signaling, logs and statistics with instant search, end-to-end analysis and drill-down capabilities for ITSPs, VoIP Providers and Trunk Suppliers using SIP signaling protocol.

Reference: https://github.com/sipcapture/homer/

Methodology

Following is the step by step guide for installing Homer with Kamailio SIP Proxy.

Step # 1

First of install some of the dependencies of the Homer & Kamailio:

Installing dependencies with yum.

# Dependencies
$ sudo yum -y install epel-release
$ sudo yum update
$ sudo yum -y install httpd mariadb-server mariadb mysql mysql-devel php php-mysql php5-mysql wireshark bison pcre-devel libpcap-devel flex git

Step # 2

You can skip this step if you have already setup database and Apache Server.

Start Mariadb and set root password for the databases:

$ systemctl start mariadb
$ mysql_secure_installation


Edit Apache Configurations file:

$ sudo vi /etc/httpd/conf/httpd.conf


Update the http.conf file with following contents:

...
<directory html="" var="" www="">

   Options Indexes FollowSymLinks MultiViews
   AllowOverride All
   Order allow,deny
   allow from all
</directory>
...


After making above changes in Mariadb and Apache, you can restart services and enable them to start after boot.

$ sudo systemctl start httpd.service
$ sudo systemctl enable httpd.service
$ sudo systemctl enable mariadb

Step # 3

In this step, we are going to download source of Homer API and UI and place the code at the appropriate locations.

# Homer $ cd /usr/src/
$ sudo git clone https://github.com/sipcapture/homer-api.git
$ sudo git clone https://github.com/sipcapture/homer-ui.git

$ mkdir /opt/sipcapture
$ sudo cp -rf /usr/src/homer-ui/* /var/www/html/
$ sudo cp -rf /usr/src/homer-api/api/ /var/www/html/
$ sudo cp -rf /usr/src/homer-api/scripts/* /opt/sipcapture/
$ sudo chmod -R a+x /opt/sipcapture/

Step # 4

In this step, we are going to setup Homer Database user, password and tables.

Please make sure that you have changed following file with your desired credentials:

$ sudo vi /usr/src/homer-api/sql/homer_user.sql

Please change db-username and db-password parameters as below:

...
CREATE USER ''@'localhost' IDENTIFIED BY '';
GRANT ALL ON homer_configuration.* TO ''@'localhost';
GRANT ALL ON homer_statistic.* TO ''@'localhost';
GRANT ALL ON homer_data.* TO ''@'localhost';
...


Now save and close the file.

You can install Homer databases schema with following commands:

$ mysql -u root -p < /usr/src/homer-api/sql/homer_user.sql
$ mysql -u root -p homer_data < /usr/src/homer-api/sql/schema_data.sql
$ mysql -u root -p homer_configuration < /usr/src/homer-api/sql/schema_configuration.sql
$ mysql -u root -p homer_statistic < /usr/src/homer-api/sql/schema_statistic.sql

Step # 5

You can setup crontab to rotate sipcapture homer_data database tables after one day.

Change Database username and password in below file:

sudo vi /opt/sipcapture/rotation.ini

Please change db-username and db-password parameters as below:

...
[MYSQL]
user=
password=
host=localhost
port=3306
db_data = homer_data
db_stats = homer_statistic
# Extra param
newtables = 2 # Create new tables or partitions for next 2 days
engine = InnoDB #MyISAM or InnoDB
compress=ROW_FORMAT=COMPRESSED KEY_BLOCK_SIZE=8
...


Save and close the file.

$ sudo crontab -e -u root
...
30 3 * * * /opt/sipcapture/homer_rotate > /dev/null 2>&1
...


Save and close the file.

You have to manually run the rotate file as below:

$ sudo /opt/sipcapture/homer_rotate

Make sure that it has created tables with current date in homer_data database otherwise you have to rename the tables.

Step # 6

In this step, we are going to install Kamailio to capture SIP packets.

Download and Install Kamailio from source:

$ cd /usr/src/
$ sudo git clone --depth 1 https://github.com/kamailio/kamailio kamailio
$ cd kamailio
$ sudo make FLAVOUR=kamailio include_modules="db_mysql sipcapture pv textops rtimer xlog sqlops htable sl siputils" cfg
$ sudo make all
$ sudo make install 



In order to configure Kamailio, following actions are required.

$ sudo cp /usr/src/homer-api/examples/sipcapture/sipcapture.kamailio /usr/local/etc/kamailio/kamailio.cfg
$ sudo vi /usr/local/etc/kamailio/kamailio.cfg


Edit kamailio.cfg with database credentials and your Server IP (replace X.X.X.X with your Server IP):

...
#!substdef "!HOMER_DB_USER!!g"
#!substdef "!HOMER_DB_PASSWORD!!g"
#!substdef "!HOMER_LISTEN_PROTO!udp!g"
#!substdef "!HOMER_LISTEN_IF!X.X.X.X!g"
#!substdef "!HOMER_LISTEN_PORT!9060!g"
#!substdef "!HOMER_STATS_SERVER!tcp:HOMER_LISTEN_IF:8888!g"
...


Save and close the file.

Starting Kamailio with following command;

$ sudo kamailio
Listening on
udp: X.X.X.X:9060
Aliases:
udp: sipcatpure.example.com:9060

Step # 7

In this step, we are going to make final configuration changes for Homer UI:

$ cd /var/www/html/api/
$ sudo cp /var/www/html/api/preferences_example.php /var/www/html/api/preferences.php
$ sudo cp /var/www/html/api/configuration_example.php /var/www/html/api/configuration.php
$ sudo chmod 777 /tmp


Determine the executable paths of tshark and egrep for writing in configuration.php.

$ which tshark
/usr/sbin/tshark

$ which egrep
/usr/bin/egrep


Edit the configuration file for Homer UI:

$ sudo vi /var/www/html/api/configuration.php


Change your database credentials and executable paths of tshark and egrep determined as above:

...
if(!defined('HOMER_CONFIGURATION')):
define('HOMER_CONFIGURATION', 1);
/*********************************************************************************/
/* AUTH DB homer. User and Configuration */
define('DB_HOSTNAME', "localhost");
define('DB_PORT', 3306);
define('DB_USERNAME', "");
define('DB_PASSWORD', "");
define('DB_CONFIGURATION', "homer_configuration");
define('DB_STATISTIC', "homer_statistic");
define('DB_HOMER', "homer_data");
define('SINGLE_NODE', 1);

/*********************************************************************************/

/* webHomer Settings
* Adjust to reflect your system preferences
*/

define('PCAPDIR', ROOT."/tmp/");
define('WEBPCAPLOC',"/tmp/");

/* Tshark settings for ISUP analyse */
define('TSHARK_ENABLED',1);
define('TSHARK_PATH','/usr/sbin/tshark');
define('EGREP','/usr/bin/egrep');

/* INCLUDE preferences */

include_once("preferences.php");

endif;

?>
... 



Edit the preferences file needed for configurations.

sudo vi /var/www/html/api/preferences.php


Change X.X.X.X to your Server IP Address and email addresses:

...
define('ALARM_FROMEMAIL',"homer@example.com");
define('ALARM_TOEMAIL',"user01@example.com");
...
define('REMOTE_LOG_URL', "http://X.X.X.X:9200");
...
define('EXTERNAL_AUTH_URI', "http://X.X.X.X/api/request");
...

Step # 8

Now you have successfully installed Homer SIPCapture Server and you can login the server with following credentials and replace X.X.X.X with your server IP.

URL: http://X.X.X.X/
Username: admin
Password: test123

How to recursively find and delete files from Server after certain time?


Introduction

You don’t have to write a comprehensive script to handle it but it can be done with just single command:
find /path/to/folder -type f -name "" -mtime + -exec {} \;
For example, we need to remove voicemail messages after 30 days from Asterisk or FreeSwitch Server.

Asterisk

find /var/spool/asterisk/voicemail -type f -name "msg*" -mtime +30 -exec ls -lhtr {} \;
Removing all voicemail messages that exists in server for more than 30 days:
find /var/spool/asterisk/voicemail -type f -name "msg*" -mtime +30 -exec rm {} \;

FreeSwitch

Listing all voicemail messages that exists in server for more than 30 days:
find /usr/local/freeswitch/storage/voicemail -type f -name "msg_*" -mtime +30 -exec ls -lhtr {} \;
Removing all voicemail messages that exists in server for more than 30 days:
find /usr/local/freeswitch/storage/voicemail -type f -name "msg_*" -mtime +30 -exec rm {} \;

It can be added in crontab to execute above command after every 24 hours:
0 0 * * *

How to install Voipmonitor in Linux Server?


Introduction

This article is a complete guide to install Voipmonitor server with database and without its GUI which is actually licensed. 

Description

You can read its full description and features at http://www.voipmonitor.org/.

Step # 1: (Install dependencies)

For Debian:

$ sudo apt-get -y install libvorbis-dev libpcap-dev libpng12-dev libfftw3-dev libjson0-dev libssh-dev librrd-dev libglib2.0-dev liblzma-dev liblzo2-dev

For Centos/Redhat:

$ sudo yum install -y libogg-devel libvorbis-devel libpcap-devel libpng-devel fftw-devel json-c-devel libssh2-devel rrdtool-devel glib2-devel xz-devel lzo-devel

Install latest CMAKE as following:

$ cd /usr/src
$ sudo wget https://cmake.org/files/v3.9/cmake-3.9.2.tar.gz
$ sudo tar -zxvf cmake-3.9.2.tar.gz
$ cd cmake-3.9.2
$ sudo ./bootstrap --prefix=/usr
$ sudo gmake
$ sudo make
$ sudo make install
 

Install Snappy library as following:

$ cd /usr/src
$ sudo git clone https://github.com/google/snappy.git
$ cd snappy/
$ sudo mkdir build
$ cd build
$ sudo cmake ../
$ sudo make
$ sudo make install

Install latest Curl package as following:

$ cd /usr/src
$ sudo wget https://curl.haxx.se/download/curl-7.55.1.tar.gz
$ sudo tar -zxvf curl-7.55.1.tar.gz
$ cd curl-7.55.1
$ sudo ./configure
$ sudo make
$ sudo make install

Install gperftools which is a collection of performance tools for Linux, including a thread-caching memory allocator (tcmalloc), a CPU profiler, a heap profiler, and a heap checker.

$ cd /usr/src/
$ sudo git clone https://github.com/gperftools/gperftools
$ cd gperftools
$ sudo ./autogen.sh
$ sudo ./configure --prefix /usr
$ sudo make
$ sudo make install

Step # 2: (Install Voipmonitor)

Install Voipmonitor service as following:

$ cd /usr/src
$ sudo git clone https://github.com/voipmonitor/sniffer.git
$ cd sniffer/
$ sudo ./configure
$ sudo make
$ sudo make install

Step # 3: (Configure Voipmonitor)

Install init Service for Voipmonitor:

$ cd /usr/src/
$ cd sniffer/config/init.d/
$ sudo cp voipmonitor /etc/init.d/
$ sudo chmod a+x /etc/init.d/voipmonitor

Place the voipmonitor configuration file in appropriate path:

$ cd /usr/src/
$ cd sniffer/config/
$ sudo cp voipmonitor.conf /etc/
$ sudo chmod a+x /etc/voipmonitor.conf

Create database for in your MySQL Server:

$ sudo mysql -h localhost -u root -p -e "create database voipmonitor;"

Edit the configuration file for MySQL database parameters:

$ sudo vi /etc/voipmonitor.conf
mysqlhost = localhost
mysqlport = 3306
mysqlusername =
mysqlpassword =
mysqlsocket =
mysqldb =

Step # 4: (Starting Voipmonitor)

$ sudo service voipmonitor start
Starting voipmonitor: voipmonitor[24332]: set buffer memory limit to 1513814016
Loading configuration from file /etc/voipmonitor.conf OK
voipmonitor[24332]: set buffer memory limit to 1513814016
voipmonitor version 20.4.4
voipmonitor[24332]: resolve host localhost to 127.0.0.1
voipmonitor[24332]: start voipmonitor - version 20.4.4
local time 2017-09-14 12:58:14
voipmonitor[24332]: local time 2017-09-14 12:58:14
voipmonitor[24332]: detected rrdtool version 10308

When voipmonitor service is started, it will automatically create relevant tables in the specified database as following:

$ sudo mysql -h localhost -u root -p
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 170 Server version: 5.6.37-log MySQL Community Server (GPL)
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use voipmonitor;
mysql> show tables;
+-----------------------+
| Tables_in_voipmonitor |
+-----------------------+
| cache_number_location |
| cdr                   |
| cdr_country_code      |
| cdr_dtmf              |
| cdr_next              |
| cdr_proxy             |
| cdr_reason            |
| cdr_rtp               |
| cdr_sip_request       |
| cdr_sip_response      |
| cdr_siphistory        |
| cdr_sipresp           |
| cdr_tar_part          |
| cdr_ua                |
| contenttype           |
| files                 |
| filter_domain         |
| filter_ip             |
| filter_sip_header     |
| filter_telnum         |
| livepacket            |
| log_sensor            |
| message               |
| message_country_code  |
| message_proxy         |
| register              |
| register_failed       |
| register_state        |
| rtp_stat              |
| sensor_config         |
| sensors               |
| system                |
+-----------------------+
32 rows in set (0.00 sec)

Techniques for VoIP Calls Security


Introduction

The purpose of this article is to outline the possible solutions for fraud prevention in Call Center environment. The fraud prevention techniques for Call Center mainly includes the identification of spoofed Caller IDs, malicious behavior and legitimate callers by analyzing the full audio of phone calls via voice bio-metrics, behavioral analysis and matching the patterns with already developed database of spam users or devices.

The probability of Contact Center fraud is high for the environments where VoIP Servers has public interface which is open to internet, whereas the network closely packed with IPSec VPN tunnels with vendors and clients, have legitimate sources for VoIP traffic, which reduces the chances of fraud from any illegitimate IP Address or Device.

Description

Following are the components/techniques that can be developed from different libraries, tools and products in order to add another layer of security for our IVR/Agent Calls:

1. Identification of Caller ID’s Origin

There are many paid solutions for identifying origins of Caller IDs which can be considered as per their accuracy level whereas libphonenumber is an open source library maintained by Google and can be hosted or downloaded locally, which not only identifies the country and operator of a phone number but also returns phone number type (i.e. Landline, Mobile or VoIP), portable region, invalid number etc. The reference of these patterns can be verified from ITU’s numbering plans website. This library is originally developed in java but has wrappers in python, php and javascript etc.

2. Voice Biometrics

There are different vendors i.e. Nuance, Verint and Enacomm which provides paid solution of voice biometrics via audio transcriptions and are already under evaluation. These patterns of audio transcriptions of calls can be used for maintaining database of legitimate users.

3. VoIP Honeypot

A VoIP honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of VoIP system. It will actually be a dummy IVR Server which will be isolated from production environment and will act as valuable information or resource to attackers. The spam calls can be filtered at front end proxy level and further redirected to the VoIP honeypot.

Conclusion

The components discussed above or one stop solution for call center fraud from market; will add an extra layer of security for preventing fraud calls but will also add a little overhead while making decisions from available databases. As these decisions will have to be taken at front end proxy level then it will require another hop before IVR Servers for such scrutiny of incoming calls.