Linux and Unix technical recipes

1. Create a New file name 01_Custom.xml and add the following new extension:

<extension name=”Read Back Entered Digits”>
<condition field=”destination_number” expression=”^(9910)$”>
<action application=”lua” data=”test1.lua”/>
</condition>
</extension>

2. Save the file. Launch fs_cli and issue reload_xml, or press F6.

Our Dialplan is now ready to call the Lua script named test1.lua. Create this new script as follows:

1. Using your text editor, create test1.lua in the freeswitch/scripts/ directory and add the following lines:

– test1.lua
– Answer call, play a prompt, hangup

– Set the path separator
pathsep = ‘/’ — Windows users do this instead:
– pathsep = ‘\’

–Answer the call
session:answer()

–Create a string with path and filename of a sound file
prompt = “ivr” .. pathsep .. “ivr-welcome_to_freeswitch.wav”

– Print a log message
freeswitch.consoleLog(“INFO”,”Prompt file is ‘” .. prompt .. “‘\
n”)

–Play the prompt
session:streamFile(prompt)

– Hangup
session:hangup()

2. Save the file.

Now dialer 9910 and you will get IVR.

Lua is very lightweight programing language.Lua has a simple syntax that is easy both to learn and to read. Following is a
simple script:

— This is a sample Lua script
— Single line comments begin with two dashes

–[[
This is a multi-line comment.
Everything between the double square brackets
is part of the comment block.
]]

— Lua is loosely typed
var = 1 — This is a comment
var = �alpha� — Another comment
var = �A1� — You get the idea…

–[[
When the Lua script is called from the dialplan
you have a few magic objects. A handy one is
the 'freeswitch' object which lets you do things
like this:
freeswitch.consoleLog(�INFO�,�This is a log line\n�)

Another important one is the 'session' object which
Lets you manipulate the call:
session:answer()
session:hangup()
]]

— Lua makes extensive use of tables
— Tables are a hybrid of arrays and associative arrays
my_table = {
key1 = val1,
key2 = val2,
�index 1�,
�index 2�
}
freeswitch.consoleLog(�my_table key1 is ‘� .. my_table[key1] .. �’\n�)
freeswitch.consoleLog(�my_table index 1 is ‘� .. my_table[1] .. �’\n�)

— Access arguments passed in
arg1 = argv[1] — First argument
arg2 = argv[2] — Second argument

— Simple if/then
if ( var == �A1� ) then
freeswitch.consoleLog(�INFO�,�var is ‘A1′\n�)
end

— Simple if/then/else
if ( var == �A1� ) then
freeswitch.consoleLog(�INFO�,�var is ‘A1′\n�)
else
freeswitch.consoleLog(�INFO�,�var is not ‘A1′!\n�)
end

— String concatenation uses ..
var = �This � .. � and � .. �that�
freeswitch.consoleLog(�INFO�,�var contains ‘� .. var .. �’\n�)

— The end

Every Lua script that is executed from the Dialplan receives the session object,
which represents the call leg that is being processed. The session object is the
primary means of manipulating the call, and is used extensively in Lua scripting.

Enabling Lua (via mod_lua) is very easier process.It is done in the
following way:

1. Open modules.conf in the FreeSWITCH source directory and locate the
following line:

#languages/mod_lua

Remove the # and save the file.

2. Open modules.conf.xml in the conf/autoload_configs directory and
locate the following line:

tags and save the file.

3. Build and compile mod_lua from the FreeSWITCH source directory:

make mod_lua-install

4. Wait for the installation to finish, and then restart FreeSWITCH. Launch
fs_cli and type show application. If Lua loaded successfully, then you
will see that lua is now available as a Dialplan application as follows:

lua,Launch LUA ivr,

Smarty is the template engine which is fast and nicely design for php programmers. Smarty makes your PHP code cleaner and promotes the V in MVC.

Jquery is the another lightweight JavaScript Library for rapid web development.

Anyway, do you see the problem that might arise when you try to embed your jQuery code or any other javascript library (like Prototype, MooTools, Extjs, etc.) that uses $ as a function name in the ?

The solution:
Use Smarty’s {literal}…{/literal} directives to tell Smarty parsing engine that it should not interpret the code within the block. Smarty will not parse the code which is inside of literal block.

Example:

User
<script type=”text/javascript”>// <![CDATA[
{literal}
$(document).ready(function(){
$(".clazz").css("color", "red");
});
{/literal}
// ]]></script>

User Information:

Name: {$name}

To set up ACL’s based on MAC address:

Open squid.conf:

# vi /etc/squid/squid.conf

Local acl, section and append ACL as follows:

acl macf1 arp mac-address
acl macf2 arp 00:11:22:33:44:55
http_access allow macf1
http_access allow macf2
http_access deny all

Save and close the file. Restart squid server:

# /etc/init.d/squid restart

In Fedora Core and RedHat Enterprise or CentOS, edit /etc/selinux/config and change the SELINUX line to SELINUX=disabled

That’s all.

Sometimes SIP Server attacked by hacker with huge number of SIP Registration.Which make mad the SIP Server.Full service can be get down. It can be blocked easily by IPTables. IPTables will work as Session Border Controller(SBC) for SIP Server. This script will work only with SIP.it will not work for TLS or SIPS.

#!/bin/sh
#
# INVITE rate, per host. Remember a successful (authenticated) call requires 2 INVITEs-
# Initial INVITE, 407 auth required (w/ nonce), INVITE with nonce and authentication.
IRATE=4/minute

# REGISTER rate, per host.
RRATE=2/minute

# All other SIP methods rate, per host. Be careful with SUBSCRIBEs, OPTIONS, CANCELs, etc.
ORATE=10/minute

# Methods for this script to ignore. These SIP methods are always allowed.
IGMETH=”OPTIONS”

# Burst
BURST=1

# Interface(s) to protect on INPUT. Seperate multiple interfaces with spaces.
# This will protect SIP services on THIS HOST.
IFACE=”eth0″

# Reject/drop action – usually something like DROP or REJECT.
# Use ACCEPT to use this script to not filter traffic but still collect statistics.
DACTION=DROP

# Protocol(s) to filter – can be either tcp or udp or both. Seperate multiples with spaces.
PROTOCOLS=”udp tcp”

# Enable logging.
#LOG=YES

# Block tel: URIs completely?
# P.S. – tel: sucks!
BLOCKTEL=yes

# Interface(s) to protect on FORWARD. Seperate multiple interfaces with spaces.
# The same hashtable will protect the entire network from the same host(s).
# Destination IP is NOT taken into consideration.
# This will protect any SIP services running on the network that uses this machine
# as a router (as long as you get the interfaces right).
#FIFACE=”eth0″

# Location of iptables binary.
IPTABLES=`which iptables`

# Search packet to this location. A larger offset looks further into the packet
# and takes more time but could catch more attacks (and false alarms).
# Remember, the method to match on is always in the beginning of the packet.
OFFSET=65

# SIP port
SPORT=5060

if [ ! "$1" ]
then
echo “SIP DoS/DDoS mitigation script for iptables
See top of script for configuration

Usage:
$0 [start|stop|status]”
exit 1
fi

if [ "$1" = "status" ]
then
$IPTABLES -L -v -n
exit
fi

# Setup iptables
$IPTABLES -F sipdos 2> /dev/null
$IPTABLES -X sipdos 2> /dev/null
$IPTABLES -N sipdos 2> /dev/null

if [ "$1" = "stop" ]
then
echo “Clearing iptables rules…”
if [ "$FIFACE" ]
then
$IPTABLES -F FORWARD 2> /dev/null
fi
$IPTABLES -F INPUT 2> /dev/null
exit
fi

# Send the right traffic through our chain
for i in $IFACE
do
for l in $PROTOCOLS
do
$IPTABLES -A INPUT -i $i -m $l -p $l –dport $SPORT -j sipdos
done
done

# Send the right forwarded traffic through our chain
if [ "$FIFACE" ]
then
for j in $FIFACE
do
for l in $PROTOCOLS
do
$IPTABLES -A FORWARD -i $j -m $l -p $l –dport $SPORT -j sipdos
done
done
fi

# “Handle” tel: URIs
if [ "$BLOCKTEL" ]
then
$IPTABLES -A sipdos -m string –string “tel:” –algo bm –to $OFFSET -j $DACTION
fi

# Ignore certain (configured) methods
if [ "$IGMETH" ]
then
for k in $IGMETH
do
$IPTABLES -A sipdos -m string –string “$k sip:” –algo bm –to $OFFSET -j ACCEPT
done
fi

# Finally set some limits…

# INVITE limit
$IPTABLES -A sipdos -m string –string “INVITE sip:” –algo bm –to $OFFSET \
-m hashlimit –hashlimit $IRATE –hashlimit-burst $BURST \
–hashlimit-mode srcip,dstport –hashlimit-name sip_i_limit -j ACCEPT

# REGISTER limit
$IPTABLES -A sipdos -m string –string “REGISTER sip:” –algo bm –to $OFFSET \
-m hashlimit –hashlimit $RRATE –hashlimit-burst $BURST \
–hashlimit-mode srcip,dstport –hashlimit-name sip_r_limit -j ACCEPT

# All other SIP packets…
$IPTABLES -A sipdos -m hashlimit –hashlimit $ORATE –hashlimit-burst $BURST \
–hashlimit-mode srcip,dstport –hashlimit-name sip_o_limit -j ACCEPT

# Take action on everything else
if [ $LOG ]
then
$IPTABLES -A sipdos -j LOG
fi

$IPTABLES -A sipdos -j $DACTION

By default the size of private memory chunk used by each OpenSIPS process is 1 MB.

To increase the size of private memory you need to compile OpenSIPS from sources. Once you get the sources from SVN or the opensips.org’s download site, do the following steps:

- edit the file “config.h” and search for the next lines:

/*used only if PKG_MALLOC is defined*/
#define PKG_MEM_POOL_SIZE 1024*1024

- change the value of PKG_MEM_POOL_SIZE to desired size, for example to have 4MB of private memory:

#define PKG_MEM_POOL_SIZE 4*1024*1024

- recompile and reinstall OpenSIPS

make all; make install;

To increase the share memory size use ‘-m’ command line parameter of OpenSIPS.

opensips -m 256

# this will run OpenSIPS with 256MB of share memory