Tuesday, July 30, 2013

pfSense e-mail alerts sent to multiple recipients

pfSense is an all-in-one UTM appliance for firewall, security and network management purposes.



Since my lab doesn't allow a static IP assigned to my pfSense box so I sticked on to DHCP IP address which may be varying along the time. The fact is that I don't own the DHCP server myself so I can't even assign a fixed LAN IP address to this box. Each time something has changed, I need to get back to pfSense console and find out it's WAN IP address myself. That means I can't find out IP address remotely at home whenever DHCP server changes its IP address.

The latest version of pfSense is v2.2.2 at the time of writing.

pfSense comes with various kinds of installable packages whereas one of the useful one would be "mailreport".

To install this mailreport, just get in pfSense web console and click [System]->[packages], then choose to install mailreport.

Once finished, you can open it up by clicking [Status]->[Email Reports] option.

In there, you can create new email report. Just remember to add one new item under "Report Commands" Section. This can be a simple Unix command like ifconfig which shows current IP address of the pfSense box. I personally set it to send out email report once per day in the morning so I get the latest information I need before starting to work.

To configure email alert setting, click [System]->[Advanced] and then [Notifications] tab. Fill in correct SMTP information under Section SMTP E-mail.

But, hang on! There was a problem with the field "Notification E-mail Address" that it only takes one email address ONLY. That should be enough for solely test purposes.



However, I get my colleagues working with me so I would like to send email alerts to all members within my group. The pfSense web console is actually produced by PHP code, so we might need to have a little change inside the PHP source code itself.

Here are the changes we need to make for sending E-mail alerts to multiple recipients:

/etc/inc/mail_reports.inc


...
$mail->ContentType = 'text/html';
$mail->IsHTML(true);
$mail->AddReplyTo($config['notifications']['smtp']['fromaddress'], "Firewall Email Report");
$mail->SetFrom($config['notifications']['smtp']['fromaddress'], "Firewall Email Report");
$address = $config['notifications']['smtp']['notifyemailaddress'];
/* New lines start here */
    $addr_array = preg_split("/[\s,]*(\,|\;|\:)[\s]*/", $address);
    foreach($addr_array as $addr){
           $mail->AddAddress($addr, "Report Recipient ".($addr_count++));
    }
/* New lines end here */

/* Comment out the line below */
//$mail->AddAddress($address, "Report Recipient");
$mail->Subject = "{$config['system']['hostname']}.{$config['system']['domain']} Email Report: {$headertext}";
$mail->Body .= "This is a periodic report from your firewall, {$config['system']['hostname']}.{$config['system']['domain']}.

Current report: {$headertext}
\n
\n";
...

After the changes to the PHP file, you can test it by entering email addresses into the field  "Notification E-mail Address" with coma separator, like "recipient1@a.little.test.co,recipient2@a.little.test.co,recipient3@a.little.test.co". Just make sure no space is used between the email addresses and all those guys should receive the test messages immediately.

Fingers crossed;-)



Thursday, July 18, 2013

Compiling mod_auth_mysql.so under Mountain Lion OSX 10.8 with XAMPP for Mac (Apache v2.4)



First thing first! Install your favourite Bitnami XAMPP for Mac package:

http://www.apachefriends.org/en/xampp-macosx.html

At the time of writing, the latest version is v1.8.2 which includes newest Apache v2.4 as web server. This is where the problem is and we are going to sort this out and compile new mod_auth_mysql.so.

Make sure you setup XAMPP properly with appropriate passwords created for Apache and MySQL and so on…

!!!REMIND!!!
Before your spiritual work, make sure you stop Apache server so nothing should be affected during the compiling process.

The source code of mod_auth_mysql is a bit old to support Apache v2.4 web server whereas a little bit of extra work is required to get APXS compiling working.

Download C source code of mod_auth_mysql:

http://sourceforge.net/projects/modauthmysql/files/modauthmysql/3.0.0/mod_auth_mysql-3.0.0.tar.gz

Extract the mod_auth_mysql-3.0.0.tar.gz file which gives you a folder called "mod_auth_mysql-3.0.0".

Using Terminal command:

$ cd mod_auth_mysql-3.0.0


You will see the source file named "mod_auth_mysql.c" and we are going to work on it.

Download a patch file within the folder and patch it right there as follows:

$
$ curl http://www.zoosau.de/wp-content/uploads/mod_auth_mysql-300-apache-22.patch


$
$ patch < mod_auth_mysql-300-apache-22.patch


The patch fixes some problems for APXS compiling. For Apache v2.4, we have to do some more editing in the file "mod_auth_mysql.c".

Open up editor for the file "mod_auth_mysql.c":

$ open -e mod_auth_mysql.c


Modify the lines as described below:

==========================================================
LINE 908:
  return r->connection->remote_ip;

Changed to:
  return r->connection->client_ip;
==========================================================
LINE 1273:
const apr_array_header_t *reqs_arr = ap_requires(r);

Changed to:
const apr_array_header_t *reqs_arr = NULL;
==========================================================
LINE 1275:
const array_header *reqs_arr = ap_requires(r);

Changed to:
const array_header *reqs_arr = NULL;
==========================================================

Explanation:

It's a bit technical and requires you to read Apache manual first about new Apache 2.4 which explicitly takes ap_requires() function completely out of core services.

Looking through those forums and finally get something closed to that problem. A possible fix:

http://www.mail-archive.com/pld-cvs-commit@lists.pld-linux.org/msg313889.html

As function ap_requires() is removed from Apache v2.4 API, we can set related reference pointer to NULL in order to skip that problem in mod_auth_mysql.c file.

For the solution of LINE 908, thanks to the blogger on http://cootos.sinaapp.com/?p=94 .

Now comes the actual compiling work.

Reference is here:
http://www.nilspreusker.de/?s=mod_auth_mysql

But we need to modify the paths to port them to those paths in XAMPP for Mac package.

Using Terminal command as follows:

$
$
$ sudo /Applications/XAMPP/bin/apxs -c -i -a -D -lmysqlclient \
 -lm -lz -I/Applications/XAMPP/XAMPPfiles/include/ \
 -L/Applications/XAMPP/XAMPPfiles/include/ \
 -Wc,"-arch x86_64" -Wl,"-arch x86_64" mod_auth_mysql.c


It's a long command which I spilt it into four lines so you may have to recombine them in the text editor before you issue the actual command.

If things are going well, you should see the following output generated by the above command:

/Applications/XAMPP/xamppfiles/build/libtool --silent --mode=compile gcc -std=gnu99 -prefer-pic -I/Applications/XAMPP/xamppfiles/include/c-client -I/Applications/XAMPP/xamppfiles/include/libpng -I/Applications/XAMPP/xamppfiles/include/freetype2 -O3 -L/Applications/XAMPP/xamppfiles/lib -I/Applications/XAMPP/xamppfiles/include -I/Applications/XAMPP/xamppfiles/include/ncurses -arch x86_64  -DDARWIN -DSIGPROCMASK_SETS_THREAD_MASK -no-cpp-precomp -DDARWIN_10  -I/Applications/XAMPP/xamppfiles/include  -I/Applications/XAMPP/xamppfiles/include/apr-1   -I/Applications/XAMPP/xamppfiles/include/apr-1 -I/Applications/XAMPP/xamppfiles/include -arch x86_64 -I/Applications/XAMPP/XAMPPfiles/include/  -c -o mod_auth_mysql.lo mod_auth_mysql.c && touch mod_auth_mysql.slo
mod_auth_mysql.c: In function 'str_format':
mod_auth_mysql.c:891: warning: format '%d' expects type 'int', but argument 8 has type 'long int'
/Applications/XAMPP/xamppfiles/build/libtool --silent --mode=link gcc -std=gnu99 -Wl,-rpath -Wl,/Applications/XAMPP/xamppfiles/lib -L/Applications/XAMPP/xamppfiles/lib -I/Applications/XAMPP/xamppfiles/include -arch x86_64 -L/Applications/XAMPP/xamppfiles/lib -L/Applications/XAMPP/xamppfiles   -o mod_auth_mysql.la -arch x86_64  -L/Applications/XAMPP/XAMPPfiles/include/ -lmysqlclient -lm -lz -rpath /Applications/XAMPP/xamppfiles/modules -module -avoid-version    mod_auth_mysql.lo
/Applications/XAMPP/xamppfiles/build/instdso.sh SH_LIBTOOL='/Applications/XAMPP/xamppfiles/build/libtool' mod_auth_mysql.la /Applications/XAMPP/xamppfiles/modules
/Applications/XAMPP/xamppfiles/build/libtool --mode=install install mod_auth_mysql.la /Applications/XAMPP/xamppfiles/modules/
libtool: install: install .libs/mod_auth_mysql.so /Applications/XAMPP/xamppfiles/modules/mod_auth_mysql.so
libtool: install: install .libs/mod_auth_mysql.lai /Applications/XAMPP/xamppfiles/modules/mod_auth_mysql.la
libtool: install: install .libs/mod_auth_mysql.a /Applications/XAMPP/xamppfiles/modules/mod_auth_mysql.a
libtool: install: chmod 644 /Applications/XAMPP/xamppfiles/modules/mod_auth_mysql.a
libtool: install: ranlib /Applications/XAMPP/xamppfiles/modules/mod_auth_mysql.a
chmod 755 /Applications/XAMPP/xamppfiles/modules/mod_auth_mysql.so

Now it's time to modify a working https.conf for Apache v2.4.

In httpd.conf, find those lines with LoadModule * statements and add the following two statements at the bottom of that section:

#
#
#
LoadModule apreq_module modules/mod_apreq2.so
LoadModule mysql_auth_module modules/mod_auth_mysql.so
#


This make sure the target libraries are called up when Apache starts.

Before you start Apache server again to test if it runs or not, you have one more thing to do. In my experience, Apache server may not start because of libmyqlclient error. This is the case when we have no other MySQL client setup on the Mac before.

All you have to do is creating new symbolic link to let Apache v2.4 find the right library:

$
$ sudo ln -s /Applications/XAMPP/xamppfiles/lib/libmysqlclient.18.dylib \
 /usr/lib/libmysqlclient.18.dylib
$



Now start your Apache v2.4 web server and see if it's running properly. If yes, you are ready to use mod_auth_mysql module again!

Happy coding!!!

PS: Additionally you'll need to make sure PHP Session is working.
In /Applications/XAMPP/xamppfiles/etc/php.ini, you need to uncomment a line like this:
session.save_path = "/tmp"


This should do the trick;-)