Fincer
/
wanip-checker
mirror of https://github.com/Fincer/wanip-checker
1
0
Fork 0
Code Issues 0 Projects 0 Releases 0 Wiki Activity
Browse Source

Multiple improvements 

Re-organize the repository. Improve permission model (use internal mail user to send mails).
Add more instructions about how to set-up.
master
Pekka Helenius 5 years ago
parent
6727b66aa0
commit
43919c11a0
6 changed files with 82 additions and 52 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +23
    -25
      README.md
  2. +51
    -19
      ssmtp_conf-sample/README.md
  3. +1
    -1
      ssmtp_conf-sample/revaliases
  4. +3
    -3
      ssmtp_conf-sample/wanchecker.sh
  5. +3
    -3
      wanchecker.service
  6. +1
    -1
      wanchecker.timer

+ 23
- 25
README.md View File

@ -20,9 +20,9 @@ This repository contains a systemd service file & a simple bash script to refres
- Linux OS
- systemd - service file
- systemd
- [SSMTP](https://wiki.archlinux.org/index.php/SSMTP) - (SMTP) email client (package: `ssmtp` (Arch Linux), `ssmtp` (Ubuntu))
- [sSMTP](https://wiki.archlinux.org/index.php/SSMTP) - (SMTP) email client (package: `ssmtp` (Arch Linux), `ssmtp` (Ubuntu))
- dig (package: `bind-tools` (Arch Linux), `dnsutils` (Ubuntu))
@ -32,44 +32,42 @@ This repository contains a systemd service file & a simple bash script to refres
## Contents
- systemd **system** service file: `wanchecker@.service`
- systemd **system** service file: [wanchecker.service](wanchecker.service)
- systemd **system** timer file: `wanchecker@.timer`
- systemd **system** timer file: [wanchecker.timer](wanchecker.timer)
- bash script: `wanchecker.sh`
- [sSMTP sample configuration files](ssmtp_conf-sample)
## Installation
- [ssmtp.conf](ssmtp_conf-sample/ssmtp.conf)
- [revaliases](ssmtp_conf-sample/revaliases)
- [wanchecker.sh](ssmtp_conf-sample/wanchecker.sh)
Configuration can be splitted into two parts as follows.
## Installation & configuration
### ssmtp
**1)** Install `ssmtp` package
To-be-added
**2)** Configure files `/etc/ssmtp/revaliases` ([sample](ssmtp_conf-sample/revaliases)) and `/etc/ssmtp/ssmtp.conf` ([sample](ssmtp_conf-sample/ssmtp.conf)). More information about these files on [sSMTP Arch Wiki site](https://wiki.archlinux.org/index.php/SSMTP).
### wanip-checker
**3)** Insert [wanchecker.sh](ssmtp_conf-sample/wanchecker.sh) into `/etc/ssmtp/` folder.
**1)** Insert `wanchecker@.service` and `wanchecker@.timer` into `/usr/lib/systemd/system/` folder
**4)** Configure sSMTP as described in [sSMTP Readme file](ssmtp_conf-sample/README.md).
- WAN IP check interval is customizable in systemd timer file. Default value is `20min`
**2)** Insert `wanchecker.sh` into your `/home/myuser/` folder (where `myuser` is your real username on your Linux system)
**3)** Configure your email address and message form in `wanchecker.sh` file. Configure WAN IPv4 log file location (default is `$HOME`)
**5)** Insert `wanchecker.service` and `wanchecker.timer` into `/usr/lib/systemd/system/` folder
- log file is updated only when WAN IPv4 changes have been detected
- WAN IP check interval is customizable in systemd timer file. Default value is `20min`
**3)** Install `ssmtp`, and configure files `/etc/ssmtp/revaliases` and `/etc/ssmtp/ssmtp.conf` as described on [SSMTP Arch Wiki site](https://wiki.archlinux.org/index.php/SSMTP).
- This log file is updated only when WAN IPv4 changes have been detected
**4)** Run (as root or with `sudo)
**6)** Run (as root or with `sudo`)
```
systemctl enable wanchecker@my_system_username.timer && \
systemctl start wanchecker@my_system_username.timer
systemctl enable wanchecker.timer && \
systemctl start wanchecker.timer
```
where `my_system_username` refers to your true username on your Linux system.
## Images
When server computer discovers a change in its WAN IPv4, it automatically sends an email notification to system administrator(s):
@ -84,9 +82,9 @@ Additionally, server computer keeps a log file which include WAN IPv4 changes an
- `systemctl --all list-timers` = list all system timers on Linux system, including `wanchecker`
- `systemctl is-active wanchecker@my_system_username.timer` = tells whether wanchecker is running or not
- `systemctl is-active wanchecker.timer` = tells whether `wanchecker` is running or not
- `systemctl status wanchecker@my_system_username.timer` = more compherensive output about the status of `wanchecker`
- `systemctl status wanchecker.timer` = more compherensive output about the status of `wanchecker`
## License


+ 51
- 19
ssmtp_conf-sample/README.md View File

@ -1,26 +1,28 @@
## sSMTP system pre-configuration
Once you have installed sSMTP on your Linux system, make sure the following applies. Run the configuration commands as root or with `sudo` prefix.
Once you have installed sSMTP on your Linux system, make sure the following applies. Run these configuration commands as root or with `sudo`.
----------
Symbolic link from `/usr/bin/ssmtp` to `/usr/bin/sendmail`:
**1)** Create symbolic link from `/usr/bin/ssmtp` to `/usr/bin/sendmail` exists:
```
ln -s /usr/bin/ssmtp /usr/bin/sendmail
```
```
Test:
> stat -c "%A %a %U:%G %N" /usr/bin/sendmail
```
> stat -c "%A %a %U:%G %N" /usr/bin/sendmail
lrwxrwxrwx 777 root:root /usr/bin/sendmail -> ssmtp
lrwxrwxrwx 777 root:root /usr/bin/sendmail -> ssmtp
```
----------
User & group mail exists, directory /`var/spool/mail` exists:
**NOTE:** User & group `mail` are defined on Arch Linux by default, preinstalled with `filesystem` package. If they do not exist, then do the following.
**2)** Make sure user & group `mail` exists, and directory /`var/spool/mail` exists with proper permissions:
```
mkdir -p /var/spool/mail
@ -30,36 +32,66 @@ groupadd -g 12 mail
useradd -r -d /var/spool/mail -s /sbin/nologin -u 12 -g 12 mail
```
```
Test:
```
-----
> sudo stat -c "%A %a %U:%G %n" /var/spool/mail
> sudo stat -c "%A %a %U:%G %n" /var/spool/mail
drwxrwxrwt 1777 root:root /var/spool/mail
drwxrwxrwt 1777 root:root /var/spool/mail
-----
> grep mail /etc/passwd
> grep mail /etc/passwd
mail:x:12:12::/var/spool/mail:/sbin/nologin
mail:x:12:12::/var/spool/mail:/sbin/nologin
-----
> grep mail /etc/group
> grep mail /etc/group
mail:x:12:
mail:x:12:
```
## sSMTP configuration files
Once you have sSMTP installed on your Linux system, insert [ssmtp.conf](ssmtp.conf), [revaliases](revaliases) and [wanchecker.sh](wanchecker.sh) into `/etc/ssmtp/` folder. These files should have following permissions:
Once you have sSMTP installed on your Linux system, configure [ssmtp.conf](ssmtp.conf) and [revaliases](revaliases) in `/etc/ssmtp/` folder.
## Mail message formatting & email address
Configure your message defined in [wanchecker.sh](wanchecker.sh) file.
`wanchecker.sh` variables:
| Variable | Value | Type |
|------------------|-----------------------------------------------------------------------------|------------|
| EMAIL_SENDER | Sender's address | String |
| EMAIL_RECIPIENTS | Email recipients. Multiple allowed | Bash array |
| SUBJECT_EMAIL | Email title | String |
| MESSAGE_EMAIL | Email message contents | String |
| MESSAGE_STDOUT | Internal Linux system message about sent email message | String |
| WANIP_DIR | Log file directory path. User `mail` must have write access to this folder. | String |
| WANIP_LOG | Log file name | String |
**NOTE:** At minimum, you should configure proper email addresses in variables `EMAIL_SENDER` and `EMAIL_RECIPIENTS`. `EMAIL_SENDER` takes same value as defined in `/etc/ssmtp/ssmtp.conf` ([sample](ssmtp.conf)) and `/etc/ssmtp/revaliases` ([sample](revaliases)) files.
## Folder & file permissions
Permissions for `/etc/ssmtp` folder should be:
```
> stat -c "%A %a %U:%G %n" /etc/ssmtp/*
> stat -c "%A %a %U:%G %n" /etc/ssmtp
-rw-r----- 640 root:mail /etc/ssmtp/revaliases
-rw-r----- 640 root:mail /etc/ssmtp/ssmtp.conf
-rwxr-x--- 750 root:mail /etc/ssmtp/wanchecker.sh
drwxr-x--- 750 root:mail /etc/ssmtp
```
Contents of `/etc/ssmtp/` folder should contain the following files & permissions:
```
> stat -c "%A %a %U:%G %n" /etc/ssmtp/*
-rw-r----- 640 root:mail /etc/ssmtp/revaliases
-rw-r----- 640 root:mail /etc/ssmtp/ssmtp.conf
-rwxr-x--- 750 root:mail /etc/ssmtp/wanchecker.sh
```
where group `mail` refers to Arch Linux mail group, preinstalled with `filesystem` package.
**NOTE:** As `/etc/ssmtp/ssmtp.conf` contains a _clear-text email password_, the file must be protected from any eavesdropping with correct permission policy! The file must not be readable to any other than `mail` user, and `mail` user must not be available for normal usage. Still, any `sudo` group member can access the file, so make sure `sudo` group does not contain hostile or unwanted members, and configure your `/etc/sudoers` file properly.

+ 1
- 1
ssmtp_conf-sample/revaliases View File

@ -5,4 +5,4 @@
# Example: root:your_login@your.domain:mailhub.your.domain[:port]
# where [:port] is an optional port number that defaults to 25.
my_system_username:mailsender@foo.com:smtp.live.com:587
mail:mailsender@foo.com:smtp.live.com:587

wanchecker.sh → ssmtp_conf-sample/wanchecker.sh View File

@ -27,7 +27,7 @@
# Script requirements
#
# SSMTP
# sSMTP
# https://wiki.archlinux.org/index.php/SSMTP
# Relevant conf files
@ -81,10 +81,10 @@ function checkWANIP {
############################
# Cache/Log directory of the script
local WANIP_DIR="$HOME"
local WANIP_DIR="/var/spool/mail"
# Log file for checked/resolved IPv4 WAN addresses
local WANIP_LOG="$WANIP_DIR/.ip_wan.log"
local WANIP_LOG="$WANIP_DIR/ip_wan.log"
if [[ ! -d "${WANIP_DIR}" ]]; then
mkdir -p "${WANIP_DIR}"

wanchecker@.service → wanchecker.service View File

@ -1,9 +1,9 @@
# Should be placed to /usr/lib/systemd/user/
# Should be placed to /usr/lib/systemd/system/
[Unit]
Description=WAN IPv4 checker & email sender for dynamic IPv4 server environments
After=network-online.target
[Service]
User=%i
ExecStart=/usr/bin/bash /home/%i/wanchecker.sh
User=mail
ExecStart=/usr/bin/bash /etc/ssmtp/wanchecker.sh

wanchecker@.timer → wanchecker.timer View File

@ -1,4 +1,4 @@
# Should be placed to /usr/lib/systemd/user/
# Should be placed to /usr/lib/systemd/system/
# https://wiki.archlinux.org/index.php/Systemd/Timers

Write Preview
Loading…
Cancel
Save