SYSADMINMAN

There is an interesting discussion on the PBX-in-a-Flash forums here regarding an Asterisk security announcement.

If you write custom Asterisk contexts outside of FreePBX then you should read through how to do this securely. You should not be using wildcard pattern matching as this could be used to create channels in a manner not intended.

Also raised is the potential of a Asterisk/FreePBX system being compromised via the Asterisk Recording Interface (ARI). This is the web interface that allows you to view and manage voicemails. If you do not use this feature of FreePBX it is strongly recommended that you remove access to it. This can be done simply by running the following command as root on systems with standard configuration -

This will prevent the ARI being accessible via a browser.

If you would like more information regarding Asterisk diaplan security please see the following resources -

http://www.asterisk.org/node/49906
http://downloads.asterisk.org/pub/security/AST-2010-002.html
http://svn.asterisk.org/svn/asterisk/trunk/README-SERIOUSLY.bestpractices.txt
http://www.freepbx.org/forum/freepbx/users/dial-plan-injection-vulnerability

Also, always use complex and difficult-to-guess passwords in all areas when setting up Asterisk/FreePBX

If you have a sysadminman VPS and would like the ARI interface disabling please raise a ticket via the helpdesk.

As always thanks to Ward Mundy and Joe Roper who make a great contribution to the Asterisk community.

A few times recently I’ve wanted to be able to turn an e-mail into a voice call. This would be especially handy for emergency server monitoring and notification.

Here is my first attempt. It’s also my first attempt at writing something in Python so you definitely use at your own risk!

There is room for improvement as there is no validation on any of the fields extracted from the e-mail.

It also assumes that these components are already in place -

• Asterisk (with Astersk Manager Interface)
• E-mail server (I’m using Postfix)
• Ceptral text-to-speech (www.cepstral.com) – installed in /opt/swift/bin
• Python (I’m using v2.4.3)

Continue reading ‘E-mail to voice call – with Asterisk, Postfix and Cepstral’ »

I recently looked at an A2Billing 1.34 install that was slow to browse the rates through the GUI. There were over 800,000 rates which was causing the slowdown. While probably not a good idea to have so many rates, it is possible to speed up this screen by creating an index in MySQL.

To do that -

Log in to MySQL -

(you should be able to get the username/password you need from the top of the /etc/asterisk/a2billing.conf file)

Create an index on the destination field in the cc_ratecard table -

To find out why queries are taking so long in MySQL you can turn on the slow-query log in MySQL.

See here for more info – http://dev.mysql.com/doc/refman/5.1/en/slow-query-log.html

If you’ve installed Asterisk and FreePBX, or you’re using one of the preconfigured distributions such as Trixbox or Elastix, a good idea is to have the linux firewall, iptables, running on your system. Here’s an example of how you could set this up.

First thing to note is that it’s pretty easy to lock your self out of your server when playing around with iptables! It’s best to take a couple of simple precautions in case this happens.

These instructions should apply to CentOS/Redhat/Fedora.

Continue reading ‘iptables for Asterisk and FreePBX’ »

It’s definitely a good idea to change the default passwords you get with your Sysadminman hosted Asterisk server.

Here’s how to do it if you’re using Trixbox 2.6.

Changing the passwords should be pretty much the same as it would be on a regular Trixbox server.

First you need to SSH (a secure command line connection) to the server. If you use Windows on your desktop a good program for making SSH connections is Putty. It’s free and you can find it here – http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

For changing the server root password -

Use Putty, or another SSH client, to log into the server as the user root

Run the passwd command -

For changing the Trixbox ‘maint’ password -

Use Putty, or another SSH client, to log into the server as the user root

Run the passwd-maint command -

For changing the Voicemail ‘admin’ password -

Use Putty, or another SSH client, to log into the server as the user root

(Unfortunately there is no command for changing this password and you need to manually edit a file)

Now find the line that contains (line 73) -

and change $ARI_ADMIN_PASSWORD to equal your required password. Now save the file.

For changing the WebMeetMe passwords -

WebMeetMe passwords can be changed through the WebMeetMe interface

I spent a little while playing with sipvicious today. This is a SIP scanner that can be used for scanning SIP servers – which obviousy includes Asterisk, Trixbox, Elastix, etc…

It’s not surpising that scanning for vulnerable SIP servers is on the increase – these sort of tools are really easy to use, and with the lure of making free phone calls at your expense it’s definitnely worth making sure that your PBX is secure.

Here’s what I did to scan one of my servers. The server is a Trixbox CE 2.6 server and I set up the following extensions for testing -

Continue reading ‘Hacking and securing your Asterisk server’ »

If you’re looking for a softphone to use with Asterisk X-Lite is great.  It works on both Windows and Linux, although the configuration screens are a little different on the different versions.

All you should need to get it working with Asterisk are the following settings  (screenshot from the Windows version) -

Continue reading ‘SIP soft phone – using X-Lite with Asterisk’ »

I’ve been testing AsteriskNow running on a VPS today but from what I can see it doesn’t offer anything more than the current distributions I offer (Elastix, Trixbox and PBX in a Flash). If you have a preference for AsteriskNow over any other distribution please let me know why!

“PBX in a flash” has been added to the list of options you can now choose from on a Sysadminman VOIP VPS. This is in addition to the Trixbox CE, Elastix and Asterisk/FreePBX/A2Billing templates currently available.

See here for more details

A2billing is a great open source billing application that can be used with Asterisk for calling card or wholesale billing

The current release of a2billing is version 1.34 but there are a lot of new features going in to the next release – version 1.4

Some of the new features include -

• All of the configuration is now stored in the database  (rather than a2billing.conf)
• Configuration is now editable through the web interface
• New callback module developed in Python
• New agent module
• New auto-dialler module
• Interface is tidier and simpler
• Uses Asterisk ‘realtime’ so no more generating SIP/IAX2 configuration files
• and more …

If you would like to have a look at this development release it is now possible to order a Sysadminman VOIP VPS with it already installed.

The cost is the same as for the Standard Sysadminman VPS – see here for details. For more information please contact us

* Please note that a2billing version 1.4 is a development release and it is not recommended to use it in a production environment. VPSs can be converted to a template running the stable release of a2billing at any time.