Posts Tagged ‘trixbox’

trixbox Xen Install Guide

Tuesday, February 3rd, 2009

I have put together a install guide for use with trixbox 2.6.2.1 and Xen. This guide will walk you through installing trixbox in a Xen DomU. I hope people find it useful.

Thank you,
Engineer Tim



Download trixbox-xen

Tags: , ,
Posted in Linux, trixbox | 23 Comments »

BFD (Brute Force) rule for Asterisk

Saturday, December 20th, 2008

I whipped up a BFD rule to try and defend against sip attacks.  This watches for failed logins in the /var/log/asterisk/full log and then blocks them.  I set the TRIG level low so you might need to change this to something you are more comfortable with.  

 

Drop this file in /usr/local/bfd/rules/

Name the file asterisk

 

 

# failed logins from a single address before ban
# uncomment to override conf.bfd trig value
TRIG="5"

# file must exist for rule to be active
REQ="/usr/sbin/asterisk"

if [ -f "$REQ" ]; then
LP="/var/log/asterisk/full"
TLOG_TF="asterisk"
TMP="/usr/local/bfd/tmp"

## ASTERISK
ARG_VAL=`$TLOG_PATH $LP $TLOG_TF |grep "Wrong password" /var/log/asterisk/full | awk '{NF=NF-3} { print $NF}'| tr -d '\'\' `
fi

Tags: ,
Posted in Linux, trixbox | 5 Comments »

Rebuild Zaptel Script

Saturday, December 20th, 2008

So you want to recompile zaptel on trixbox.  I have put together a script that might help.  I have used this on a few custom installs and it seems to work.  However, don’t kill me if it screws something up.  You will need to start zaptel and amportal once the script finishes.  I don’t do this for you since I like to watch for errors on startup.
rebuild-zaptel.sh.txt

Tags: ,
Posted in Linux, trixbox | No Comments »

Securing trixbox CE

Saturday, December 20th, 2008

I have created a small guide to help users secure their trixbox CE installs.  This guide is in PDF format and should be readable on just about any system.  This is by no means a definitive guide, but should be used as s way to help users.
securing_trixbox_ce_ver1

Tags: ,
Posted in trixbox | 8 Comments »

mod_auth_mysql trixbox

Saturday, December 20th, 2008

 

You want to password protect the user/maint on your trixbox server?   Give this a shot!!

 

yum install mod_auth_mysql

 

Now, inside /etc/httpd/conf.d/auth_mysql.conf

put the following, or something like it.

 

LoadModule mysql_auth_module modules/mod_auth_mysql.so

<Directory /var/www/html>

    AuthName “Authentication Required”

    AuthType Basic

    AuthMYSQLEnable on

    AuthMySQLUser root

    AuthMySQLPassword passw0rd

    AuthMySQLDB userauth 

    AuthMySQLUserTable users

    AuthMySQLNameField user_name

    AuthMySQLPasswordField user_passwd

    AuthMySQLGroupTable groups

    AuthMySQLGroupField user_group

    require group user

    require valid-user

</Directory>


<Directory /var/www/html/maint>

    AuthName “Authentication Required”

    AuthType Basic

    AuthMYSQLEnable on

    AuthMySQLUser root

    AuthMySQLPassword passw0rd

    AuthMySQLDB userauth

    AuthMySQLUserTable users

    AuthMySQLNameField user_name

    AuthMySQLPasswordField user_passwd

    AuthMySQLGroupTable groups

    AuthMySQLGroupField user_group

    require group admin

</Directory>

 

 

 

Here is the schema for the userauth mysql database.  Copy and paste this into a file called userauth.schema.sql

 

– MySQL dump 10.10


– Host: localhost    Database: userauth

– ——————————————————

– Server version5.0.22


/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;

/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;

/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;

/*!40101 SET NAMES utf8 */;

/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;

/*!40103 SET TIME_ZONE=’+00:00′ */;

/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;

/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;

/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE=’NO_AUTO_VALUE_ON_ZERO’ */;

/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;



– Current Database: `userauth`



CREATE DATABASE /*!32312 IF NOT EXISTS*/ `userauth` /*!40100 DEFAULT CHARACTER SET latin1 */;


USE `userauth`;



– Table structure for table `groups`



DROP TABLE IF EXISTS `groups`;

CREATE TABLE `groups` (

  `user_name` char(30) NOT NULL,

  `user_group` char(20) NOT NULL,

  PRIMARY KEY  (`user_name`,`user_group`)

) ENGINE=MyISAM DEFAULT CHARSET=latin1;



– Table structure for table `users`



DROP TABLE IF EXISTS `users`;

CREATE TABLE `users` (

  `user_name` char(30) NOT NULL,

  `user_passwd` char(20) NOT NULL,

  `extension` int(10) NOT NULL,

  `email` char(50) NOT NULL,

  PRIMARY KEY  (`user_name`)

) ENGINE=MyISAM DEFAULT CHARSET=latin1;

/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;


/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;

/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;

/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;

/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;

/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;

/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;

/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;

 

 

Now create the database and import the schema.

mysqladmin -uroot -p create userauth

mysql -uroot -p userauth < userauth.schema.sql

 

Now you need to create some users.  I don’t recommend that you use the older maint/password if your server is facing the internet.  I am going to create a engineertim login that is in both the user and admin group.   For my one user, I will create a separate login called kerry.

login to mysql and use the following commands, replace engineertim and kerry with your own users.

mysql -uroot -p

mysql> use userauth;

INSERT INTO `userauth`.`users` (`user_name` ,`user_passwd` ,`extension` ,`email`) VALUES (‘engineertim’, ENCRYPT(‘letmein’),”,” );


INSERT INTO `userauth`.`users` (`user_name` ,`user_passwd` ,`extension` ,`email`) VALUES (‘kerry’, ENCRYPT(‘letmein’),”,” );


INSERT INTO `groups` VALUES (‘engineertim’,'user’),(‘engineertim’,'admin’),(‘kerry’,'user’);

mysql> exit


You now need to edit the /etc/httpd/conf/httpd.conf and add a comment to the last line that should be a Include.

#Include /etc/trixbox/httpdconf/*


Restart apache for everything to take affect.

service httpd restart


Now try and login to your trixbox with the new username and passwords.  If you have issues, you can remove the comment from httpd.conf, restart apache and use the old login while you debug.  You might also want to use tbm-phpmyadmin.

Tags: ,
Posted in trixbox | No Comments »