Friday, April 29, 2016

Increasing the maximum number of selectable fields in vTiger 6.0 report module

Image source: open4businessonline.com

Just wanted to share this out for those who may have run into this problem where you couldn’t add more than 25 fields in the built-in report module of vTiger.

  • My configuration:
  • CentOS 6
  • vTiger community 6.X

Simply edit the file

vtigercrm/layouts/vlayout/modules/Reports/resources/Edit2.js

Locate the text maximumSelectionSize and change from 25 to whatever you need, this particular config below was from a client that needed more than 200 fields in their reports.

image

That should be it, just reload the reports page and voila! more than 25 (ignore the text that says max 25 or change it if you want)

Shoutout to our client that found the solution, Mr. Benjamin Lim and Mr Au Yong from CustomerConnect Malaysia, with their R&D deep into Google, we added this hack, thanks guys!

Tuesday, April 12, 2016

Decoding Oreka’s MCF file extensions for generic playback software (e.g. vlc)

Here’s a quick howto guide to extract .mcf files that are the created by Oreka’s open source recording platform.

 

Parts of software and guides are taken off various sources from the internet. The decoder was written in c++

and is available here if you want to compile it yourself: https://www.dropbox.com/s/09eo986gc3sons8/orekadecoder.rar
Thanks to Juan Ramirez for writing the code.

 
Since i’ve compiled the cpp file, i will just expose the .exe for 64bit systems. If you need the 32bit platform, 
you need to compile it yourself. So, for you get started, you will need the following tools and software:
1) The orekadecoder.exe here http://www.orencloud.com/public/orekadecoder.zip, download and extract the file 
into anywhere, e.g. C:\tmp
2) Download and Install Audacity  http://www.audacityteam.org/download/ so we can combine, pitch change etc the files
3) If your the files you are converting is encoded into g729, you need an extra step and software, get it from 
here: http://www.codecpro.com/LicenseG729.php and extract the files (g729 steps and use here is for education
purposes only, you should normally buy a proper license) 
 

Steps

Step 1

1) Place the mcf file into C:/tmp, now we shall extract the .mcf file using orekadecoder.exe, here’s how
In this example, i have two files, file1.mcf and file2.mcf. Let’s split out file1.mcf first:
 
File 1 – Splitout – a g729 encoded file
image
and this created two files, like below
image
 
File 2 – Splitout – a ulaw encoded file, this file doesn’t need step 2, just go to step 3
image
The above files out1 and out2 basically mean the left and right channels. 
If you notice the above sample, the file is actually decoded as g729, 
so we need to decode that, as below
 

Step 2

Decode the file1.mcf.out1 and file1.mcf.out2 into 

Copy out the file cp_g729_decoder.exe downloaded from codecpro.com, if its another directory into
c:\tmp so its easier to work. Now, convert out1 and out2 like this

 

Out1

image

Out2

image

Now in that folder, you will end up with file1.out1.wav and file1.out2.wav, proceed to step 3.
For those not needed to decode using g729 decoder, you can simply use the .out1 and .out2

files to import into audacity.

 

Step 3

Import into audacity and combine left and right audio

First example, we will use the .wav files instead of the .out1 or out2 files (we start with the g729 files)

 

g729 encoded file

Open Audacity, click on file, click on Import, then click on Raw Data, when prompted open the first file,
i.e. in this example file1.out1.wav, set the import parameters like shown below;

image

Repeat this step for file1.out2.wav

Now, you should get two channels shown in Audacity, like below

image

 

Now, since the conversion happened, the seem to be off, reduce the speed by 50%. Here’s how, click on Effect,

Change Speed Use the following setting

image

Note on the percentage, change it to –50 (minus 50) and that should be it, now save the file to any format you like.

 

Non-g729 file

Now, for the ulaw file, we just need to import it directly into audacity with the same steps above except you

do not need to change the speed,  it should work straight away.Remember, import as raw.

Remember, we set the Encoding according to the output as seen in step 1

image

 

Then import the 2nd file as the other channel.

Note, you may not have audio in the 2nd file or the first file depending if its a mono recorded or stereo recorded channel.
Save the file to whatever format and you’re done.

 

Cheers.

My first ever Webminar On Windows 10 Security

Check it out if you’ve got some time to kill.

SRC: https://channel9.msdn.com/Events/Windows-10-Webinar-Series/Webinar-4-Windows-10-security

Snippet

We live in a new era of cyber threats. As employees work across multiple devices, data has never been more vulnerable. Windows 10 responds to the new ways people work: it helps you secure devices and data with sophisticated new tools.

We will introduce you to Microsoft Passport, which replaces passwords with strong, two-factor authentication that consists of an enrolled device and a Windows Hello (biometric) or PIN. And we will show you Device Guard, which prevents unauthorized applications from installing on your devices.

Another highlight is the latest version of BitLocker. Available with Windows Enterprise Software Assurance, BitLocker enables you to stop data being extracted from devices that are lost or stolen.

Speaker: Sanjay Stephen (Malaysia)
MVP in Security since 2009. He runs his own solutions implementation business.

Saturday, March 5, 2016

Check script for FreePBX-Asterisk realtime and CDR for suspicious calls (Nagios compatible)


image source:: http://www.chanakyadetective.com/software-investigation.html

Here’s a simple script we wrote to check real-time calls and historical data of n minutes in CDR for suspicious activities based on a number pattern and length. We find this utmost useful especially when your servers are exposed to public to check against hack attempts, abuses or checking matching numbers to “catch” and report. The current action sends email, of course, you can build more functions as you please and run them at each EXIT code in the script appropriately doing stuff like seen in the script for sending email. You need the local mailer program, called mail to be able to send emails from CLI already for the email function to work, otherwise, it may just output via CLI.

This  script has been tested on Debian, FreePBX 2.11 and Asterisk 11. It should work on most regular platforms as well as distros.  I’ve tested on Nagios Core, NagiosXI, Icinga, Icinga2.0.

This script basically does the following;

  • Its all bash, so should be quite compatible with many systems
  • It checks the CDR for n minutes of past records also set by flags
  • It checks asterisk current channels for external numbers only
  • It combines both results as a “total” value to evaluate with the given parameters
  • Uses filters based on the dst column on your CDR to match that you specify during execution (the parameters), this can be prefixes or whole numbers, and as many patterns as you want to check on a single run.
  • You can set the flag to check the prefix and the number of digits which is same or greater so that you won’t catch local calls, normally international calls have higher number of called digits, I.e. > 10
  • To automatically check or do it almost real-time, you can use cron on your server locally (It can also work with Nagios too, however, this guide does not cover configuring on Nagios,you need to set the flag NAGIOSMODE=YES). If you set Nagiosmode, it will not independently send out email and instead your Nagios server will decide what to do according to what you’ve set it to.
  • Be sure to change NAGIOSMODE, SYSADMINEMAIL,EMAILSUBJECT,USER,PASS and if needed, db port,db database name,db table name, and db server & also location of your binaries (find them by typing whereis asterisk and whereis mysql and whereis curl)
  • In some distro (FreePBX distro) the MySQL has no password (yeah, i know!), so in this case, leave the PASS=”” will suffice.

Setup:

  • cd /usr/local/bin/
  • wget http://www.orencloud.com/public/checkintl.sh
  • Modify the parameters as described below and/or in the script
  • Make the script executable and test  (chmod +x /usr/local/bin/checkintl.sh) Test : /usr/local/bin/checkintl.sh --help
  • You can run it like example below and/or put it up as a cronjob if you wish to automate checking (crontab –e), e.g. like this     */15 * * * * /usr/local/bin/checkintl.sh -w 3 -c 10 -i 60 -p 00:6,900:6
  • When adding complex scripts that call many functions be sure to test your cron output, here’s an easy way to see the output of cronjob in syslog (/var/log/syslog) by simply adding adding  2>&1 | /usr/bin/logger  -i  -t ASTIOSALERTS at the end of the script, like shown below
    • */15 * * * * /usr/local/bin/checkintl.sh -w 3 -c 10 -i 60 -p 00:6,900:6 2>&1 | /usr/bin/logger –i -t ASTIOSALERTS
  • Then tailf your syslog to see the output, it should not throw errors but should show you outputs.
  • Above cronjob does the checks for every 15 minutes, 60 minutes of records from bottom of the CDR table and warns on 3, critical on 10 for pattern matching front digits 00, with length greater than or equals 6 numbers and for pattern 900 with length greater than or equals 6 numbers
  • Always test manually. You surely can run this manually and try to invoke the trigger by making n number of calls and you should get an email alert based on the email address you specified
  • This script requires a MySQL CDR for Asterisk (therefore making it perfect for use with FreePBX, out of the box)
  • Set these below before running the script
      • Be sure to set the following inside the script (edit it)

        NAGIOSMODE="NO"
        SYSADMINEMAIL=SOMEONE@SOMEWHERE.COM,SOMEONE2@SOMEWHERE2.COM
        EMAILSUBJECT="HOST $MYHOST INTERNATIONAL CALLS ALERT"
        user="DBUSERNAME"
        pass="DBPASSWORD"

        MYCURL=/usr/bin/curl
        MYSQLBIN=/usr/bin/MySQL
        MYAST=/usr/sbin/asterisk

      • If using Nagios, just set the flag NAGIOSMODE=YES

    Run examples:

    /usr/local/bin/checkintl.sh -w 3 -c 10 -i 60 -p 00:10,900:10

    In the above example, it will

    -w 3 – Warn when both CDR and running channel defined patters is equal to or greater than 3

    -c 10 – Throw critical alert when both CDR and running channel defined patters is equal to or greater than 10

    -i 60 – Check CDR for a total time of 60 minutes (note, time on server needs to be accurate for this to work properly)

    -p 00:6,900:6 – This means, check for pattern 00 and 900 in the dst fields. If it exist, check length of >= 6 digits at minimum on both cases, in this example

    Sample outputs

    image

    No calls/threshold not hit like above

     

    image

    With a warning out which sends email when NAGISOMODE=NO. Also, if critical , it will send out emails like above.

     

    image

    image

    In Nagios mode, it will show up just like this above in CLI and in Nagios itself, it will look like this

    image

  • Email

    image

     

    As usual, do give us feedback if find bugs and/or improvements/suggestions. Do give it a try and comment please if you found something helpful for others to note on your findings.  Thanks and happy weekend.

  • Sunday, February 28, 2016

    Asterisk/FreePBX Call Duration Alerter – with Nagios compatibility


    image source: www.iconarchive.com

     

    Hi all, hope 2016 has been good to you so far ..

    Here’s a little script that I did to list out and do any kinds of actions to  calls (right now, echo output and email with a kill switch to kill offending calls) that exceed certain number of seconds and gathers all (or just one) of the calls and output in pretty Nagios output or sends you an email. It will also show some important information about that CHANNEL (call) so you can take necessary action.

    Purpose of this script is to perhaps check on your PBX call action, ensure there aren’t dead channels running around, track billing usage (you can program it to check against a pre-set DB against each channel to calculate rates vs balance in realtime) and many other things you can imagine.

    You can download it here  www.orencloud.com/public/checkduration.sh

    It supports Nagios return codes (NAGIOSMODE=YES) or sends email otherwise

    • Set warning vs critical values
    • Runs in native Asterisk CLI, so it should be tech independent and fast as it uses pure channel variables
    • Put up in cron to check periodically
      • Something like this */2 * * * * /usr/local/bin/checkdur.sh -w 1800 -c 2400 2>&1 | /usr/bin/logger -i -t ASTIOSALERTS
      • This above example will check every 2 minutes and output the result to /var/log/syslog (or similar) the result of the script in the tag ASTIOSALERT
    • Place as Nagios script to be executed by Nagios 
    • Tested on CentOS/Debian6/7, Asterisk 11 and FreePBX 2.11 , FreePBX Distro
      • I believe it should work on almost all systems and variations
    • If you do have an improvement, do suggest.
    • There’s a kill channel switch, –k 1 where it will kill the “critical” time exceeding channel.

    NOTE:

    1. The output may produce duplicates as a full leg call can contain 2 or more channels. Look for the the first part of the UNIQUEID to identify dupes.
    2. This script may not run in some OS-es or environment so test it out first before going into production

    Place the script anywhere and ensure its executable, here’s how..

    # cd /usr/local/bin

    #wget www.orencloud.com/public/checkduration.sh

    #chmod +x /usr/local/bin/checkduration.sh

    Be sure to change bold highlighted values, edit the script

    # nano /usr/local/bin/checkduration.sh

    NAGIOSMODE="NO"     
    SYSADMINEMAIL=”your@email.com,yoursecond@email.com
    EMAILSUBJECT="DURATION OF CALLS ALERT"

    MYAST=/usr/sbin/asterisk #change this if its not there.

    Test like this, also be sure you can send emails already using “mail”. Setup your local relay, etc..

    #/usr/local/bin/checkduration.sh -w 60 -c 90 [-k 1]

    Where, 60,90 are seconds for alert warning and critical respectively. Make some test calls and check the script output in action. –k 1 switch kills that channel when time exceeds  “critical” only.

    Output looks like this on a typical Asterisk system

    CRITICAL: DURATION:00:03:00,UID:1456644553.8923051,LEG_A:0123456789,LEG_B:6054,APP:Dial
    CRITICAL: DURATION:00:03:50,UID:1456644503.8923013,LEG_A:0123456689,LEG_B:11000,APP:Queue
    CRITICAL: DURATION:00:02:43,UID:1456644570.8923060,LEG_A:1004,LEG_B:s,APP:AppDial
    CRITICAL: DURATION:00:02:01,UID:1456644612.8923082,LEG_A:035554442,LEG_B:11000,APP:Queue
    CRITICAL: DURATION:00:03:02,UID:1456644551.8923049,LEG_A:3546,LEG_B:s,APP:AppDial
    CRITICAL: DURATION:00:02:04,UID:1456644609.8923076,LEG_A:78787988,LEG_B:6002,APP:AppQueue
    CRITICAL: DURATION:00:02:04,UID:1456644609.8923077,LEG_A:0123456780,LEG_B:6001,APP:Dial

    In Nagios

    image

    In Email

    image

    Friday, December 4, 2015

    Opening multiple ports on Microsoft Azure (e.g. for an Asterisk deployment)


    http://azurespeaks.azurewebsites.net/

    If you publish an Asterisk servers on Azure, you might find it a daunting task to open multiple ports (called endpoints) on Azure, the task is simply slow if you use the web (portal or the old one). And we RTP folks, need a lot of ports to get a single call going (at least 3 ports required)

    So, let's say you're gonna create a default Asterisk installation and open the usual ports such as;

    IAX2- UDP4569
    SIP - UDP5060
    RTP-UDP10000 to UDP20000 (in this article, i only needed 100 ports)

    Here's how you can open all those ports in under 10 minutes.

    1) Download and install the Azure Powershell extensions.
    https://github.com/Azure/azure-powershell/releases/download/v1.0.1-November2015/azure-powershell.1.0.1.msi

    2) Start it up - it should be called Windows Azure Powershell (this is not the usual powershell, it must read Azure Powershell)

    3) Once in there, copy paste the following (modify where applicable)

    Task inside powershell (copy paste will do)
    1) Add an azure account (this will launch the authentication windows, do your thing and authenticate)

    Add-AzureAccount

    2) Now, declare which subscription this VM is tied to (My subscription is called Visual Studio Premium with MSDN)

    Select-AzureSubscription -SubscriptionName "Visual Studio Premium with MSDN"

    3) Declare the name of the VM you wish to setup
    $vm = Get-AzureVM -ServiceName myazurebox -Name myazurebox;

    NOTE: ServiceName is the cloud service, if it is not part of a cloud service, just enter the actual VM name, repeat that in NAME variable like above.

    4) Add for IAX2
    $VM | Add-AzureEndpoint -Name IAX2 UDP -LocalPort 4569 -PublicPort 4569

    5) Add for SIP (UDP)
    $VM | Add-AzureEndpoint -Name SIPUDP UDP -LocalPort 5060 -PublicPort 5060 

    Add for SIP TCP (if using)
    $VM | Add-AzureEndpoint -Name SIPTCP TCP -LocalPort 5060 -PublicPort 5060

    6) Add for RTP
    Now, since RTP is a bunch of ports that needed to be opened, in a default setup would be 10000 to 20000, you can do a loop and add them like this; Note, you can only open up to 150 ports at a time, apparently. So add more into the loop if needed.

    10000..10100| ForEach { $VM | Add-AzureEndpoint -Name RTP$_ -Protocol UDP -LocalPort $_ -PublicPort $_} ; $vm | Update-AzureVM

    This will add ports 10000 to 10100, name them RTP10000...and so on with UDP as the protocol. You don't really need that many RTP ports opened on Asterisk unless you have a ridiculous amount of concurrency on SIP. Otherwise, you don't really need that many ports opened.

    Guides: http://www.asteriskdocs.org/en/2nd_Edition/asterisk-book-html-chunk/asterisk-APP-D-SECT-37.html

    Freepbx: Use the GUI, look under Settings | Asterisk Sip Settings, look for RTP port range. *You might need to restart Asterisk.

    7) Finally, update the VM (this is when you will see the changes on Azure's web management portals)

    $vm | Update-AzureVM

    And you're done!

    Sunday, November 15, 2015

    Apple MacBook 2015 Bootcamp/Drivers

    Image from www.apple.com

    If you were in my position that you had to have some drivers and couldn't find them cause you wiped out the OSX partition etc and there's literally nothing on Apple's website to point you to a way to independently download drivers, well, here they are;

    Download Apple Bootcamp 6.0 for MacBook Pro 2015 here:
    https://goo.gl/yZjHvp (approximately 1.44GB)

    Until Apple makes their bootcamp software and drivers public, here's all of it.

    This particular set is for the MBP Retina early 2015 edition. (Mine had the AMD Radeon graphics card).

    I do not have any rights to these, nor claiming any rights, its from Apple and is only posted here for people's convenience.

    All files scanned with Norton Internet Security 2015 edition with latest signatures as of 15Nov2015.

    Have fun and all credit for drivers/software to Apple Inc.

    Thanks


    Thursday, January 29, 2015

    GHOST Vulnerability check and fix for Debian 6 or 7

    More info on the GHOST vulnerability by Qualys | More from debian’s security tracker here

    IMPORTANT

    • USETHIS GUIDE AT YOUR OWN RISK, we are not responsible for any broken apps/programs etc etc.
    • We do not know the extent of the vulnerability/fixes this is from best knowledge and effort, you are advised to research of your own too and not completely rely on these below. Some of these methods are also described in many online articles, i put them together mainly for our customers and people using Deb6/7.
    • This article is to be done/performed by those who have sufficient knowledge in these apps/software
    • Please read more articles and follow online security resources for updates should there be any.

    Check for vulnerability against GHOST by running the following

    1) wget http://goo.gl/MgtleY --no-check-certificate -O gistfile1.c
    2) gcc gistfile1.c -o GCHECKER
    3) ./GCHECKER

    To check which services/software that’s probably vulnerable (for restarting affected services, instead of rebooting)
    1) lsof | grep libc | awk '{print $1}' | sort | uniq

     

    Fix for Debian 6 Squeeze

    1) Add the following repos into /etc/apt/sources.list (Add them at the end is fine)
    deb http://http.debian.net/debian/ squeeze-lts main contrib non-free
    deb-src
    http://http.debian.net/debian/ squeeze-lts main contrib non-free

    2) apt-get update

    3) apt-get install libc6

    4) Reboot (i didn’t have to reboot, some do say to reboot, some say just restart services that use glibc/libc6)

    5) Check again as shown above to verify.

    Fix for Debian 7 Wheezy

    1) apt-get update

    2) apt-get install libc6

    3) Reboot (i didn’t have to reboot, some do say to reboot, some say just restart services that use glibc/libc6)

    4) Check again as shown above to verify.


    All the best and do advice if you find problems or suggestions to improve this guide above.

    Thanks!

    Saturday, December 13, 2014

    Google Voice/Google Talk no audio behind a NATted Asterisk Server

    Thought i’d quickly write this for those having no audio issues with Gtalk.

    First, follow the guide here to get it setup properly. Remember to have the DTMF(1) in your dialplan before executing into the actual internal dialplan per the document referred to earlier.

    The issue is the headers that are sent out to google contain your internal IP (since you’re NATting), so you need a helper per-se otherwise the RTP is discarded. The solution is simple, use a stun server.

    For FreePBX users, edit the /etc/asterisk/rtp_custom.conf, rest of you, simply edit the /etc/asterisk/rtp.conf in general section

    Add the following line in bold, here i am using Google’s Stun server.

    icesupport=yes
    stunaddr=stun.l.google.com:19302

    PS> Ice support must already be there, anyway…

    And you should get two way audio without an issue.

    Have a great weekend.

    Wednesday, December 3, 2014

    FreePBX Device User Mode – “User” password change using touchtone keypad (or a feature code)

    One client requested this as his entire office of 200 users use the Device User mode of FreePBX 2.11. This office is also a hybrid office use and call center of up to 20 agents.
    With this feature, users can dial a code and change whenever they want.

    Firstly, you need to have the following in your setup:

    - FreePBX 2.9 or higher (i used 2.11)
    - Asterisk 1.6 or higher (i used 11.x)

    This dialplan is intended to be used with FreePBX since it uses MySQL to write most of its configs in. This dialplan changes stuff in MySQL directly with the Asterisk’s MYSQL app. Follow as guided and you will get this running in no time.

    Steps in short:

    1) Create a low privilege user in MySQL
    2) Put up a custom code dialplan
    3) Enable the custom dialplan code in FreePBX

    1) Create low privilege user in MySQL

    Since we want this low priv user to only query and write to very little table fields, we give it that much permission

    a) Log into MySQL, login as root with the password you’ve previously set,
    NOTE: If you have trouble running these commands, be sure to check using single quotes and double quote per the guide. If something other than that appear when pasting, change accordingly.

    #mysql –u root –p

    When inside MySQL, copy paste the following; and this guide creates a user called “pwdmgr” with password “letmeinbaby

    CREATE USER ‘pwdmgr’@localhost IDENTIFIED BY “letmeinbaby”;
    GRANT SELECT (extension) ON asterisk.users TO pwdmgr@localhost;
    GRANT SELECT,UPDATE (password) ON asterisk.users TO pwdmgr@localhost;
    FLUSH PRIVILEGES;

    2) Paste the following dialplan into extensions_custom.conf

    [macro-change-loginpw]
    exten => s,1,Answer()
        same => n,NoOp(User password changing app)
        same => n,ExecIf($["${AMPUSER}" = ""]?Hangup(16))
        same => n,Set(DEVICETYPE=${DB(DEVICE/${AMPUSER}/type)})
        same => n,ExecIf($["${DEVICETYPE}" = "fixed"]?Hangup(16))
        same => n,Set(CURRENTPW=${DB(AMPUSER/${AMPUSER}/password)})
        same => n,Authenticate(${CURRENTPW})
        same => n,Read(NEWPASS,vm-newpassword)
        same => n,Set(DB(AMPUSER/${AMPUSER}/password)=${NEWPASS})
        same => n,MYSQL(Connect connid localhost pwdmgr letmeinbaby asterisk)
        same => n,MYSQL(Query resultid ${connid} UPDATE users set password='${NEWPASS}' WHERE extension='${AMPUSER}')
        same => n,MYSQL(Disconnect ${connid})
        same => n,PlayBack(your&vm-password&has-been-changed-to)
        same => n,SayDigits(${NEWPASS})
        same => n,Hangup(16)


    Save and exit!.

    3) Set it up in FreePBX to invoke that custom macro you did above using feature code like dialing


    Go to FreePBX, select Admin, then select Custom Extensions, add like below
    Custom Destination=macro-change-loginpw,s,1
    Description: AnythingYouLike
    image
     

    Then click on Submit Changes

    Next, go to Applications, select Misc Application, do like below

    Description=Anything you like
    Feature Code: Any code not conflicting with current FeatureCodes, e.g. *15 is not really used in a Standard FreePBX setup
    Status: Enabled (you can disable this in FreePBX)
    Destination: The Custom Destination you created just now.

    image  

    Click Submit Changes, now click the Apply Conf button.

     

    All done, now go ahead and try it out for yourself, dial *15 on a logged on user. You can also hack the dialplan to ask for username in case you want to change for non-logged on user.

    As usual, do suggest improvements and report bugs.