tag:blogger.com,1999:blog-72623354425747497242024-03-14T14:39:07.097+08:00SANJAY WILLIE'S Human Language. Asterisk | Nagios | OpenSource | Microsoft | SecurityAsterisk and Nagios enthusiasts, professionals and consultants based in Kuala Lumpur, Malaysia. Astiostech Sdn Bhd. Asterisk Malaysia. Nagios Malaysia.JayWShttp://www.blogger.com/profile/04318296929423691109noreply@blogger.comBlogger251125tag:blogger.com,1999:blog-7262335442574749724.post-66770678595309559202017-12-13T22:51:00.001+08:002017-12-14T13:58:23.551+08:00Setting up Telegram with NagiosXI or Nagios for notifications, the lazy admin’s guide<p><br></p><p>Hi all, been wayy way to long since i last updated and wrote in this blog. Been super busy and i hope you guys too have had a wonderful year as i had and super grateful for it :-)</p><p>Here’s a quick article for anyone wishing to integrate Telegram messaging to NagiosXI quick. Telegram is amazing, its free, its fast, its secure. Their API is also an official one (unlike Whatsapp)</p><strong><font color="#ff0000">CRITICAL NOTICE: <br>Take note, Telegram can sometimes go down, your internet can also go do, for some reason, Nagios server may not have access to internet, so it will not send Telegram messages, always use email or SMS as a backup.</font></strong><h3><font style="font-weight: bold;">What do you need? And what i assume..</font></h3><ol><li>A NagiosXI installation that can access the internet at all times (as it sends to Telegram servers over the internet)</li><li>Subscribe/register with Telegram (Mobile app Appstore, Play Store or Web - <a href="https://web.telegram.org/">https://web.telegram.org/</a>). <strong>A mobile number is required.</strong></li><li>I like to send to a group, so create a group called “<strong>NagiosAlerts</strong>” in your Telegram or any name that you like, <strong><u>do not use</u> spaces or special characters please</strong>. Add at least one more person into that group (e.g. your team that has Telegram installed). <strong>This guide assumes sending to that group “NagiosAlerts”, you can change that as per script (the send_telegram.sh script) below.</strong></li><li>This guide was based on <strong>Centos 7,</strong> i cannot imagine it too much different to Centos6 or RHEL6 / 7, modify the part of yum, that would be the only problematic one, if at all</li><li>You have sufficient XI and linux commands know-how</li></ol><h3><font style="font-weight: bold;">Let’s begin, you’re a couple of steps away from Telegramming on NagiosXI!</font></h3><p>This article assumes you’ve got XI installed already. So we can dive straight into the telegram setup bit. You can send messages many ways, you can use the bot method or use an actual Telegram user. I prefer to use the user way. Do it whichever way you’d like, this guide however is based on user and group.</p><p><em>Run from your Nagios CLI via SSH as root. Cut and paste where applicable. Italic items of course don’t cut and paste lah</em></p><ol><li>yum install lua-devel openssl-devel libconfig-devel readline-devel libevent-devel jansson-devel.x86_64 python-devel git -y</li><li>cd /usr/src/</li><li>git clone --recursive <a href="https://github.com/vysheng/tg.git">https://github.com/vysheng/tg.git</a> </li><li>mkdir /usr/local/nagios/telegram</li><li>mv tg /usr/local/nagios/telegram</li><li>cd /usr/local/nagios/telegram/tg</li><li>./configure</li><li>make</li><li>chown nagios.nagios /usr/local/nagios/telegram/ –R </li></ol><p><em>Now, let’s test run it for the first time to perform registration as user nagios or whichever nagios user you have configured nagios for (usually “nagios”). Take note on the phone number format as explained below</em></p><ol><li>su nagios</li><li>bin/telegram-cli -k tg-server.pub</li><li>When asked for phone, enter your number e.g. <strong> +6012123456</strong> (enter with country code and plus sign at the beginning). Try and use your company phone numbers so its “nothing personal”. <strong>You should receive a code via SMS or Telegram, enter the code correctly, </strong>then type quit to exit as mentioned below</li><li>quit</li><li> Type <strong>exit </strong>to go back as root (since you’re now user nagios@)</li></ol><p><em>Now you’re done with telegram, time to setup send message script and let’s use a simple bash script to do that by copying and pasting <em>items in the <font face="Courier New">Courier New</font> font</em> (taken and modified from <a title="https://github.com/andy-partington/nagios-telegram/blob/master/telegram_message.sh" href="https://github.com/andy-partington/nagios-telegram/blob/master/telegram_message.sh">https://github.com/andy-partington/nagios-telegram/blob/master/telegram_message.sh</a>). Once pasted, save and exit editor. </em></p><ol><li>vi /usr/local/nagios/libexec/send_telegram.sh .<br><br></li><p><font face="Courier New">#!/bin/bash<br>
NAGMSG="$1"<br>
cd /usr/local/nagios/telegram/tg/<br>
(sleep 3; echo "msg <strong>NagiosAlerts</strong> '$NAGMSG'"; echo 'safe_quit';) | /usr/local/nagios/telegram/tg/bin/telegram-cli -W -k server.pub -v</font><br></p>
<p><font face="Courier New"></font><br>
</p><li>chmod +x /usr/local/nagios/libexec/send_telegram.sh && chown nagios:nagios /usr/local/nagios/libexec/send_telegram.sh</li></ol><p>Test this now, by going in as user nagios</p><ol><li>su nagios</li><li>/usr/local/nagios/libexec/send_telegram.sh 'Telegram With Nagios Rawks'</li><li>exit</li></ol><p>Now, access your XI Web UI, and its time to configure telegram notification via XI. <strong>Paste items in bold </strong>when requested to, word for word! Only the ones in bold OK!</p><ol><li>In Core Configuration Manager, go to commands, create a new one, call it <strong>notify-host-by-telegramcli</strong> and the command paste this below<br><strong>$USER1$/send_telegram.sh "***** Nagios Monitor XI Alert *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n"</strong></li><li>As for the type set it to “Misc Command”</li><li>Click Save</li><li>In Core Configuration Manager again, go to commands, create a new one, call it <strong>notify-service-by-telegramcli</strong> and the command paste this below<br><strong>$USER1$/send_telegram.sh "***** Nagios Monitor XI Alert *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$"</strong></li><li>Again, type is “Misc Command”</li><li>Click Save</li><li>Click<strong> Apply Configuration</strong> and now you’re ready to add the notification type to relevant users, eg. <strong>nagiosadmin</strong></li><li>Modify the contacts to include (or exclusively use) telegram, <strong>select host for host, select service for service</strong>. Below is example of host and followed by service<br><a href="https://lh3.googleusercontent.com/-dme4_srlhVE/WjE-V6d4EXI/AAAAAAAAD-k/kO8YZEWqTMYu99CWQJzn07XblEnypz2fwCHMYCw/s1600-h/image%255B2%255D"><img width="244" height="54" title="image" style="margin: 0px; display: inline; background-image: none;" alt="image" src="https://lh3.googleusercontent.com/-JtF86kc6Sx0/WjE-WjzxZiI/AAAAAAAAD-o/DEhi3Xqz1JUmQ0A01oXG4gPwTCXt71usgCHMYCw/image_thumb?imgmax=800" border="0"></a>This is for host<br><br><a href="https://lh3.googleusercontent.com/-IVNaCVuMW_o/WjE-XdEsXwI/AAAAAAAAD-s/REWsHJRIdsQpvliJKqtMmEE1k6qvO3lcgCHMYCw/s1600-h/image%255B5%255D"><img width="244" height="50" title="image" style="margin: 0px; display: inline; background-image: none;" alt="image" src="https://lh3.googleusercontent.com/-sUNqKFz_buM/WjE-YHZBi1I/AAAAAAAAD-w/_025gdwFE8Mb3XFsMGgnnFDk0_0pMau8QCHMYCw/image_thumb%255B1%255D?imgmax=800" border="0"></a>This is for service<br><br></li><li>Save and apply. Go ahead and test by sending custom notification for a host or service where your configured contact will get messages, of course, that contact must be part of the contact that will receive notification for the respective service or host. If you can’t get messages, then its likely notification for that user you enabled isn’t using telegram method or something else isn’t right within Nagios notification logic. Check the relevant logs. See if its even sending to begin with…you should see something like below;<br><strong>SERVICE NOTIFICATION: nagiosadmin;localhost;Current Users;CUSTOM (OK);notify-service-by-telegramcli;USERS OK - 2 users currently logged in;Nagios Administrator;did i get this on telegram? </strong><br><br></li><li>Check logs with; <br><strong>tail -100 /var/log/messages</strong></li></ol><p>So you’re done. Easy peasy innit?</p><p><strong>MERRY CHRISTMAS and HAPPY NEW YEAR. Many cheers from Astiostech too!</strong></p><div class="blogger-post-footer">---http://highsecurity.blogspot.com---
---RSS http://feeds.feedburner.com/highsecurity---</div>JayWShttp://www.blogger.com/profile/04318296929423691109noreply@blogger.com0tag:blogger.com,1999:blog-7262335442574749724.post-12369553940781747582017-04-03T02:45:00.001+08:002017-04-03T02:45:58.388+08:00Per User PIN for FreePBX 2.x<p>This article shows how to very easily add a per-user pin for outbound calls using FreePBX systems. Sometimes trunk level isn’t too fun. Also, if you don’t want to use a specially created DB, you can use FreePBX’s pin module and “Refer” to that PIN when verifying. That’s something i am not covering here.</p> <h3>Steps</h3> <p>1) Create Database/Tables</p> <p>2) Insert dialplan </p> <p>3) Create users in table</p> <h3>READ THIS NOW</h3> <ul> <li><strong>In the dialplan be sure to change sqluser and sqlpass to your MySQL user and password allowed to at minimum do a SELECT to the above DB/table </strong></li> <li><strong>These dialplans uses the default sound files from Asterisk distribution, change were you see fit, where the “Playback” and “Read” app uses as below</strong></li> <li><strong>Iteration for wrong pin is 3 times</strong></li> <li><strong>PIN length is 4 digits, change if you need larger, the size of the int(4) in DB to int(6) for example, then at the dialplan change 5 in the readpin line</strong></li> <li><strong>Hang up if wrong pin</strong></li> <li><strong>If pin defined, will use usual routes set, if route has a pin, user has to key in twice</strong></li> <li><strong>Valid and Invalid pin attempts are stored in CDR as accountcode </strong></li> <li><strong>ISSUE: Billing seconds in Asterisk is counted when this app executed. If you do billing, this might be a problem, otherwise, don’t bother</strong></li></ul> <p> </p> <h3>Create Database/Tables</h3> <p>Simply run this sql query and it will add the necessary table/data. If not, here’s the schema below that.</p> <p>--WARNING, THIS WILL DROP EXISTING DB/TABLE</p><pre>DROP DATABASE IF EXISTS `custom_pin`;
CREATE DATABASE `custom_pin` /*!40100 DEFAULT CHARACTER SET latin1 */;
USE `custom_pin`;
DROP TABLE IF EXISTS `tbl_custom_pins`;
CREATE TABLE `tbl_custom_pins` (
`user` int(4) NOT NULL,
`pin` int(8) NOT NULL,
`comment` varchar(200) NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1;</pre><pre> </pre>
<p>Create a database called “custom_pin”, inside this DB, create a table called tbl_custom_pins</p>
<p>Add entries like below.</p>
<p><a href="https://lh3.googleusercontent.com/-KIY8njL4HQs/WOFG3rV0g0I/AAAAAAAAD8k/Fl9YYct5lGA/s1600-h/image%25255B2%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-E0Fs9jMw5JY/WOFG5a7q3wI/AAAAAAAAD8o/AkxU6bPK3ug/image_thumb.png?imgmax=800" width="244" height="94"></a></p>
<p> </p>
<h3></h3>
<h3>Insert dialplan</h3>
<p>- Edit /etc/asterisk/extensions_custom.conf</p>
<p>- If you do not already or use macro [macro-dialout-trunk-predial-hook], create one like this, and add the following lines</p>
<p><font face="Courier New">[macro-dialout-trunk-predial-hook]</font></p>
<p><font face="Courier New">exten => s,1,Macro(custom-pins)</font></p>
<p> </p>
<p>Now, we create the macro, custom-pins, copy paste the lines below</p>
<p><font face="Courier New">;; CUSTOM PIN START COPY HERE<br>[macro-custom-pins]<br>exten => s,1,NoOp(CUSTOM PIN MODULE - USE DATABASE TO DEFINE)<br>exten => s,n,Wait(1)<br>exten => s,n,Macro(app-custom-pin,s,1)<br>exten => s,n,MacroExit()</font></p>
<p><font face="Courier New">[macro-app-custom-pin]<br>exten => s,1,NoOp(CHECKING IF PIN ENABLED AND VERIFYING IF IT IS)<br>exten => s,n,Set(PINCOUNT=0)<br>exten => s,n,Set(ALLOWERROR=0)<br>exten => s,n,Gotoif($["${AMPUSER}"=""]?skip) ;;if not ampuser skip</font></p>
<p><font face="Courier New">exten => s,n,MYSQL(Connect connid localhost <strong>sqluser</strong> <strong>sqlpass</strong> custom_pin)<br>exten => s,n,MYSQL(Query resultid ${connid} SELECT pin from tbl_custom_pins where user='${AMPUSER}' LIMIT 1)<br>exten => s,n,MYSQL(Fetch fetchid ${resultid} DBPIN)<br>exten => s,n,NoOp(DB Results spits out ${DBPIN} or ${VAR1})<br>exten => s,n,MYSQL(Clear ${resultid})<br>exten => s,n,MYSQL(Disconnect ${connid})<br>exten => s,n,GotoIf($["${DBPIN}"=""]?skip:readpin)</font></p>
<p><font face="Courier New">exten => s,n(readpin),Read(PIN,en/pin_number,,,1,5)<br>exten => s,n,Gotoif($["${PIN}"="${DBPIN}"]?pass)<br>exten => s,n,Playback(custom/invalid)<br>exten => s,n,Set(PINCOUNT=$[${PINCOUNT}+1])<br>exten => s,n,GotoIf($[${PINCOUNT}>2]?toomanyerros)<br>exten => s,n,Goto(readpin)</font></p>
<p><font face="Courier New">exten => s,n(skip),NoOp(NO PIN DEFINED)<br>exten => s,n,MacroExit()</font></p>
<p><font face="Courier New">exten => s,n(pass),NoOp(PIN IS OK)<br>exten => s,n,Playback(auth-thankyou)<br>exten => s,n,Set(CDR(accountcode)=${DBPIN})<br>exten => s,n,MacroExit()</font></p>
<p><font face="Courier New">exten => s,n(toomanyerros),Playback(en/an-error-has-occured)<br>exten => s,n,Playback(terminating)<br>exten => s,n,Set(CDR(accountcode)=PIN-ERR)<br>exten => s,n,Hangup(16)</font></p>
<p><font face="Courier New">;; END COPY HERE</font><br></p>
<h3>Create Users</h3>
<p>The app uses the variable {AMPUSER} which almost all the time is declared by FreePBX, it will not work if that’s missing! Meaning this could be from users detached from a device in device user mode. If {AMPUSER} is not found or not defined/zero value, the dialplan will also skip, allowing users to call out as usual. If defined, it will be checked against this {AMPUSER} variable and if match, it will ask for PIN, if there’s no DB match, it will proceed allowing users to call out like usual.</p>
<p>Remember, the user part in DB is the user defined as “User” in device user mode, but if its in (default) extensions mode, it will always be the same, meaning SIP/1000 will always be user 1000 as well.</p><div class="blogger-post-footer">---http://highsecurity.blogspot.com---
---RSS http://feeds.feedburner.com/highsecurity---</div>JayWShttp://www.blogger.com/profile/04318296929423691109noreply@blogger.com0tag:blogger.com,1999:blog-7262335442574749724.post-11331324267263749352016-12-21T23:42:00.001+08:002016-12-21T23:42:05.194+08:00Limiting calls by DIDs for FreePBX users, with dynamic configurable parameters (Repost)<img src="http://cdn.appcrawlr.com/imageService/aHR0cHM6Ly9saDUuZ2dwaHQuY29tL01xclVQWm10VF92b0o5WmgxbW9QMGNZa2R1NEhtVFByWEtiS2NHdDJJLW11cDRUWFFtc2VNY2VpV1FySkhMdnBmVmxoPWg2NDA?w=340&h=280" width="254" height="209"> <p><font size="1">Image Source: </font><a title="http://appcrawlr.com/android-apps/best-apps-restrict-access" href="http://appcrawlr.com/android-apps/best-apps-restrict-access"><font size="1">http://appcrawlr.com/android-apps/best-apps-restrict-access</font></a></p> <p>So, we had this challenge by our customer to do this as they are using PRI and supporting multiple customers. Each customer needs to be limited to <em>n </em>number of channels on PRI. When they were using analog that was simply straightforward, its a physical line, so nothing much you can do about “limiting” it is limited by design!</p> <p>The following guide allows you to limit calls based on </p> <ul> <li>A single DID <li>A group of DIDs (in this guide the amount of DIDs per group is limited to 5, add more, improv as you wish) <li>Group DIDs will be a union meaning, if you have DID1 and DID2 with limit of 3 calls, at any one time either calls coming to those DIDs are added up and if exceed 3, it will hangup.</li></ul> <p>Anyway, here’s a quick how-to to give you an idea how to go about it. Improv as you see fit :-)</p> <p>Requirements: (my system)</p> <p>1) FreePBX 2.10 or 2.11<br>2) Asterisk 1.8 or higher<br>3) Dahdi based PRI or SIP or just about anything with the use of proper declarations (variables)<br>4) Use MySQL<br>5) Debian Wheezy<br>6) Adminer to run a few MySQL tasks such as creating db/tables, editing values in them etc…</p> <p>So here’s how:</p> <ol> <li>Create a database inside MySQL called LIMITER <li>Use adminer and paste the following codes to using the “SQL Command” feature<br> <p><font face="Courier New">USE ` LIMITER`;<br>CREATE TABLE `tbl_didlimiter` (<br>`group` int(255) NOT NULL AUTO_INCREMENT,<br>`data` varchar(100) DEFAULT NULL,<br>PRIMARY KEY (`group`)<br>) ENGINE=MyISAM DEFAULT CHARSET=latin1;</font> </p> <li>Now, we will create a user superuser with password dbgod00, paste the following codes in SQL Command again<br> <p><font face="Courier New">CREATE USER 'superuser'@'localhost' IDENTIFIED BY ‘dbgod00';<br>GRANT ALL PRIVILEGES ON LIMITER.* TO 'superuser'@'localhost';<br>FLUSH PRIVILEGES;</font> </p> <li> <p>Now, we edit the dialplan, the most important part! Since i use FreePBX, we use the _custom.conf to add new hacks. So that’s exactly what we are doing here, copy and paste the codes into extensions_custom.conf, like below<br><font face="Courier New"><br>#nano /etc/assterisk/extensions_custom.conf<br></font><br><font face="Courier New"><font size="2">;; DIALPLAN START ;;<br><br>;; READ ME FIRST<br>;; copyleft sanjay@astiostech.com<br>;; 1. Set trunks to use from-pstn, from-dahdi, from-zaptel OR from-trunk contexts<br>;; 2. The bold highlights may need to be changed depending on what you see in the <br>;; channel variables, most cases we see either EXTEN or FROM_DID or even CALLERID(DNID)<br>;; 3. Be sure this value is available and matching each other, in my case, the value<br>;; <strong>${EXTEN} </strong>eventually matches the value <strong>${CALLERID(DNID)} </strong>and they must<br>;; 4. This only supports one unique DID entry in DB. IF there are multiple entries<br>;; by mistake or whatever, it will pickout the first result that returns only<br>;;<br>;; 5. Feel free to add more G numbers as shown below, right now its just 5<br>;; 6. Maxdefault is set for global when no DB definitions are found for that DID and its limit, <br>;; if you do not want blanket settings, simply set MAXDEFAULT to blank (as per default) if you want to set a global <br>;; limit then set it with MAXDEFAULT which then applies to </font><font size="2"><strong>all DIDs not set in DB.<br>;; Only when </strong>there’s a value found in DB then that DB value’s limits overrides maxdefault<strong> </strong><br><br>[from-pstn-custom] <br>exten => _X.,1,NoOp(Handling incoming to do cool stuff)<br>same => n,Set(GROUP()=<strong>${EXTEN}</strong>)<br>same => n,Macro(didchoke) <br></font></font><br><font size="2" face="Courier New">[macro-didchoke]<br>exten => s,1,NoOp(Checking for incoming limits and applying if needed)<br>exten => s,n,Set(<strong>MAXDEFAULT=””</strong>)<br>exten => s,n,MYSQL(Connect connid localhost <strong>superuser</strong> <strong>dbgod00</strong> LIMITER)<br></font><font size="2" face="Courier New">exten => s,n,MYSQL(Query resultid ${connid} SELECT data from <strong>tbl_didlimiter</strong> where data like '%${<strong>CALLERID(DNID</strong>)}%' LIMIT 1)<br>exten => s,n,MYSQL(Fetch fetchid ${resultid} DBRESULT)<br></font><font face="Courier New"><font size="2">exten => s,n,MYSQL(Clear ${resultid})<br>exten => s,n,MYSQL(Disconnect ${connid})</font><br></font><font face="Courier New"><font size="2">exten => s,n,ExecIf($["${DBRESULT}"=""]?Set(DBRESULT=${<strong>CALLERID(DNID</strong>)})<br>exten => s,n,GotoIf($["${DBRESULT}"=""]?exception)</font><br></font>;<br><font size="2" face="Courier New">exten => s,n,Set(GROUPLIMIT=${CUT(DBRESULT,:,2)})<br>exten => s,n,ExecIf($["${GROUPLIMIT}"=""]?Set(GROUPLIMIT=${MAXDEFAULT})<br>exten => s,n,GotoIf($["${GROUPLIMIT}"=""]?exception)<br>;<br></font><font size="2" face="Courier New">exten => s,n,Set(DIDS=${CUT(DBRESULT,:,1)})<br>exten => s,n,Set(DID1=${CUT(DIDS,\,,1)})<br>exten => s,n,Set(DID2=${CUT(DIDS,\,,2)})<br>exten => s,n,Set(DID3=${CUT(DIDS,\,,3)})<br>exten => s,n,Set(DID4=${CUT(DIDS,\,,4)})<br>exten => s,n,Set(DID5=${CUT(DIDS,\,,5)}) <br>;<br></font><font size="2" face="Courier New">exten => s,n,ExecIf($["${DID1}"!=""]?Set(G1=${GROUP_COUNT(${DID1})}))<br>exten => s,n,ExecIf($["${DID2}"!=""]?Set(G2=${GROUP_COUNT(${DID2})}))<br>exten => s,n,ExecIf($["${DID3}"!=""]?Set(G3=${GROUP_COUNT(${DID3})}))<br>exten => s,n,ExecIf($["${DID4}"!=""]?Set(G4=${GROUP_COUNT(${DID4})}))<br>exten => s,n,ExecIf($["${DID5}"!=""]?Set(G5=${GROUP_COUNT(${DID5})})) <br>;<br></font><font size="2" face="Courier New">exten => s,n,ExecIf($["${DID1}"=""]?Set(G1=0)<br>exten => s,n,ExecIf($["${DID2}"=""]?Set(G2=0)<br>exten => s,n,ExecIf($["${DID3}"=""]?Set(G3=0)<br>exten => s,n,ExecIf($["${DID4}"=""]?Set(G4=0)<br>exten => s,n,ExecIf($["${DID5}"=""]?Set(G5=0) <br>;<br></font><font size="2" face="Courier New">exten => s,n,Set(TOTALGGROUPCHANS=$[${G1}+${G2}+${G3}+${G4}+${G5}])<br>exten => s,n,NoOp(So total channels here are ${TOTALGGROUPCHANS} of GROUPLIMIT of ${GROUPLIMIT})<br>exten => s,n,GotoIf($[${TOTALGGROUPCHANS} > ${GROUPLIMIT}]?overlimit) <strong><br></strong>exten => s,n,MacroExit()<br>;<br></font><font size="2" face="Courier New">exten => s,n(overlimit),Busy(20)<br><font size="2" face="Courier New">exten => s,n,Hangup(16)</font><br>exten => s,n,MacroExit()<br>;<br>exten => s,n(exception),MacroExit()<br><font size="2" face="Courier New"><font size="2" face="Courier New"><br>;; DIALPLAN END ;;</font></font></font></p> <li>Now, reload asterisk dialplan, be sure to tail the log file to start troubleshooting if things don’t go right.<br><font face="Courier New">#asterisk -rx “dialplan reload”</font> <li>Now, edit the DB values and add DIDs like show in example below, use adminer or similar for easy editing<br>E.g. 1 Format: DID1:3<br>Where DID1 is DID you wish to limit to 3 channels <br>E.g. 2 Format: DID1,DID2,DID3,DID4,DID5:3<br>Where DID1-5 are the DIDs you wish to limit to 3 channels combined<br><br>Here’s sample data from my own server!<br><img alt="image" src="http://lh6.ggpht.com/-VGjIfgGASIc/VGzKNTp8OZI/AAAAAAAADhY/eYSkedlf31Q/image_thumb.png?imgmax=800"> </li></ol> <p>Fire away, test it out…! As usual, appreciate the feedback and ideas to improve! Do let us know how it went for you!</p><div class="blogger-post-footer">---http://highsecurity.blogspot.com---
---RSS http://feeds.feedburner.com/highsecurity---</div>JayWShttp://www.blogger.com/profile/04318296929423691109noreply@blogger.com0tag:blogger.com,1999:blog-7262335442574749724.post-91850071568841132042016-11-07T14:32:00.001+08:002016-11-07T14:32:18.685+08:00OPUS & VP8 Codec with Asterisk 11.20 or higher<p>We have started to use OPUS codec to deploy our remote peers and so far it sounds amazing with very little bandwidth which almost matches GSM in terms of bandwidth and sound quality is as good as 48khz MP3 files. This is the future of IP telephony, for sure! Newer versions of Asterisk (13++), already comes with OPUS built straight into the core code from Asterisk folks. However, for Asterisk 11, we need to configure it manually. This article attempts to provide some guide to setting up OPUS on Asterisk 11.2x or higher. Since <a href="//downloads.asterisk.org/pub/telephony/asterisk/asterisk-11.24.1.tar.gz">Asterisk 11.24.1</a> was just released, i will be using that version as part of this guide and the latest stable build of of <a href="//downloads.xiph.org/releases/opus/opus-1.1.3.tar.gz">libopus</a> from xiph.org.</p> <p><strong>Note: Tested this with 11.20 through 11.24.1</strong></p> <p><strong>This is not a guide on how to install Asterisk. This guide assumes you’ve already got Asterisk up and running without problems and just want to get OPUS running. </strong></p> <p><strong><u>All credit for the original Asterisk patch to <a href="https://github.com/meetecho/asterisk-opus">meetecho</a> and forked by <a href="https://github.com/xxsl">xxsl</a> for Asterisk 11.20 or higher support. </u></strong></p> <p>Ok, let’s get down to business.</p> <ol> <li>Get “autoconf”, “automake” “pkg-config”<br># <font face="Courier New">(yum install) apt-get install autoconf automake pkg-config </font> <li>Get the latest libopus <br># <font face="Courier New">cd /usr/src</font><br># <font face="Courier New">wget //downloads.xiph.org/releases/opus/opus-1.1.3.tar.gz && tar –zxvf opus-1.1.3.tar.gz && cd opus-1.1.3</font><br># <font face="Courier New">./configure<br></font># <font face="Courier New">make all && make install</font> <li>That should get your opus ready for asterisk installation. Since vp8 is merely passthru, it will not require any libraries. It will allow two or more VP8 capable peers to passthru video without transcoding. <li>Now, lets get started on asterisk side, assuming you’ve got the Asterisk source in /usr/src/, your version <strong>must be 11.20 or higher up until 11.24.1</strong><br># <font face="Courier New">cd /usr/src/asterisk-11.24.1</font><br># <font face="Courier New">wget </font><a title="http://www.orencloud.com/public/opuspatch-ast11.2x.patch" href="http://www.orencloud.com/public/opuspatch-ast11.2x.patch"><font face="Courier New">http://www.orencloud.com/public/opuspatch-ast11.2x.patch</font></a><br># <font face="Courier New">patch -p1 -u < opuspatch-ast11.2x.patch</font><br>You should NOT see any “failed” message<br> <li>Now go ahead and recompile Asterisk<br>#<font face="Courier New"> ./bootstrap.sh</font><br># <font face="Courier New">make clean && ./configure --with-crypto --with-ssl --with-srtp=/usr/local/lib --prefix=/usr</font><br>IMPORTANT: If you do not have libsrtp, leave only with “--prefix=/usr”, remove the rest in that line. Libcryto and ssl are used for SRTP (for WebRTC mainly)<br># <font face="Courier New">make menuselect</font><br>IMPORANT: Please be sure to select 1) Codec Opus in Codec Translations, 2) Format VP8 in Format Interpreters and for best compatibility, 3) all sounds that’s SLIN16 (not selected by default) in Core Sound Packages, MOH Packages and Extra Sound..<br>IMPORANT: If you can’t select Opus something went wrong in your libopus installation!, otherwise it should be preselected for you, but do check nontheless<br>FREEPBX USERS! IMPORTANT: FreePBX users, be sure to select format_mp3, res_config_mysql, app_mysql, app_saycountpl and cdr_mysql in Add-ons<br># save and exit<br>FREEPBX USERS! IMPORTANT: Run this # contrib/scripts/get_mp3_source.sh<br># <font face="Courier New">make && make install</font> <li>Now if you use freepbx, simple run #<font face="Courier New">amportal kill</font> <font face="Courier New">&& amportal start</font> <li>Otherwise, simply kill and start back Asterisk <li>You should see opus in the translation list<br># <font face="Courier New">asterisk -rx "core show translation"</font> <li>Also, if you go into asterisk cli, you could type opus <tab> and set debug…that all means the patch worked great, now to test! <li>Be sure to set allow=opus in your sip general setting or per peer/user. For FreePBX users, go to FPBX UX and select Asterisk SIP settings, set allow opus/vp8 like below right at the bottom of that page.<br> <a href="http://lh3.ggpht.com/-CV_hiskdX6k/U3ERI5NGRCI/AAAAAAAADWc/gGvlAFpwgmQ/s1600-h/image%25255B12%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; display: inline; border-top-width: 0px" border="0" alt="image" src="http://lh3.ggpht.com/-o92O3qj-gp4/U3ERJdGsuJI/AAAAAAAADWk/JmX-tQ2Jy90/image_thumb%25255B6%25255D.png?imgmax=800" width="382" height="81"></a> <li>Use a phone that supports OPUS (on Windows you’ve got Phoner, MicroSIP, on mobile you’ve got CCIPSimple or BRIA) and dial away to test <li>Here’s my BRIA on my Android with Opus at 48Khz, dialing the echo test on FreePBX *43<br><a href="http://lh3.ggpht.com/-xqF-3AcwqP0/U3ERKb-I9bI/AAAAAAAADWs/OxuYf6a62a0/s1600-h/ss%25255B3%25255D.png"><img title="ss" style="border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; display: inline; border-top-width: 0px" border="0" alt="ss" src="http://lh3.ggpht.com/-gEo5Mu69Bso/U3ERLIlpTEI/AAAAAAAADW0/MC5WpuKWOBM/ss_thumb%25255B1%25255D.png?imgmax=800" width="216" height="380"></a> </li> <li>You can also fine tune the codec settings in /<font face="Courier New">etc/asterisk/codec.conf</font>, here’s an example from my own PBX<br><a href="https://lh3.googleusercontent.com/-joEQvff7uOc/WCAf8GcbrvI/AAAAAAAADyU/3O_OKD8eZYs/s1600-h/image%25255B2%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-2IhoMDnj93M/WCAf8YxpEWI/AAAAAAAADyY/wImTCTq-5bc/image_thumb.png?imgmax=800" width="156" height="135"></a><br>More info on codec.conf is explained below<br></li> <li>codec.conf configuration snippets for Asterisk</li> <p><font face="Courier New">; Default Custom OPUS format definitions, only one custom OPUS format</font> <p><font face="Courier New">; per sample rate is permitted.</font> <p><font face="Courier New">[opus48]</font> <p><font face="Courier New">type=opus</font> <p><font face="Courier New">samprate=48000 ; Sample rate of this opus format in hz.</font> <p><font face="Courier New">; 8000, 12000, 16000, 24000, 48000 are acceptable values.</font> <p><font face="Courier New">;fec=true ; turn on or off encoding with forward error correction.</font> <p><font face="Courier New">; On recommended, off by default.</font> <p><font face="Courier New">;maxbitrate=10000 ; Use the table below to make sure a useful bitrate is chosen</font> <p><font face="Courier New">; for maxbitrate. If not set or value is not within the bounds</font> <p><font face="Courier New">; of the encoder, a default value is chosen.</font> <p><font face="Courier New">;</font> <p><font face="Courier New">; sample rate | bitrate range</font> <p><font face="Courier New">; 8khz | 6000 - 20000 bps</font> <p><font face="Courier New">; 12khz | 7000 - 25000 bps</font> <p><font face="Courier New">; 16khz | 8000 - 30000 bps</font> <p><font face="Courier New">; 24khz | 18000- 28000 bps</font> <p><font face="Courier New">; 48khz | 24000- 32000 bps</font> <p><font face="Courier New">;dtx=true ; Encode using discontinuous transmission mode or not. Turning this</font> <p><font face="Courier New">; on will save bandwidth during periods of silence at the cost of</font> <p><font face="Courier New">; increased computational complexity. Off by default.</font> <p><font face="Courier New">;cbr=true ; Whether or not to encode with constant or variable bit rate. Constant</font> <p><font face="Courier New">; bit rate is disabled by default.</font> <p><font face="Courier New">[opus16]</font> <p><font face="Courier New">type=opus</font> <p><font face="Courier New">samprate=16000</font></p></ol><div class="blogger-post-footer">---http://highsecurity.blogspot.com---
---RSS http://feeds.feedburner.com/highsecurity---</div>JayWShttp://www.blogger.com/profile/04318296929423691109noreply@blogger.com0tag:blogger.com,1999:blog-7262335442574749724.post-95570948563193922016-09-09T00:29:00.001+08:002016-09-09T02:11:24.452+08:00Telekom Malaysia (TM) Multi-Line SIP setup with vanilla Asterisk or FreePBX over TEL URI<p><img alt="Telekom Malaysia" src="https://www.tm.com.my/style%20library/tmap/images/tm-logo-200%20x%20137.png" width="164" height="88"><br><font size="1">Src: </font><a title="https://www.tm.com.my/Office/Business/SME/Solutions/Pages/Multi-Line-SIP.aspx" href="https://www.tm.com.my/Office/Business/SME/Solutions/Pages/Multi-Line-SIP.aspx"><font size="1">https://www.tm.com.my/Office/Business/SME/Solutions/Pages/Multi-Line-SIP.aspx</font></a></p> <p>Happy to say that we’ve successfully set up Asterisk 11 or higher with TM’s Multi-Line SIP which basically uses IMS signaling on Huawei devices used by Telekom Malaysia. </p> <p>We had to modify chan_sip.c and parser files to support TEL: URI for INVITE messages. Currently, we have enabled it to support incoming INVITES only. TM doesn’t require to send TEL: uri for outgoing calls and the usual SIP: uri is perfectly fine.</p> <p>There are several steps involved and i will blog about it later (when i have the time). Generally its</p> <p>1) Getting the hack from here: <a title="http://forums.asterisk.org/viewtopic.php?f=1&t=76432" href="http://forums.asterisk.org/viewtopic.php?f=1&t=76432">http://forums.asterisk.org/viewtopic.php?f=1&t=76432</a></p> <p>2) Adding one or two more TEL support in the parser file</p> <p>3) Configure trunks and registration </p> <p>4) Setup an incoming dialplan to chomp down parts of the SIP header to be used as CallerID and DID values respectively.</p> <p>5) Enable ringing into all inbound routes</p> <p>We successfully tested incoming, outgoing, transfers using standard codecs. The audio quality is nearly as good as PRI tho sometimes, takes a bit longer to handshake the INVITE messages but its hardly noticeable. We might be able to send messages too over regular IP or SMS, i think that’s why the IMS is chosen in the first place, to enable multimedia over voip protocols.</p> <p>If you need help, write to us <a href="mailto:info@astiostech.com">info@astiostech.com</a> and if you use Asterisk in a non-commercial environment, i will set it up for free <img class="wlEmoticon wlEmoticon-winkingsmile" style="border-top-style: none; border-left-style: none; border-bottom-style: none; border-right-style: none" alt="Winking smile" src="https://lh3.googleusercontent.com/--FL4abZI8fY/V9GR9hS2gHI/AAAAAAAADxU/PjwWiJkSHNM/wlEmoticon-winkingsmile%25255B2%25255D.png?imgmax=800"></p> <p>For more information on TM’s MLS: <a title="https://www.tm.com.my/Office/Business/SME/Solutions/Pages/Multi-Line-SIP.aspx" href="https://www.tm.com.my/Office/Business/SME/Solutions/Pages/Multi-Line-SIP.aspx">https://www.tm.com.my/Office/Business/SME/Solutions/Pages/Multi-Line-SIP.aspx</a></p> <p>Have a good one.<br>Sanjay</p><div class="blogger-post-footer">---http://highsecurity.blogspot.com---
---RSS http://feeds.feedburner.com/highsecurity---</div>JayWShttp://www.blogger.com/profile/04318296929423691109noreply@blogger.com0tag:blogger.com,1999:blog-7262335442574749724.post-37377883863594127112016-06-06T02:55:00.001+08:002016-06-07T23:56:17.470+08:00The 60 minute Nagios Core 4 install guide on Debian 7 Wheezy (Nagios 4, PNP4Nagios -with MRTG & NagiosQL) built from source or just use the VM OVA2.0<p>Version 1.1 – 07 June 2016</p> <p><br>NOTES:</p> <ul> <li>Copyright and registered trademarks are the properties of their respective companies/individuals <li><strong>By all means, these are not my own guides but a collection of guides online with my own hacks here and there that didn’t work for me and now they do. THANK YOU ALL THOSE RESPECTABLE BLOGGERS FOR THEIR CONTRIBUTION</strong> <li>I do not provide any warranty whatsoever for using this guide or the OVA2 images herein <li>This guide doesn’t include how to make Nagios work for you, that’s something you need to learn this guide is just for how to get Nagios working, period. <li><strong>Copy paste as single lines unless otherwise told, the – denotes to run on cli, copy paste them line by line after the dash space (- ), e.g. – apt-get update, copy “<u>apt-get update</u>” without the quotes and paste into your putty/ssh session.</strong></li></ul> <p>Software & versions:</p> <ul> <li>Nagios Core 4.1.1 <li>Nagios plugins including community add-ons and check_nrpe <li>MRTG graphing engine to monitor Nagios itself. <li>PNP4Nagios 0.6 with RRD <li>NagiosQL 3.20 for Web GUI to edit and manage Nagios configs</li></ul> <p> </p> <p> VM Edition download:</p> <p>If you’re not interested to do all of this below yet want to get Nagios 4.1.1 up and running, then download the OVA2 format VM image from Sourceforge: <a title="https://sourceforge.net/projects/debiannagios" href="https://sourceforge.net/projects/debiannagios">https://sourceforge.net/projects/debiannagios</a>. Be sure to read the notes there.</p> <p>Build by hand guide:</p> <ol> <li>Download and install the latest iteration of Debian 7 64bit netinst here: <a title="http://cdimage.debian.org/cdimage/archive/7.10.0/amd64/iso-cd/debian-7.10.0-amd64-netinst.iso" href="http://cdimage.debian.org/cdimage/archive/7.10.0/amd64/iso-cd/debian-7.10.0-amd64-netinst.iso">http://cdimage.debian.org/cdimage/archive/7.10.0/amd64/iso-cd/debian-7.10.0-amd64-netinst.iso</a> <li>Update and install a couple of packages, at one point the mrtg installation will a question, just press enter to continue.<br><br><font face="Courier New">- apt-get update<br>- apt-get upgrade<br><br>- apt-get install --force-yes apache2 build-essential libgd2-xpm-dev libssl-dev exim4 heirloom-mailx wget apache2-utils curl daemon apt-file libnet-snmp-perl libperl5.14 libpq5 libfreeradius-dev libfreeradius2 libsensors4 libsnmp-base libtalloc2 libtdb1 libwbclient0 samba-common samba-common-bin smbclient snmp mrtg libmysqlclient-dev libcgi-pm-perl librrds-perl libgd-gd2-perl python build-essential ssh sudo expect linux-headers-`uname -r` curl sox apache2 libssl-dev libncurses5-dev bison subversion libnewt-dev libcurl4-openssl-dev libnet-ssleay-perl openssl libauthen-pam-perl libio-pty-perl vim iftop tcpdump iptraf ngrep strace ltrace lsof htop sysstat nmap dstat powertop ntpdate ntp ssh libdbi-perl libhtml-template-perl libnet-daemon-perl libterm-readkey-perl mysql-client mysql-common psmisc ethtool apt-show-versions libapt-pkg-perl libmyodbc whois libusb-dev libdigest-md5-file-perl uuid-dev uuid screen autoconf automake git module-init-tools iotop iftop nmap unzip checkinstall libcgi-pm-perl librrds-perl libapache2-mod-python libapache2-mod-php5 php5-sqlite php5-mcrypt libgd2-xpm-dev libdbi1 libdbi-dev libapache2-mod-proxy-html snmp php5 libsnmp15 libnagios-plugin-perl php5-gd graphviz graphviz-dev php5-mysql sqlite3 libssh2-php fping smokeping screen</font> <br> <li>Create users and groups (this use will also be used for apache, explain why later), place a password for user nagios, enter it twice<br><br><font face="Courier New">- useradd nagios && passwd nagios<br>- groupadd nagios<br>- usermod -a -G nagios nagios<br>- usermod -a -G nagios www-data</font><br> <li>Create some directories<br><br><font face="Courier New">- mkdir /usr/local/nagios<br>- mkdir -p /usr/local/nagios/share/{stylesheets,images}<br>- chown -R nagios:nagios /usr/local/nagios</font><br> <li>Get Nagios core 4.11 and Nagios plugins<br><br><font face="Courier New">- cd /usr/src<br>- wget </font><a href="http://downloads.sourceforge.net/project/nagios/nagios-4.x/nagios-4.1.1/nagios-4.1.1.tar.gz"><font face="Courier New">http://downloads.sourceforge.net/project/nagios/nagios-4.x/nagios-4.1.1/nagios-4.1.1.tar.gz</font></a><br><font face="Courier New">- wget </font><a href="http://www.nagios-plugins.org/download/nagios-plugins-2.1.1.tar.gz"><font face="Courier New">http://www.nagios-plugins.org/download/nagios-plugins-2.1.1.tar.gz</font></a><br><font face="Courier New">- tar -xzvf nagios-4.1.1.tar.gz<br>- tar -xzvf nagios-plugins-2.1.1.tar.gz</font><br> <li>Configure, make Nagios core<br><br><font face="Courier New">- cd nagios-4.1.1/<br>- ./configure --prefix=/usr/local/nagios --with-nagios-user=nagios --with-nagios-group=nagios --with-command-user=nagios --with-command-group=nagios<br>- make all<br>- make install <br>- make install-init <br>- make install-commandmode <br>- make install-config<br>- make install-exfoliation<br>- make install-webconf</font><br> <li>Copy over some scripts (useful for SNMPTT, explained later)<br><br><font face="Courier New">- cp -R contrib/eventhandlers/ /usr/local/nagios/libexec/<br>- chown -R nagios:nagios /usr/local/nagios/libexec/eventhandlers<br></font> <li>Create your nagiosadmin user!, this will be the user you will use to login to the core web console via http://. <br><font face="Courier New">- htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin</font><br> <li>Nagios init file doesn’t fulfil some LSB requirements, so edit the init file and add two lines like this<br><br><font face="Courier New">- nano /etc/init.d/nagios<br><br># Default-Start: 2 3 4 5<br># Default-Stop: 0 1 6</font><br><br><a href="https://lh3.googleusercontent.com/-2B1VhYW2-Xk/V1R5t4Vk9TI/AAAAAAAADuo/VM4Vv-3gp0o/s1600-h/image%25255B66%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-UexekZX51j0/V1R5ui2fFrI/AAAAAAAADuw/0v387tb0cq8/image_thumb%25255B31%25255D.png?imgmax=800" width="345" height="98"></a><br> <li>Alright, let’s restart apache for nagios web to work, set nagios to start automatically as well. Also, start the nagios core service. At this point, Nagios core is already installed, you can head over to <a href="http://<yourip>/nagios">http://<yourip>/nagios</a> . Note, you may get check errors from the local services (localhost) that’s being monitored, that’s because we’ve not installed nagios plugins, yet. As long as you can see the webUI, that’s fine for now.<br><br><font face="Courier New">- a2ensite nagios<br>- service apache2 restart<br><br>- ln -s /etc/init.d/nagios /etc/rc2.d/S20nagios<br>- update-rc.d nagios enable<br><br>- service nagios start<br></font> <li>Alright, let’s get the plugins installed now, after this is done, the web should show all plugins showing OK by right. You can recheck that if you want.<br><br><font face="Courier New">- cd ..<br>- cd nagios-plugins-2.1.1<br>- ./configure --with-nagios-user=nagios --with-nagios-group=nagios --with-openssl=/usr/bin/openssl --enable-perl-modules --enable-libtap</font> <p><font face="Courier New">- make && make install</font></p> <li>Now, we will download and install NRPE just to get that binary to be used in almost all nagios agent based checks in your near future. After compiling, we will copy the binary to the libexec folder of Nagios.<br><br><font face="Courier New">- cd ..<br>- wget </font><a href="http://kent.dl.sourceforge.net/project/nagios/nrpe-2.x/nrpe-2.15/nrpe-2.15.tar.gz"><font face="Courier New">http://kent.dl.sourceforge.net/project/nagios/nrpe-2.x/nrpe-2.15/nrpe-2.15.tar.gz</font></a><br><font face="Courier New">tar -zxvf nrpe-2.15.tar.gz<br>- cd nrpe-2.15<br><br>- ./configure --with-ssl=/usr/bin/openssl --with-ssl-lib=/usr/lib/x86_64-linux-gnu<br>- make<br>- cp src/check_nrpe /usr/local/nagios/libexec/<br></font> <li><font face="Courier New"></font>You could also add some apt based contributed plugins like this below. This step is completely optional, though recommended. Note, this may install many other dependencies. <br><br><font face="Courier New">- apt-get install nagios-plugins-contrib<br>- cp -r /usr/lib/nagios/plugins/* /usr/local/nagios/libexec/</font><br> <li>Now, let’s get MRTG configured<br><br><font face="Courier New">- cp /usr/src/nagios-4.1.1/sample-config/mrtg.cfg /usr/local/nagios/etc/<br>- mkdir /usr/local/nagios/share/stats</font><br><br>Edit the mrtg.cfg file and add a line right on the top of the file<br><font face="Courier New">- nano /usr/local/nagios/etc/mrtg.cfg</font><br><br>Add this to top of that file, save and exit.<br><br><font face="Courier New">WorkDir: /usr/local/nagios/share/stats<br><br><font face="Calibri">Run these at the command line.</font><br>- env LANG=C mrtg /usr/local/nagios/etc/mrtg.cfg<br>- indexmaker /usr/local/nagios/etc/mrtg.cfg --output=/usr/local/nagios/share/stats/index.html<br><br><font face="Calibri">Now, we need to add the mrtg graphing to cron to run</font> <br><font face="Calibri">Create and edit a new crontab file, like below;</font><br><br>- nano /etc/cron.d/nagiostats<br><br><font face="Calibri">Paste this into that file, save and exit.</font><br>*/5 * * * * root env LANG=C /usr/bin/mrtg /usr/local/nagios/etc/mrtg.cfg<br></font> <li>Now, let’s go get pnp4nagios installed!, get rrdtool, download pnp4nagios and do the backend setup.<br><br><font face="Courier New">- apt-get install rrdtool</font> <p><font face="Courier New">- cd /usr/src<br>- wget -O pnp4nagios-0.6.25.tar.gz </font><a href="http://downloads.sourceforge.net/project/pnp4nagios/PNP-0.6/pnp4nagios-0.6.25.tar.gz?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fpnp4nagios%2F&ts=1464497035&use_mirror=pilotfiber"><font face="Courier New">http://downloads.sourceforge.net/project/pnp4nagios/PNP-0.6/pnp4nagios-0.6.25.tar.gz?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fpnp4nagios%2F&ts=1464497035&use_mirror=pilotfiber</font></a></p> <p><font face="Courier New">- tar -zxvf pnp4nagios-0.6.25.tar.gz <br>- cd pnp4nagios-0.6.25<br>- ./configure --with-rrdtool=/usr/bin/rrdtool<br><br>- make all<br>- make fullinstall<br>- a2enmod rewrite<br>- service apache2 restart</font></p> <li>Now, let’s enable a cool pnp4nagios popup graph like you see in NagiosXI<br><br><font face="Courier New">- cp contrib/ssi/status-header.ssi /usr/local/nagios/share/ssi/<br>- chown nagios:nagios /usr/local/nagios/share/ssi/status-header.ssi<br>- chmod 644 /usr/local/nagios/share/ssi/status-header.ssi</font><br> <li>At this point, you need to access the pnp4nagios website <a href="http://<yourIP>/pnp4nagios">http://<yourIP>/pnp4nagios</a> and proceed with the instructions therein. Basically, everything should appear in green i.e. ALL GOOD, then, you can delete this install file<br><br><font face="Courier New">- rm /usr/local/pnp4nagios/share/install.php</font><br> <li>Now, we will attempt to add a few definitions inside Nagios core configs to show our graphs, please follow these steps carefully and repeat for other services <a href="https://assets.nagios.com/downloads/nagioscore/docs/nagioscore/4/en/perfdata.html">that produce performance data</a>. <br><br><font face="Courier New">- nano /usr/local/nagios/etc/nagios.cfg<br><br><font face="Calibri">Paste the following at the end of the file. Everything is a single line</font><br><br>process_performance_data=1<br>service_perfdata_file=/usr/local/pnp4nagios/var/service-perfdata<br>service_perfdata_file_template=DATATYPE::SERVICEPERFDATA\tTIMET::$TIMET$\tHOSTNAME::$HOSTNAME$\tSERVICEDESC::$SERVICEDESC$\tSERVICEPERFDATA::$SERVICEPERFDATA$\tSERVICECHECKCOMMAND::$SERVICECHECKCOMMAND$\tHOSTSTATE::$HOSTSTATE$\tHOSTSTATETYPE::$HOSTSTATETYPE$\tSERVICESTATE::$SERVICESTATE$\tSERVICESTATETYPE::$SERVICESTATETYPE$<br>service_perfdata_file_mode=a<br>service_perfdata_file_processing_interval=15<br>service_perfdata_file_processing_command=process-service-perfdata-file<br>host_perfdata_file=/usr/local/pnp4nagios/var/host-perfdata<br>host_perfdata_file_template=DATATYPE::HOSTPERFDATA\tTIMET::$TIMET$\tHOSTNAME::$HOSTNAME$\tHOSTPERFDATA::$HOSTPERFDATA$\tHOSTCHECKCOMMAND::$HOSTCHECKCOMMAND$\tHOSTSTATE::$HOSTSTATE$\tHOSTSTATETYPE::$HOSTSTATETYPE$<br>host_perfdata_file_mode=a<br>host_perfdata_file_processing_interval=15<br>host_perfdata_file_processing_command=process-host-perfdata-file<br><br><a href="https://lh3.googleusercontent.com/-LpW7NGUQKWc/V1R1a9qc7II/AAAAAAAADrc/FTK2EfUZ3FI/s1600-h/image%25255B7%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-sEPvWkSfpso/V1R1bj72lTI/AAAAAAAADrk/Da2lIs1h1vI/image_thumb%25255B3%25255D.png?imgmax=800" width="583" height="110"></a><br></font> <li>Next, enable the perf data command file<br><br><font face="Courier New">- nano /usr/local/nagios/etc/objects/commands.cfg</font><br><br>Paste the following at the end of that file as well<br><font face="Courier New"><br>define command {<br> command_name process-service-perfdata-file<br> command_line /bin/mv /usr/local/pnp4nagios/var/service-perfdata /usr/local/pnp4nagios/var/spool/service-perfdata.$TIMET$<br> }<br>define command {<br> command_name process-host-perfdata-file<br> command_line /bin/mv /usr/local/pnp4nagios/var/host-perfdata /usr/local/pnp4nagios/var/spool/host-perfdata.$TIMET$<br> }<br><br><a href="https://lh3.googleusercontent.com/-sf8QTlZleME/V1R1cTEPsDI/AAAAAAAADrs/aPAMhPtL_kQ/s1600-h/image%25255B49%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-Rz51fU8JxUY/V1R1cx_eArI/AAAAAAAADr0/3kVN2caeTDY/image_thumb%25255B24%25255D.png?imgmax=800" width="452" height="161"></a><br></font><font face="Courier New"></font><!--EndFragment--> <li>Here’s an important note, we need to enable these graphs inside either hosts or services that produces performance data. Usually, hosts will always produce such data if you use the standard host check commands, however, services depends on how it is configured and what the plugin returns. In our example, we will use localhost (the nagios server itself) as hosts and current user count as a service in which we want performance graphs to be generated.<br><br><font face="Courier New">- nano /usr/local/nagios/etc/objects/localhost.cfg<br></font><br>Under host localhost, locate hostname localhost, below address 127.0.0.1, add a line like this and as shown in the example below that as well.. <strong>This can be done for all hosts!</strong><br><br><font face="Courier New">action_url /pnp4nagios/index.php/graph?host=$HOSTNAME$&srv=_HOST_' class='tips' rel='/pnp4nagios/index.php/popup?host=$HOSTNAME$&srv=_HOST_<br><br></font><a href="https://lh3.googleusercontent.com/-gCnbr1c0Kos/V1R1dQjmOhI/AAAAAAAADr8/8bbfDr_vQgQ/s1600-h/image%25255B24%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-HTHPVP2dPdk/V1R1d6HfPEI/AAAAAAAADsE/3NWL0_4vDlU/image_thumb%25255B12%25255D.png?imgmax=800" width="498" height="70"></a><br><br>Now, locate the “current users” service definition add a line like this as shown in the example below that as well. <strong>This can be used for all services that has performance data.</strong> <p><font face="Courier New">action_url /pnp4nagios/index.php/graph?host=$HOSTNAME$&srv=$SERVICEDESC$' class='tips' rel='/pnp4nagios/index.php/popup?host=$HOSTNAME$&srv=$SERVICEDESC$</font></p> <p><br><a href="https://lh3.googleusercontent.com/-6IclabQ564U/V1R1enmUUXI/AAAAAAAADsM/B-raw_tENYI/s1600-h/image%25255B25%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-pptDt00jLLw/V1R1fEbG2PI/AAAAAAAADsU/jVTfy6m-q3w/image_thumb%25255B13%25255D.png?imgmax=800" width="539" height="62"></a><br></p> <li><strong></strong>Now, let’s verify if we have done the above correctly or not by running the pre-flight nagios check like this<br><br><font face="Courier New">- /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg</font><br><br>It should show zero errors and zero warnings. If it doesn’t, you’ve made a typo or an error with the steps above.<br><a href="https://lh3.googleusercontent.com/-K6c4L9Jg3qQ/V1R1flOiP6I/AAAAAAAADsc/o47s-pRv7ZE/s1600-h/image%25255B23%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-grfq4piYb0k/V1R1gbYgSwI/AAAAAAAADsk/ItEQ5pG2W34/image_thumb%25255B11%25255D.png?imgmax=800" width="400" height="304"></a><br> <li>Now, if all goes well as above, restart nagios process and start the npcd process, which is the nagios performance data service, we will also set the npcd to start at boot, after the restart, go back to the webpage and you should see some extra icons appearing infront of “localhost” and “current users”. <strong>Do not panic if you see errors or no performance data, give it like 10 to 30 minutes for it to generate some data.</strong><br><br><font face="Courier New">- service npcd start<br>- update-rc.d npcd enable<br><br></font><font face="Courier New">- service nagios restart<br></font> <li><font face="Courier New"></font>Go ahead and add the same service and host perf data action url to other hosts or services you’ve created and perf graphs will appear in the main nagios page. If you don’t want to show it on that page, they will be automatically generated and you can access them via <a href="http://<yourIP>/pnp4nagios">http://<yourIP>/pnp4nagios</a> <br> <li>Now, let’s install NagiosQL, one of the many tools out there to perform edits on Nagios configs without having to touch text editors and what not. <p><font face="Courier New">- cd /usr/src<br>- wget -O nagiosql_320.tar.gz </font><a href="http://downloads.sourceforge.net/project/nagiosql/nagiosql/NagiosQL%203.2.0/nagiosql_320.tar.gz?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fnagiosql%2Ffiles%2Fnagiosql%2FNagiosQL%25203.2.0%2F&ts=1464465362&use_mirror=ufpr"><font face="Courier New">http://downloads.sourceforge.net/project/nagiosql/nagiosql/NagiosQL%203.2.0/nagiosql_320.tar.gz?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fnagiosql%2Ffiles%2Fnagiosql%2FNagiosQL%25203.2.0%2F&ts=1464465362&use_mirror=ufpr</font></a></p> <p><font face="Courier New">- tar -zxvf nagiosql_320.tar.gz</font></p> <p><font face="Courier New">- cp -R nagiosql32 /var/www/nagiosql<br>- chown -R nagios:nagios /var/www/nagiosql</font></p> <li>Edit the timezone in php.ini. This is an important step to ensure NagiosQL knows when files were edited etc. Locate the date.timezone definition and define it by uncommenting it. <a href="http://php.net/manual/en/timezones.php">Refer to this for a list of countries and how to write that definition</a>. In my case, i am of course going to set it to Kuala Lumpur, Malaysia, where i live. <br><br><font face="Courier New">- nano /etc/php5/apache2/php.ini<br><br></font>date.timezone = Asia/Kuala_Lumpur<br><br><a href="https://lh3.googleusercontent.com/-pRo9jb4GWUM/V1R1gsovMyI/AAAAAAAADss/rbZsYjrQm5s/s1600-h/image%25255B29%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-3IiCVo_DKuA/V1R1hYsWRPI/AAAAAAAADs0/S2Q1X3_s800/image_thumb%25255B15%25255D.png?imgmax=800" width="301" height="81"></a><br><br><font face="Courier New">- service apache2 restart</font><br> <li>Create some directories in which NagiosQL will write all config files.<br> <p><font face="Courier New">- mkdir /usr/local/nagios/etc/nagiosql<br>- chown -R nagios:nagios /usr/local/nagios/etc/nagiosql</font><br><br>Now, let’s create a NagiosQL apache2 definition </p> <p><font face="Courier New">- nano /etc/apache2/sites-available/nagiosql<br></font></p> <p>Paste, this below, save and exit.</p> <p><font face="Courier New">Alias /nagiosql /var/www/nagiosql/</font></p> <p><font face="Courier New"><Directory /var/www/nagiosql/><br>Options None<br>Order allow,deny<br>allow from all<br></Directory></font></p> <p>Load this config above and restart apache</p> <p><font face="Courier New">- a2ensite nagiosql<br>- service apache2 reload</font><font face="Courier New"><br></p></font> <li>Edit apache envvars to change apache from its default www-user to nagios, this will be useful for nagiosql to write stuff into nagios directories and control the nagios process.<br><br><font face="Courier New">- nano /etc/apache2/envvars</font><br><br>Change www: data to nagios for both user and group<br><br><a href="https://lh3.googleusercontent.com/-PomAfJVvjoQ/V1R1hs79rCI/AAAAAAAADs8/yIEKiQkmCOM/s1600-h/image%25255B33%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-kU-VPYlXxHE/V1R1iPHHuMI/AAAAAAAADtE/77_3034zqjA/image_thumb%25255B17%25255D.png?imgmax=800" width="376" height="119"></a><br><br><font face="Courier New">- chown -R nagios:nagios /var/lock/apache2/<br>- chown -R nagios:nagios /var/www/<br>- chown -R nagios:nagios /var/lib/php5<br>- service apache2 restart<br></font> <li>Get mysql and related files to for NagiosQL, at this point you will get prompted for the root password of mysql , please enter a valid password and remember it for later use during NagiosQL installation.<br><br><font face="Courier New">- apt-get install mysql-server php5-mysql libmysqlclient15-dev</font><br> <li>Now, go to <a href="http://<yourIP>/nagiosql">http://<yourIP>/nagiosql</a>, <strong>it is important to note on these settings below<br></strong>- Click on START INSTALLATION (there should not be errors which will stop you from clicking next, if you see, “REFRESH” that means you’ve missed something above or its in error)<br>- Click next<br>- Modify accordingly and as show in the image below<br><em>- DBserver type=mysql<br>- dbserver=localhost<br>- hostname=127.0.0.1<br>- DBName=<leave default><br>- dbuser=<leave default><br>- dbpass=<leave default><br>- Admin user=root<br>- Admin db pass = <password created during mysql installation><br>- Nagiosql user=admin<br>- NagiosQL pass=<any password> & repeat<br>- Import nagios sample = CHECKED<br>- Create config paths = CHECKED<br>- NagiosQL Config path = /usr/local/nagios/etc/nagiosql/<br>- Nagios config path= /usr/local/nagios/etc/objects/</em><br><br>Click on next and finish, you should not get any errors and it should land you to the login page. <strong>Important, please follow next guide before proceeding.</strong><br> <li>Ensure we set the right permissions for NagiosQL <p><font face="Courier New">- chgrp nagios /usr/local/nagios/etc/<br>- chgrp nagios /usr/local/nagios/etc/nagios.cfg<br>- chgrp nagios /usr/local/nagios/etc/cgi.cfg<br>- chmod 775 /usr/local/nagios/etc/<br>- chmod 664 /usr/local/nagios/etc/nagios.cfg<br>- chmod 664 /usr/local/nagios/etc/cgi.cfg<br>- chown nagios:nagios /usr/local/nagios/bin/nagios<br>- chmod 660 /usr/local/nagios/var/rw/nagios.cmd<br>- chown nagios:nagios /usr/local/nagios/var/rw/nagios.cmd</font></p> <li>Now, login to the NagiosQL page and edit the following<br><br>Click on Administration, click on Config Target, click on modify for localhost (the wrench icon). <br>Set the following;<br><em>Method = Change to SSH, then enter your nagios user and password created at the beginning of this document.<br>Nagios Command File= /usr/local/nagios/var/rw/nagios.cmd<br>Nagios Binary= /usr/local/nagios/bin/nagios<br>Nagios Process file= /usr/local/nagios/var/nagios.lock<br>Nagios config file/usr/local/nagios/etc/nagios.cfg</em><br> <li>Now,let’s modify Nagios core main config file to enable NagiosQL folders and disable the default one.<br><br>Click on Tools, Nagios Config<br><br>Disable / comment out the default ones by adding a # infront of them, like below<br>#cfg_file=/usr/local/nagios/etc/objects/commands.cfg<br>#cfg_file=/usr/local/nagios/etc/objects/contacts.cfg<br>#cfg_file=/usr/local/nagios/etc/objects/timeperiods.cfg<br>#cfg_file=/usr/local/nagios/etc/objects/templates.cfg<br><br>#cfg_file=/usr/local/nagios/etc/objects/localhost.cfg<br><br><a href="https://lh3.googleusercontent.com/-v71oxDpit74/V1Z86rSjuXI/AAAAAAAADvE/9fav44Cg4vA/s1600-h/image.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-31dKFMQK9Ko/V1Z87oBU4LI/AAAAAAAADvM/kkAol4nI6rc/image_thumb.png?imgmax=800" width="493" height="292"></a><br><br>Add the following under config directories<br>cfg_dir=/usr/local/nagios/etc/nagiosql/<br><br><a href="https://lh3.googleusercontent.com/-NiVg7mXmi50/V1Z88acMC-I/AAAAAAAADvU/P9qRPNksmGs/s1600-h/image%25255B1%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-qRN9u0qrLZ4/V1Z89KjSGDI/AAAAAAAADvc/EkSPb-Pg7BQ/image_thumb%25255B1%25255D.png?imgmax=800" width="497" height="228"></a><br><br>Once done, click on Save. <br><br>Now, click on Tools, Nagios Control. <br>In the following order, click Write Monitoring Data, Click Write Additional Data, Click on Check Configuration Files (you should NOT have errors btw), and finally, click on Restart Nagios. <br><br><strong>For some reason, the import doesn’t really import the process-host-perfdata-file and process-service-perfdata-file commands definitions. Let’s add them otherwise, after the import, you may not get perf graphs working.<br><br></strong>Click on Commands, click on definitions. Click on Add, add like below<br>Command: process-host-perfdata-file<br>Command line: /bin/mv /usr/local/pnp4nagios/var/host-perfdata /usr/local/pnp4nagios/var/spool/host-perfdata.$TIMET$<br>Rest leave as default. Click on Save.<br><br>Click on Add, again. <br>Command: process-service-perfdata-file<br>Command line: /bin/mv /usr/local/pnp4nagios/var/service-perfdata /usr/local/pnp4nagios/var/spool/service-perfdata.$TIMET$<br>Rest leave as default. Click on Save.<br><br>Now, click on Write Config File. <br><br>Click on tools, click on Nagios control, in the following order, click Write Monitoring Data, Click Write Additional Data, Click on Check Configuration Files (you should NOT have errors btw), and finally, click on Restart Nagios. <br> <li><strong>Also, the action URLs go missing in the host and service we defined earlier. You can add it yourself in NagiosQL. Follow this to do bring it back into Nagios. Like shown above as an example, we will be adding the host=localhost and service=current users back into Nagios perf data.<br></strong><br>To add for a sample host.<br>Click on Supervision, click on Host. Click to edit localhost (wrench icon). Click on Addon Settings, add the following line in Action URL:<br>/pnp4nagios/index.php/graph?host=$HOSTNAME$&srv=_HOST_' class='tips' rel='/pnp4nagios/index.php/popup?host=$HOSTNAME$&srv=_HOST_<br><br>Click on Save.<br><br>Now, to add for a sample service.<br>Click on Supervision, click on Service, search for “Current Users”. Click to edit (wrench icon). Click on Addon Settings, add the following line in Action URL:<br>/pnp4nagios/index.php/graph?host=$HOSTNAME$&srv=$SERVICEDESC$' class='tips' rel='/pnp4nagios/index.php/popup?host=$HOSTNAME$&srv=$SERVICEDESC$<br><br>Click on Save.<br><br>Now, click on Write Config File. <br>Click on tools, click on Nagios control, in the following order, click Write Monitoring Data, Click Write Additional Data, Click on Check Configuration Files (you should NOT have errors btw), and finally, click on Restart Nagios.<br> <li>You might also want to delete the sample hosts and definitions created by NagiosQL, use NagiosQL to delete them in the order of deleting services, followed by the sample hosts. You can do bulk deletion for hosts or services like shown in the image below. <strong>Warning, do not delete localhost and localhost related services.</strong> <br><br><a href="https://lh3.googleusercontent.com/-2FArDtnRecE/V1R1k7fleII/AAAAAAAADts/chfAq5bW3_s/s1600-h/image%25255B45%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-jf8IFu_uteQ/V1R1lZtV-XI/AAAAAAAADt0/eMZrfQWAaxc/image_thumb%25255B23%25255D.png?imgmax=800" width="406" height="237"></a><br><br>Now, click on Write Config File. <br>Click on tools, click on Nagios control, in the following order, click Write Monitoring Data, Click Write Additional Data, Click on Check Configuration Files (you should NOT have errors btw), and finally, click on Restart Nagios.<br><br>This should leave you with the samples created by Nagios core installation monitoring Nagios itself.<br> <li>Let’s create some nice HTTP links to access a few tools we just created <p><font face="Courier New">- nano /usr/local/nagios/share/side.php</font><br><br>Locate the “General” section, add the following lines after the final </div> of that section. Paste these texts below, literally below that.<br><br><font face="Courier New"><div class="navsection"><br> <div class="navsectiontitle">Add-ons</div><br> <div class="navsectionlinks"><br> <ul class="navsectionlinks"><br> <li><a href="/nagios/stats" target="<?php echo $link_target;?>">Nagiostats</a></li><br> <li><a href="/pnp4nagios" target="<?php echo $link_target;?>">Nagiosgraph</a></li><br> <li><a href="/nagiosql" target="<?php echo $link_target;?>">Nagios Configurator</a></li><br> <li><a href=<a href="http://www.astiostech.com">http://www.astiostech.com</a> target="<?php echo $link_target;?>">Nagios Support</a></li><br> <li><a href=highsecurity.blogspot.com target="<?php echo $link_target;?>">Nagios Core 4.1.1 Install Guide</a></li><br> </ul><br> </div><br></div></font><br><br><br>Example like below;<br><a href="https://lh3.googleusercontent.com/-i9R9a7p6S8Q/V1Z8-TIMQ_I/AAAAAAAADvk/zSL4Uxqdxbk/s1600-h/image%25255B2%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-4IJHJwEQ-5Q/V1Z8-4a98DI/AAAAAAAADvs/rtaxtub002w/image_thumb%25255B2%25255D.png?imgmax=800" width="367" height="157"></a><br></p> <li>Finally, refresh your /nagios page in your browser [F5] and see those links like below<br><br><a href="https://lh3.googleusercontent.com/-8EVbLglfuvI/V1Z8_QjbyYI/AAAAAAAADv0/6FrWZWWEYzw/s1600-h/image%25255B3%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-KV3mvCZvoCY/V1Z9AJDampI/AAAAAAAADv8/0zZuY2_3AQQ/image_thumb%25255B3%25255D.png?imgmax=800" width="314" height="273"></a><br> <li>Other stuff (And addons for future blog posts)<br>- Be sure to configure periodic timesync<br>- Install adminer to manage DB if required<br>- Install MK livestatus to replace NDO<br>- Install mod_gearman to replace Nagios default broker modules<br>- Install Nagvis for visualization (and Install ndo2db for it or MK livestatus)</li></ol> <p>We hope this guide has helped you get your Nagios awesome monitoring tool up and running. Thank you and as usual, we’d appreciate feedbacks.</p><div class="blogger-post-footer">---http://highsecurity.blogspot.com---
---RSS http://feeds.feedburner.com/highsecurity---</div>JayWShttp://www.blogger.com/profile/04318296929423691109noreply@blogger.com0tag:blogger.com,1999:blog-7262335442574749724.post-7398744844906038752016-04-29T01:37:00.001+08:002016-04-29T01:38:04.850+08:00Increasing the maximum number of selectable fields in vTiger 6.0 report module<p><img src="http://open4businessonline.com/documents/393559/435218/vtiger.png" width="285" height="129"></p> <p><font size="1">Image source: </font><font size="1">open4businessonline.com</font></p> <p>Just wanted to share this out for those who may have run into this problem where you couldn’t add more than 25 fields in the built-in report module of vTiger.</p> <ul> <li>My configuration:</li> <li>CentOS 6</li> <li>vTiger community 6.X</li></ul> <p>Simply edit the file</p> <p>vtigercrm/layouts/vlayout/modules/Reports/resources/Edit2.js</p> <p>Locate the text maximumSelectionSize and change from 25 to whatever you need, this particular config below was from a client that needed more than 200 fields in their reports.</p> <p><a href="https://lh3.googleusercontent.com/-5TUQl2nape0/VyJKYQlFrtI/AAAAAAAADqI/exjlDrtBW8c/s1600-h/image%25255B4%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-HTfy3fQqTp4/VyJKZep2f_I/AAAAAAAADqM/bgeseMppdxw/image_thumb%25255B2%25255D.png?imgmax=800" width="531" height="41"></a></p> <p>That should be it, just reload the reports page and voila! more than 25 (ignore the text that says max 25 or change it if you want)</p> <p>Shoutout to our client that found the solution, Mr. Benjamin Lim and Mr Au Yong from <a href="http://www.customerconnect.com.my/">CustomerConnect Malaysia</a>, with their R&D deep into Google, we added this hack, thanks guys!</p><div class="blogger-post-footer">---http://highsecurity.blogspot.com---
---RSS http://feeds.feedburner.com/highsecurity---</div>JayWShttp://www.blogger.com/profile/04318296929423691109noreply@blogger.com0tag:blogger.com,1999:blog-7262335442574749724.post-61958943746537883952016-04-12T17:27:00.001+08:002016-04-12T20:49:42.184+08:00Decoding Oreka’s MCF file extensions for generic playback software (e.g. vlc)<p>Here’s a quick howto guide to extract .mcf files that are the created by <a href="http://oreka.sourceforge.net/">Oreka’s open source recording platform</a>.</p> <p> </p> <p>Parts of software and guides are taken off various sources from the internet. The decoder was written in c++ </p> <p>and is available here if you want to compile it yourself: <a href="https://www.dropbox.com/s/09eo986gc3sons8/orekadecoder.rar">https://www.dropbox.com/s/09eo986gc3sons8/orekadecoder.rar</a> <br><font face="Calibri">Thanks to Juan Ramirez for writing the code.</font></p><pre><font face="Calibri"></font> </pre><pre><font face="Calibri">Since i’ve compiled the cpp file, i will just expose the .exe for 64bit systems. If you need the 32bit platform, </font></pre><pre><font face="Calibri">you need to compile it yourself. </font><font face="Calibri">So, for you get started, you will need the following tools and software:</font></pre><pre><font face="Calibri">1) The orekadecoder.exe here <a title="http://www.orencloud.com/public/orekadecoder.zip" href="http://www.orencloud.com/public/orekadecoder.zip">http://www.orencloud.com/public/orekadecoder.zip</a>, download and extract the file </font></pre><pre><font face="Calibri">into anywhere, e.g. C:\tmp</font></pre><pre><font face="Calibri">2) Download and Install Audacity <a title="http://www.audacityteam.org/download/" href="http://www.audacityteam.org/download/">http://www.audacityteam.org/download/</a> so we can combine, pitch change etc the files</font></pre><pre><font face="Calibri">3) If your the files you are converting is encoded into g729, you need an extra step and software, get it from <br>here: <a title="http://www.codecpro.com/LicenseG729.php" href="http://www.codecpro.com/LicenseG729.php">http://www.codecpro.com/LicenseG729.php</a> and extract the files (g729 steps and use here is for education </font></pre><pre><font face="Calibri">purposes only, you should normally buy a proper license) </font></pre><pre><font face="Calibri"></font> </pre>
<p><u>Steps</u></p>
<p><strong>Step 1</strong></p><pre><font face="Calibri">1) Place the mcf file into C:/tmp, now we shall extract the .mcf file using orekadecoder.exe, here’s how</font></pre><pre><font face="Calibri">In this example, i have two files, file1.mcf and file2.mcf. Let’s split out file1.mcf first:</font></pre><pre><font face="Calibri"></font> </pre><pre><font face="Calibri"><strong>File 1 – Splitout – a g729 encoded file</strong></font></pre><pre><a href="https://lh3.googleusercontent.com/-pN0D-2Qd0ok/VwzAfN3Ie5I/AAAAAAAADoc/1CF0KGRl2yM/s1600-h/image%25255B55%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-a-0595oyTKs/VwzAgOmDLPI/AAAAAAAADog/1vN0m6eNqWE/image_thumb%25255B29%25255D.png?imgmax=800" width="466" height="527"></a></pre><pre><font face="Calibri">and this created two files, like below</font></pre><pre><a href="https://lh3.googleusercontent.com/-KZTT1bYr1jA/VwzAgju7BpI/AAAAAAAADok/o79xw_JuV4o/s1600-h/image%25255B54%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-LWuSwJ2-0-Y/VwzAhGm5p2I/AAAAAAAADoo/nfaq9fAdkis/image_thumb%25255B28%25255D.png?imgmax=800" width="579" height="71"></a></pre><pre> </pre><pre><font face="Calibri"><strong>File 2 – Splitout – a ulaw encoded file, this file doesn’t need step 2, just go to step 3</strong></font></pre><pre><a href="https://lh3.googleusercontent.com/-3dzxUl015c4/VwzAhnQJI8I/AAAAAAAADos/NAeKIzrOggs/s1600-h/image%25255B56%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-U3Am7tPxJF0/VwzAioxudcI/AAAAAAAADow/vw6hQ9k7fGA/image_thumb%25255B30%25255D.png?imgmax=800" width="465" height="433"></a></pre><pre><font face="Calibri">The above files out1 and out2 basically mean the left and right channels. </font></pre><pre><font face="Calibri">If you notice the above sample, the file is actually decoded as g729, </font></pre><pre><font face="Calibri">so we need to decode that, as below</font></pre><pre><font face="Calibri"></font> </pre>
<p><strong>Step 2</strong></p><pre><font face="Calibri">Decode the file1.mcf.out1 and file1.mcf.out2 into </font></pre>
<p>Copy out the file cp_g729_decoder.exe downloaded from codecpro.com, if its another directory into <br>c:\tmp so its easier to work. Now, convert out1 and out2 like this</p>
<p> </p>
<p>Out1</p>
<p><a href="https://lh3.googleusercontent.com/-rQqjgzkC9JU/VwzAjfnwHZI/AAAAAAAADo0/_-PAOv3EwVY/s1600-h/image%25255B57%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-AiVAmigs4cA/VwzAkPs2kJI/AAAAAAAADo4/c6jx8NwykZ4/image_thumb%25255B31%25255D.png?imgmax=800" width="458" height="161"></a></p>
<p>Out2</p>
<p><a href="https://lh3.googleusercontent.com/-2UCU8m212ww/VwzAkj9ZrYI/AAAAAAAADo8/scruLsTCbAs/s1600-h/image%25255B58%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-_6m2QAswV9g/VwzAlZ2escI/AAAAAAAADpA/dDRR0n62XUc/image_thumb%25255B32%25255D.png?imgmax=800" width="463" height="178"></a></p>
<p>Now in that folder, you will end up with file1.out1.wav and file1.out2.wav, proceed to step 3. <br>For those not needed to decode using g729 decoder, you can simply use the .out1 and .out2 </p>
<p>files to import into audacity.</p>
<p> </p>
<p><strong>Step 3</strong></p>
<p>Import into audacity and combine left and right audio</p>
<p>First example, we will use the .wav files instead of the .out1 or out2 files (we start with the g729 files)</p>
<p> </p>
<p>g729 encoded file</p>
<p>Open Audacity, click on file, click on Import, then click on Raw Data, when prompted open the first file, <br>i.e. in this example file1.out1.wav, set the import parameters like shown below;</p>
<p><a href="https://lh3.googleusercontent.com/-RyktEKUtpkg/VwzAmEX5gAI/AAAAAAAADpE/3G49Rcp-xNU/s1600-h/image%25255B60%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-JgTUkxyBL4w/VwzAm8K9mgI/AAAAAAAADpI/DCUgXPNJ60g/image_thumb%25255B34%25255D.png?imgmax=800" width="234" height="251"></a></p>
<p>Repeat this step for file1.out2.wav</p>
<p>Now, you should get two channels shown in Audacity, like below</p>
<p><a href="https://lh3.googleusercontent.com/-sWUtHDkV5nw/VwzAnhX3iEI/AAAAAAAADpM/een5Yrexelg/s1600-h/image%25255B59%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-6mhMsTJhYtE/VwzAoXgJJEI/AAAAAAAADpQ/u8EO_9azwms/image_thumb%25255B33%25255D.png?imgmax=800" width="395" height="167"></a></p>
<p> </p>
<p>Now, since the conversion happened, the seem to be off, reduce the speed by 50%. Here’s how, click on Effect, </p>
<p>Change Speed Use the following setting</p>
<p><a href="https://lh3.googleusercontent.com/-0JxBwUfaJpE/VwzApFEw8nI/AAAAAAAADpU/ZsrXFnx_Bss/s1600-h/image%25255B61%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-8cinfeumTW4/VwzAp6McsJI/AAAAAAAADpY/VoQgq1aLnKA/image_thumb%25255B35%25255D.png?imgmax=800" width="390" height="273"></a></p>
<p>Note on the percentage, change it to –50 (minus 50) and that should be it, now save the file to any format you like.</p>
<p> </p>
<p>Non-g729 file</p>
<p>Now, for the ulaw file, we just need to import it directly into audacity with the same steps above except you </p>
<p>do not need to change the speed, it should work straight away.Remember, import as raw. </p>
<p>Remember, we set the Encoding according to the output as seen in step 1</p>
<p><a href="https://lh3.googleusercontent.com/-jqsTAtLMxms/VwzArbe6feI/AAAAAAAADpc/H1n-kXwG25c/s1600-h/image%25255B62%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-diNYSEEQsL4/VwzAr1f8vQI/AAAAAAAADpg/R-SM0cbu2lg/image_thumb%25255B36%25255D.png?imgmax=800" width="284" height="304"></a></p>
<p> </p>
<p>Then import the 2nd file as the other channel. </p>
<p>Note, you may not have audio in the 2nd file or the first file depending if its a mono recorded or stereo recorded channel. <br>Save the file to whatever format and you’re done.</p>
<p> </p>
<p>Cheers.</p><div class="blogger-post-footer">---http://highsecurity.blogspot.com---
---RSS http://feeds.feedburner.com/highsecurity---</div>JayWShttp://www.blogger.com/profile/04318296929423691109noreply@blogger.com0tag:blogger.com,1999:blog-7262335442574749724.post-10615761563096336672016-04-12T02:06:00.001+08:002016-04-12T02:08:17.641+08:00My first ever Webminar On Windows 10 Security<p>Check it out if you’ve got some time to kill.</p> <p><iframe height="315" src="https://channel9.msdn.com/Events/Windows-10-Webinar-Series/Webinar-4-Windows-10-security/Webinar-4-Windows-10-Security/player?format=html5" frameborder="0" width="560" allowfullscreen></iframe></p> <p>SRC: <a title="https://channel9.msdn.com/Events/Windows-10-Webinar-Series/Webinar-4-Windows-10-security" href="https://channel9.msdn.com/Events/Windows-10-Webinar-Series/Webinar-4-Windows-10-security">https://channel9.msdn.com/Events/Windows-10-Webinar-Series/Webinar-4-Windows-10-security</a></p> <p><strong>Snippet</strong></p> <p>We live in a new era of cyber threats. As employees work across multiple devices, data has never been more vulnerable. Windows 10 responds to the new ways people work: it helps you secure devices and data with sophisticated new tools. <p>We will introduce you to Microsoft Passport, which replaces passwords with strong, two-factor authentication that consists of an enrolled device and a Windows Hello (biometric) or PIN. And we will show you Device Guard, which prevents unauthorized applications from installing on your devices. <p>Another highlight is the latest version of BitLocker. Available with Windows Enterprise Software Assurance, BitLocker enables you to stop data being extracted from devices that are lost or stolen. <p>Speaker: Sanjay Stephen (Malaysia)<br>MVP in Security since 2009. He runs his own solutions implementation business. <div class="blogger-post-footer">---http://highsecurity.blogspot.com---
---RSS http://feeds.feedburner.com/highsecurity---</div>JayWShttp://www.blogger.com/profile/04318296929423691109noreply@blogger.com0tag:blogger.com,1999:blog-7262335442574749724.post-4680360539844108162016-03-05T01:48:00.001+08:002016-03-07T02:04:49.337+08:00Check script for FreePBX-Asterisk realtime and CDR for suspicious calls (Nagios compatible)<p><img src="http://www.chanakyadetective.com/images/services/software-investigation.png"><br><font size="1">image source:: </font><a title="http://www.chanakyadetective.com/software-investigation.html" href="http://www.chanakyadetective.com/software-investigation.html"><font size="1">http://www.chanakyadetective.com/software-investigation.html</font></a></p> <p>Here’s a simple script we wrote to check real-time calls and historical data of <em>n </em>minutes in CDR for suspicious activities based on a number pattern and length. We find this utmost useful especially when your servers are exposed to public to check against hack attempts, abuses or checking matching numbers to “catch” and report. The current action sends email, of course, you can build more functions as you please and run them at each EXIT code in the script appropriately doing stuff like seen in the script for sending email. You need the local mailer program, called <strong><em>mail</em></strong> to be able to send emails from CLI already for the email function to work, otherwise, it may just output via CLI.</p> <p>This script has been tested on Debian, FreePBX 2.11 and Asterisk 11. It should work on most regular platforms as well as distros. I’ve tested on Nagios Core, NagiosXI, Icinga, Icinga2.0.</p> <p>This script basically does the following;</p> <ul> <li>Its all bash, so should be quite compatible with many systems <li>It checks the CDR for <em>n</em> minutes of past records also set by flags <li>It checks asterisk current channels for external numbers only <li>It combines both results as a “total” value to evaluate with the given parameters <li>Uses filters based on the <em>dst</em> column on your CDR to match that you specify during execution (the parameters), this can be prefixes or whole numbers, and as many patterns as you want to check on a single run. <li>You can set the flag to check the prefix and the number of digits which is same or greater so that you won’t catch local calls, normally international calls have higher number of called digits, I.e. > 10 <li>To automatically check or do it almost real-time, you can use cron on your server locally (It can also work with Nagios too, however, this guide does not cover configuring on Nagios,you need to set the flag NAGIOSMODE=<strong>YES</strong>). If you set Nagiosmode, it will not independently send out email and instead your Nagios server will decide what to do according to what you’ve set it to. <li>Be sure to change <strong>NAGIOSMODE</strong>, <strong>SYSADMINEMAIL</strong>,<strong>EMAILSUBJECT</strong>,<strong>USER</strong>,<strong>PASS</strong> and if needed, db <strong>port</strong>,db <strong>database</strong> name,db <strong>table</strong> name, and db <strong>server </strong>& also location of your binaries (find them by typing <font face="Courier New">whereis asterisk</font> and <font face="Courier New">whereis mysql </font>and <font face="Courier New">whereis curl</font>) <li>In some distro (FreePBX distro) the MySQL has no password (yeah, i know!), so in this case, leave the PASS=”” will suffice.</li></ul> <p><u>Setup:</u></p> <li><font size="2"><font face="Courier New">cd /usr/local/bin/</font> </font> <li><font size="2" face="Courier New">wget </font><a title="http://www.orencloud.com/public/checkintl.sh" href="http://www.orencloud.com/public/checkintl.sh"><font size="2" face="Courier New">http://www.orencloud.com/public/checkintl.sh</font></a> <li><strong>Modify the parameters as described below and/or in the script</strong> <li>Make the script executable and test <font size="2" face="Courier New">(chmod +x /usr/local/bin/checkintl.sh) Test : /usr/local/bin/checkintl.sh --help</font> <li>You can run it like example below and/or put it up as a cronjob if you wish to automate checking (crontab –e), e.g. like this <font size="2" face="Courier New">*/15 * * * * /usr/local/bin/checkintl.sh -w 3 -c 10 -i 60 -p 00:6,900:6</font> <li>When adding complex scripts that call many functions be sure to test your cron output, here’s an easy way to see the output of cronjob in syslog (/var/log/syslog) by simply adding adding 2>&1 | /usr/bin/logger -i -t ASTIOSALERTS at the end of the script, like shown below <ul> <li><font size="2" face="Courier New">*/15 * * * * /usr/local/bin/checkintl.sh -w 3 -c 10 -i 60 -p 00:6,900:6 2>&1 | /usr/bin/logger –i -t ASTIOSALERTS</font></li></ul> <li>Then tailf your syslog to see the output, it should not throw errors but should show you outputs. <li>Above cronjob does the checks for every 15 minutes, 60 minutes of records from bottom of the CDR table and warns on 3, critical on 10 for pattern matching front digits 00, with length greater than or equals 6 numbers and for pattern 900 with length greater than or equals 6 numbers <li>Always test manually. You surely can run this manually and try to invoke the trigger by making <em>n </em>number of calls and you should get an email alert based on the email address you specified <li>This script requires a MySQL CDR for Asterisk (therefore making it perfect for use with FreePBX, out of the box) <li>Set these below before running the script <ul> <ul> <li>Be sure to set the following inside the script (edit it) <p>NAGIOSMODE="NO"<br>SYSADMINEMAIL=<a href="mailto:SOMEONE@SOMEWHERE.COM,SOMEONE2@SOMEWHERE2.COM">SOMEONE@SOMEWHERE.COM,SOMEONE2@SOMEWHERE2.COM</a> <br>EMAILSUBJECT="HOST $MYHOST INTERNATIONAL CALLS ALERT"<br>user="DBUSERNAME"<br>pass="DBPASSWORD"</p> <p>MYCURL=/usr/bin/curl<br>MYSQLBIN=/usr/bin/MySQL<br>MYAST=/usr/sbin/asterisk</p> <li>If using Nagios, just set the flag <font face="Courier New">NAGIOSMODE=YES</font> </li></ul></ul> <p><u>Run examples:</u></p> <p><strong><font size="2" face="Courier New">/usr/local/bin/checkintl.sh -w 3 -c 10 -i 60 -p 00:10,900:10</font></strong></p> <p>In the above example, it will</p> <p>-w 3 – Warn when both CDR and running channel defined patters is equal to or greater than 3</p> <p>-c 10 – Throw critical alert when both CDR and running channel defined patters is equal to or greater than 10</p> <p>-i 60 – Check CDR for a total time of 60 minutes (<strong>note, time on server needs to be accurate for this to work properly)</strong></p> <p>-p 00:6,900:6 – This means, check for pattern 00 and 900 in the dst fields. If it exist, check length of >= 6 digits at minimum on both cases, in this example</p> <p><u>Sample outputs</u></p> <p><a href="https://lh3.googleusercontent.com/-2QY_Tw82Dq4/VtnOH4TP8jI/AAAAAAAADlg/cd0n_3o3zYE/s1600-h/image%25255B2%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-_NLgUUMAkk8/VtnOIf87HrI/AAAAAAAADlk/DO7BiMl1pqY/image_thumb.png?imgmax=800" width="239" height="89"></a></p> <p>No calls/threshold not hit like above</p> <p> </p> <p><a href="https://lh3.googleusercontent.com/-FyyiicRk444/VtnOI562I8I/AAAAAAAADlo/eWSQEPay7OQ/s1600-h/image%25255B6%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-_GW7bRArCWQ/VtnOJqfc2oI/AAAAAAAADls/PHTbxlbuljc/image_thumb%25255B2%25255D.png?imgmax=800" width="758" height="57"></a></p> <p>With a warning out which sends email when NAGISOMODE=NO. Also, if critical , it will send out emails like above.</p> <p> </p> <p><a href="https://lh3.googleusercontent.com/-gOQA0CaNW3g/VtnOJ9IKNaI/AAAAAAAADlw/_N7yuMMN7ok/s1600-h/image%25255B9%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-LAZSIzx7Z_k/VtnOKhxOXlI/AAAAAAAADl0/TgI8_AUxj-k/image_thumb%25255B3%25255D.png?imgmax=800" width="201" height="30"></a></p> <p><a href="https://lh3.googleusercontent.com/-Io6--BObJOg/VtnOLMbsmqI/AAAAAAAADl4/JWOVIq0lB8s/s1600-h/image%25255B19%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-lEG6Qo2KgWY/VtnOLphWWBI/AAAAAAAADl8/YIUi-ACTTn0/image_thumb%25255B7%25255D.png?imgmax=800" width="757" height="23"></a></p> <p>In Nagios mode, it will show up just like this above in CLI and in Nagios itself, it will look like this</p> <p><a href="https://lh3.googleusercontent.com/-E91a6PDDjrY/VtxlttTUvBI/AAAAAAAADmU/k0CcPELS30E/s1600-h/image%25255B4%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-XjJTqcwy_MA/VtxluZGI6UI/AAAAAAAADmY/Zcam6bMtS4U/image_thumb%25255B2%25255D.png?imgmax=800" width="757" height="111"></a></p> <li> <p><u>Email </u></p> <p><a href="https://lh3.googleusercontent.com/-B9ETBUsWKLI/VtnOMAmd5oI/AAAAAAAADmA/IbXHRNRxMbM/s1600-h/image%25255B23%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-49qjjBfZmjU/VtnOM3-6idI/AAAAAAAADmE/fsi5IX6qcCU/image_thumb%25255B9%25255D.png?imgmax=800" width="758" height="64"></a></p> <p> </p> <p>As usual, do give us feedback if find bugs and/or improvements/suggestions. Do give it a try and comment please if you found something helpful for others to note on your findings. Thanks and happy weekend.</p> </li><div class="blogger-post-footer">---http://highsecurity.blogspot.com---
---RSS http://feeds.feedburner.com/highsecurity---</div>JayWShttp://www.blogger.com/profile/04318296929423691109noreply@blogger.com0tag:blogger.com,1999:blog-7262335442574749724.post-89307939663002366462016-02-28T01:06:00.001+08:002016-03-07T02:06:49.334+08:00Asterisk/FreePBX Call Duration Alerter – with Nagios compatibility<p><img src="http://www.freepbxhosting.com/wp-content/uploads/versionupgrade_700_300.png" width="483" height="207"><br><font size="1">image source: </font><a href="http://www.iconarchive.com/tag/process"><font size="1">www.iconarchive.com</font></a></p> <p> </p> <p>Hi all, hope 2016 has been good to you so far ..</p> <p>Here’s a little script that I did to list out and do any kinds of actions to calls (right now, echo output and email with a kill switch to kill offending calls) that exceed certain number of seconds and gathers all (or just one) of the calls and output in pretty Nagios output or sends you an email. It will also show some important information about that CHANNEL (call) so you can take necessary action.</p> <p>Purpose of this script is to perhaps check on your PBX call action, ensure there aren’t dead channels running around, track billing usage (you can program it to check against a pre-set DB against each channel to calculate rates vs balance in realtime) and many other things you can imagine.</p> <p><font size="4"><font size="3">You can download it here </font><a href="http://www.orencloud.com/public/checkduration.sh"><font size="3">www.orencloud.com/public/checkduration.sh</font></a> </font></p> <p>It supports Nagios return codes (NAGIOSMODE=YES) or sends email otherwise </p> <ul> <li>Set warning vs critical values <li>Runs in native Asterisk CLI, so it should be tech independent and fast as it uses pure channel variables <li>Put up in cron to check periodically <ul> <li>Something like this <font face="Courier New">*/2 * * * * /usr/local/bin/checkdur.sh -w 1800 -c 2400 2>&1 | /usr/bin/logger -i -t ASTIOSALERTS</font> <li>This above example will check every 2 minutes and output the result to /var/log/syslog (or similar) the result of the script in the tag ASTIOSALERT</li></ul> <li>Place as Nagios script to be executed by Nagios <li>Tested on CentOS/Debian6/7, Asterisk 11 and FreePBX 2.11 , FreePBX Distro <ul> <li>I believe it should work on almost all systems and variations</li></ul> <li>If you do have an improvement, do suggest. <li>There’s a kill channel switch, –k 1 where it will kill the “critical” time exceeding channel.</li></ul> <p>NOTE:</p> <ol> <li><strong>The output may produce duplicates as a full leg call can contain 2 or more channels. Look for the the first part of the UNIQUEID to identify dupes. </strong> <li><strong>This script may not run in some OS-es or environment so test it out first before going into production</strong></li></ol> <p>Place the script anywhere and ensure its executable, here’s how..</p> <p># <font face="Courier New">cd /usr/local/bin</font></p> <p>#<font face="Courier New">wget www.orencloud.com/public/checkduration.sh</font></p> <p>#<font face="Courier New">chmod +x /usr/local/bin/checkduration.sh</font></p> <p>Be sure to change <strong>bold highlighted </strong>values, edit the script</p> <p># <font face="Courier New">nano /usr/local/bin/checkduration.sh</font></p> <p><font face="Courier New">NAGIOSMODE="<strong>NO</strong>" <br>SYSADMINEMAIL=”<strong>your@email.com,yoursecond@email.com</strong>”<br>EMAILSUBJECT="<strong>DURATION OF CALLS ALERT</strong>"</font></p> <p>MYAST=<strong>/usr/sbin/asterisk #change this if its not there.</strong></p> <p>Test like this, also be sure you can send emails already using “mail”. Setup your local relay, etc..</p> <p>#<font face="Courier New">/usr/local/bin/checkduration.sh -w 60 -c 90 [-k 1] </font></p> <p>Where, 60,90 are seconds for alert warning and critical respectively. Make some test calls and check the script output in action. –k 1 switch kills that channel when time exceeds “critical” only.</p> <p>Output looks like this on a typical Asterisk system </p> <p><font size="2" face="Courier New">CRITICAL: DURATION:00:03:00,UID:1456644553.8923051,LEG_A:0123456789,LEG_B:6054,APP:Dial<br>CRITICAL: DURATION:00:03:50,UID:1456644503.8923013,LEG_A:0123456689,LEG_B:11000,APP:Queue<br>CRITICAL: DURATION:00:02:43,UID:1456644570.8923060,LEG_A:1004,LEG_B:s,APP:AppDial<br>CRITICAL: DURATION:00:02:01,UID:1456644612.8923082,LEG_A:035554442,LEG_B:11000,APP:Queue<br>CRITICAL: DURATION:00:03:02,UID:1456644551.8923049,LEG_A:3546,LEG_B:s,APP:AppDial<br>CRITICAL: DURATION:00:02:04,UID:1456644609.8923076,LEG_A:78787988,LEG_B:6002,APP:AppQueue<br>CRITICAL: DURATION:00:02:04,UID:1456644609.8923077,LEG_A:0123456780,LEG_B:6001,APP:Dial</font></p> <p>In Nagios</p> <p><a href="https://lh3.googleusercontent.com/-wOH4xoK3mMU/VtxwMO_bAJI/AAAAAAAADmo/egFtxMNsqkw/s1600-h/image%25255B3%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-czvkHRf9lCc/VtxwM0eEoHI/AAAAAAAADms/G2kUp0ut-cU/image_thumb%25255B1%25255D.png?imgmax=800" width="710" height="48"></a></p> <p>In Email</p> <p><a href="https://lh3.googleusercontent.com/-swv5k-jusXw/VtxwNiLVJRI/AAAAAAAADmw/vWZ_1ghVLv4/s1600-h/image%25255B13%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="https://lh3.googleusercontent.com/-ohB4sWRbjx8/VtxwPbgowRI/AAAAAAAADm0/kdaBDTCA-8A/image_thumb%25255B7%25255D.png?imgmax=800" width="629" height="239"></a></p><div class="blogger-post-footer">---http://highsecurity.blogspot.com---
---RSS http://feeds.feedburner.com/highsecurity---</div>JayWShttp://www.blogger.com/profile/04318296929423691109noreply@blogger.com0tag:blogger.com,1999:blog-7262335442574749724.post-15168991082945493242015-12-04T17:28:00.003+08:002016-05-27T00:46:08.543+08:00Opening multiple ports on Microsoft Azure (e.g. for an Asterisk deployment)<div class="separator" style="text-align: center; clear: both"><a style="margin-left: 1em; margin-right: 1em" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgS4KOV-C1gDGuDVvpEAA4RKZtyYXkvLtZH2qkAFcEi4lIanVFnTDyJbq_khNUPZZNnOZVX0Q15El_2A16j5bihMLX12N4schTQ6gwMvCy0p47M28kWYNxeuKlw_TY6Bryxjx81QUgCNmyE/s1600/azure-asterisk.png" imageanchor="1"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgS4KOV-C1gDGuDVvpEAA4RKZtyYXkvLtZH2qkAFcEi4lIanVFnTDyJbq_khNUPZZNnOZVX0Q15El_2A16j5bihMLX12N4schTQ6gwMvCy0p47M28kWYNxeuKlw_TY6Bryxjx81QUgCNmyE/s1600/azure-asterisk.png"></a></div> <div><br></div> <div style="text-align: center"><b>http://azurespeaks.azurewebsites.net/</b></div> <div style="text-align: center"> </div> <p>If you publish an Asterisk servers on Azure, you might find it a daunting task to open multiple ports (called endpoints) on Azure, the task is simply slow if you use the web (portal or the old one). And we RTP folks, need a lot of ports to get a single call going (at least 3 ports required)<br><br>So, let's say you're gonna create a default Asterisk installation and open the usual ports such as;<br><br>IAX2- UDP4569<br>SIP - UDP5060<br>RTP-UDP10000 to UDP20000 (in this article, i only needed 100 ports)<br><br>Here's how you can open all those ports in under 10 minutes.<br><br>1) Download and install the Azure Powershell extensions.<br>https://github.com/Azure/azure-powershell/releases/download/v1.0.1-November2015/azure-powershell.1.0.1.msi<br><br>2) Start it up - it should be called Windows Azure Powershell (this is not the usual powershell, it must read Azure Powershell). You may need to run this as admin.<br><br>3) Once in there,<span style="font-family: "courier new" , "courier" , monospace"> copy paste </span>the following (modify where applicable)<br><br><i>Task inside powershell (copy paste will do)</i><br>1) Add an azure account (this will launch the authentication windows, do your thing and authenticate)<br><span style="font-family: "courier new" , "courier" , monospace"><br></span><span style="font-family: "courier new" , "courier" , monospace">Add-AzureAccount</span><br><br>2) Now, declare which subscription this VM is tied to (My subscription is called Visual Studio Premium with MSDN)<br><br><span style="font-family: "courier new" , "courier" , monospace">Select-AzureSubscription -SubscriptionName "<b>Visual Studio Premium with MSDN</b>"</span><br><br><span style="font-family: inherit">3) Declare the name of the VM you wish to setup</span><br><span style="font-family: "courier new" , "courier" , monospace">$vm = Get-AzureVM -ServiceName <b>myazurebox </b>-Name </span><span style="font-family: "courier new" , "courier" , monospace"><b>myazurebox</b></span><span style="font-family: "courier new" , "courier" , monospace">;</span><br><br>NOTE: ServiceName is the cloud service, if it is not part of a cloud service, just enter the actual VM name, repeat that in NAME variable like above. If you get certificates errors at this point run this;</p> <p><font face="Courier New">$vm | Update-AzureVM</font></p> <p>You would need to rerun from step 1. This command also clears everything incase you messed up and want to restart.<br><br>4) Add for IAX2<br><span style="font-family: "courier new" , "courier" , monospace">$VM | Add-AzureEndpoint -Name <b>IAX2 UDP </b>-LocalPort <b>4569 </b>-PublicPort <b>4569</b></span><br><br>5) Add for SIP (UDP)<br><span style="font-family: "courier new" , "courier" , monospace">$VM | Add-AzureEndpoint -Name <b>SIPUDP</b> <b>UDP </b>-LocalPort <b>5060 </b>-PublicPort <b>5060 </b></span><br><span style="font-family: "courier new" , "courier" , monospace"><br></span>Add for SIP TCP (if using)<br><span style="font-family: "courier new" , "courier" , monospace">$VM | Add-AzureEndpoint -Name <b>SIPTCP TCP </b>-LocalPort <b>5060 </b>-PublicPort <b>5060</b></span><br><span style="font-family: "courier new" , "courier" , monospace"><br></span>6) Add for RTP<br>Now, since RTP is a bunch of ports that needed to be opened, in a default setup would be 10000 to 20000, you can do a loop and add them like this; Note, you can only open up to 150 ports at a time, apparently. So add more into the loop if needed.<br><br><span style="font-family: "courier new" , "courier" , monospace"><b>10000</b>..<b>10100</b>| ForEach { $VM | Add-AzureEndpoint -Name RTP$_ -Protocol UDP -LocalPort $_ -PublicPort $_} ; $vm | Update-AzureVM</span><br><br>This will add ports 10000 to 10100, name them RTP10000...and so on with UDP as the protocol. You don't really need that many RTP ports opened on Asterisk unless you have a ridiculous amount of concurrency on SIP. Otherwise, you don't really need that many ports opened.<br><br>Guides: http://www.asteriskdocs.org/en/2nd_Edition/asterisk-book-html-chunk/asterisk-APP-D-SECT-37.html<br><br>Freepbx: Use the GUI, look under Settings | Asterisk Sip Settings, look for RTP port range. *You might need to restart Asterisk.<br><br>7) Finally, update the VM (this is when you will see the changes on Azure's web management portals)<br><br><span style="font-family: "courier new" , "courier" , monospace">$vm | Update-AzureVM</span><br><br>And you're done!</p><div class="blogger-post-footer">---http://highsecurity.blogspot.com---
---RSS http://feeds.feedburner.com/highsecurity---</div>JayWShttp://www.blogger.com/profile/04318296929423691109noreply@blogger.com0tag:blogger.com,1999:blog-7262335442574749724.post-66959409296777350952015-11-15T13:19:00.001+08:002015-11-15T13:21:38.793+08:00Apple MacBook 2015 Bootcamp/Drivers<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjADGKHqdQ2wrRIUjBwRJbKq9Ast_sJdqO4JMLKRXNVu4Mo81B0WpMXOLmAd1_o3CKeFvDVJneAy19efXT5RiIzrZsfbGXfkkmmGAaw5vwvvGIFB6Mp4EmeYrg0hlCQLZqaEp74D8Iyqyyr/s1600/images.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjADGKHqdQ2wrRIUjBwRJbKq9Ast_sJdqO4JMLKRXNVu4Mo81B0WpMXOLmAd1_o3CKeFvDVJneAy19efXT5RiIzrZsfbGXfkkmmGAaw5vwvvGIFB6Mp4EmeYrg0hlCQLZqaEp74D8Iyqyyr/s1600/images.jpg" /></a></div>
<div style="text-align: center;">
<span style="font-size: xx-small;">Image from www.apple.com</span></div>
<br />
If you were in my position that you had to have some drivers and couldn't find them cause you wiped out the OSX partition etc and there's literally nothing on Apple's website to point you to a way to independently download drivers, well, here they are;<br />
<br />
Download Apple Bootcamp 6.0 for MacBook Pro 2015 here:<br />
<a href="https://goo.gl/yZjHvp">https://goo.gl/yZjHvp</a> (approximately 1.44GB)<br />
<br />
Until Apple makes their bootcamp software and drivers public, here's all of it.<br />
<br />
This particular set is for the MBP Retina early 2015 edition. (Mine had the AMD Radeon graphics card).<br />
<br />
I do not have any rights to these, nor claiming any rights, its from Apple and is only posted here for people's convenience.<br />
<br />
All files scanned with Norton Internet Security 2015 edition with latest signatures as of 15Nov2015.<br />
<br />
Have fun and all credit for drivers/software to Apple Inc.<br />
<br />
Thanks<br />
<br />
<br /><div class="blogger-post-footer">---http://highsecurity.blogspot.com---
---RSS http://feeds.feedburner.com/highsecurity---</div>JayWShttp://www.blogger.com/profile/04318296929423691109noreply@blogger.com0tag:blogger.com,1999:blog-7262335442574749724.post-45435673860576310862015-01-29T01:16:00.001+08:002015-01-29T01:59:22.809+08:00GHOST Vulnerability check and fix for Debian 6 or 7<p>More info on the GHOST vulnerability by <a href="https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability">Qualys</a> | More from debian’s security tracker <a href="https://security-tracker.debian.org/tracker/CVE-2015-0235">here</a> <p>IMPORTANT <ul> <li><strong>USETHIS GUIDE AT YOUR OWN RISK, we are not responsible for any broken apps/programs etc etc.</strong> <li><strong>We do not know the extent of the vulnerability/fixes this is from best knowledge and effort, you are advised to research of your own too and not completely rely on these below. Some of these methods are also described in many online articles, i put them together mainly for our customers and people using Deb6/7.</strong> <li><strong>This article is to be done/performed by those who have sufficient knowledge in these apps/software</strong> <li><strong>Please read more articles and follow online security resources for updates should there be any.</strong></li></ul> <p>Check for vulnerability against GHOST by running the following</p> <p>1) <font face="Courier New">wget </font><a href="http://goo.gl/MgtleY"><font face="Courier New">http://goo.gl/MgtleY</font></a><font face="Courier New"> --no-check-certificate -O gistfile1.c</font><br>2) <font face="Courier New">gcc gistfile1.c -o GCHECKER<br></font>3) <font face="Courier New">./GCHECKER</font></p>To check which services/software that’s probably vulnerable (for restarting affected services, instead of rebooting) <br>1) <font face="Courier New">lsof | grep libc | awk '{print $1}' | sort | uniq</font> <h3> </h3> <h3>Fix for Debian 6 Squeeze</h3> <p>1) Add the following repos into /etc/apt/sources.list (Add them at the end is fine)<br><font face="Courier New">deb </font><a href="http://http.debian.net/debian/"><font face="Courier New">http://http.debian.net/debian/</font></a><font face="Courier New"> squeeze-lts main contrib non-free<br>deb-src </font><a href="http://http.debian.net/debian/"><font face="Courier New">http://http.debian.net/debian/</font></a><font face="Courier New"> squeeze-lts main contrib non-free</font> <p>2) <font face="Courier New">apt-get update</font> <p>3) <font face="Courier New">apt-get install libc6</font> <p>4) Reboot (i didn’t have to reboot, some do say to reboot, some say just restart services that use glibc/libc6) <p>5) Check again as shown above to verify. <h3>Fix for Debian 7 Wheezy</h3> <p>1) <font face="Courier New">apt-get update</font></p> <p>2) <font face="Courier New">apt-get install libc6</font></p> <p>3) Reboot (i didn’t have to reboot, some do say to reboot, some say just restart services that use glibc/libc6)</p> <p>4) Check again as shown above to verify.</p> <p><br>All the best and do advice if you find problems or suggestions to improve this guide above. </p> <p>Thanks!</p> <div class="blogger-post-footer">---http://highsecurity.blogspot.com---
---RSS http://feeds.feedburner.com/highsecurity---</div>JayWShttp://www.blogger.com/profile/04318296929423691109noreply@blogger.com0tag:blogger.com,1999:blog-7262335442574749724.post-38211929257324443002014-12-13T16:15:00.001+08:002014-12-13T16:16:51.270+08:00Google Voice/Google Talk no audio behind a NATted Asterisk Server<p>Thought i’d quickly write this for those having no audio issues with Gtalk.</p> <p>First, follow the guide <a href="https://wiki.asterisk.org/wiki/display/AST/Calling+using+Google">here</a> to get it setup properly. Remember to have the DTMF(1) in your dialplan before executing into the actual internal dialplan per the document referred to earlier.</p> <p>The issue is the headers that are sent out to google contain your internal IP (since you’re NATting), so you need a helper per-se otherwise the RTP is discarded. The solution is simple, use a stun server.</p> <p>For FreePBX users, edit the /etc/asterisk/rtp_custom.conf, rest of you, simply edit the /etc/asterisk/rtp.conf in general section</p> <p>Add the following line in bold, here i am using Google’s Stun server.</p> <p>icesupport=yes<br><strong>stunaddr=stun.l.google.com:19302</strong> <p>PS> Ice support must already be there, anyway… <p>And you should get two way audio without an issue. <p>Have a great weekend.</p> <div class="blogger-post-footer">---http://highsecurity.blogspot.com---
---RSS http://feeds.feedburner.com/highsecurity---</div>JayWShttp://www.blogger.com/profile/04318296929423691109noreply@blogger.com0tag:blogger.com,1999:blog-7262335442574749724.post-26137690342243151072014-12-03T23:40:00.001+08:002014-12-03T23:48:46.077+08:00FreePBX Device User Mode – “User” password change using touchtone keypad (or a feature code)<p>One client requested this as his entire office of 200 users use the Device User mode of FreePBX 2.11. This office is also a hybrid office use and call center of up to 20 agents. <br>With this feature, users can dial a code and change whenever they want. </p> <p>Firstly, you need to have the following in your setup:</p> <p>- FreePBX 2.9 or higher (i used 2.11)<br>- Asterisk 1.6 or higher (i used 11.x)</p> <p>This dialplan is intended to be used with FreePBX since it uses MySQL to write most of its configs in. This dialplan changes stuff in MySQL directly with the Asterisk’s MYSQL app. Follow as guided and you will get this running in no time.</p> <p>Steps in short:</p> <p>1) Create a low privilege user in MySQL<br>2) Put up a custom code dialplan<br>3) Enable the custom dialplan code in FreePBX</p> <h3>1) Create low privilege user in MySQL</h3> <p>Since we want this low priv user to only query and write to very little table fields, we give it that much permission</p> <p>a) Log into MySQL, login as root with the password you’ve previously set, <br><strong>NOTE: If you have trouble running these commands, be sure to check using single quotes and double quote per the guide. If something other than that appear when pasting, change accordingly.</strong></p> <p><font face="Courier New">#mysql –u root –p</font><br><br>When inside MySQL, copy paste the following; and this guide creates a user called “<strong>pwdmgr</strong>” with password “<strong>letmeinbaby</strong>”</p> <p><font face="Courier New">CREATE USER ‘<strong>pwdmgr’</strong>@localhost IDENTIFIED BY “<strong>letmeinbaby</strong>”;<br>GRANT SELECT (extension) ON asterisk.users TO <strong>pwdmgr</strong>@localhost;<br>GRANT SELECT,UPDATE (password) ON asterisk.users TO <strong>pwdmgr</strong>@localhost;<br>FLUSH PRIVILEGES;</font></p> <h3>2) Paste the following dialplan into extensions_custom.conf<br></h3> <p><font size="2" face="Courier New">[macro-change-loginpw]<br>exten => s,1,Answer()<br> same => n,NoOp(User password changing app)<br> same => n,ExecIf($["${AMPUSER}" = ""]?Hangup(16))<br> same => n,Set(DEVICETYPE=${DB(DEVICE/${AMPUSER}/type)})<br> same => n,ExecIf($["${DEVICETYPE}" = "fixed"]?Hangup(16))<br> same => n,Set(CURRENTPW=${DB(AMPUSER/${AMPUSER}/password)})<br> same => n,Authenticate(${CURRENTPW})<br> same => n,Read(NEWPASS,vm-newpassword)<br> same => n,Set(DB(AMPUSER/${AMPUSER}/password)=${NEWPASS})<br> same => n,MYSQL(Connect connid localhost <strong>pwdmgr</strong> <strong>letmeinbaby</strong> asterisk)<br> same => n,MYSQL(Query resultid ${connid} UPDATE users set password='${NEWPASS}' WHERE extension='${AMPUSER}')<br> same => n,MYSQL(Disconnect ${connid})<br> same => n,PlayBack(your&vm-password&has-been-changed-to)<br> same => n,SayDigits(${NEWPASS})<br> same => n,Hangup(16)</font><br><br>Save and exit!. <h3>3) Set it up in FreePBX to invoke that custom macro you did above using feature code like dialing</h3> <p><br>Go to FreePBX, select Admin, then select Custom Extensions, add like below<br>Custom Destination=macro-change-loginpw,s,1<br>Description: AnythingYouLike<br><a href="http://lh6.ggpht.com/-qTl-dFTp1Wo/VH8w1d95WxI/AAAAAAAADiU/lNP4fuST1_g/s1600-h/image%25255B6%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; border-bottom: 0px; border-left: 0px; display: inline" border="0" alt="image" src="http://lh3.ggpht.com/-B2hosAkJwXg/VH8w1x18qnI/AAAAAAAADic/JB_qwZKMVVo/image_thumb%25255B2%25255D.png?imgmax=800" width="244" height="168"></a> <br> <p>Then click on Submit Changes <p>Next, go to Applications, select Misc Application, do like below <p>Description=Anything you like<br>Feature Code: Any code not conflicting with current FeatureCodes, e.g. *15 is not really used in a Standard FreePBX setup<br>Status: Enabled (you can disable this in FreePBX)<br>Destination: The Custom Destination you created just now. <p><a href="http://lh4.ggpht.com/-f8QR4-Vcuv8/VH8w2si2imI/AAAAAAAADik/JFo-Mrnf-W8/s1600-h/image%25255B3%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; border-bottom: 0px; border-left: 0px; display: inline" border="0" alt="image" src="http://lh6.ggpht.com/-XIR76rvM8O0/VH8w3IlGvsI/AAAAAAAADis/ycYexv32FgA/image_thumb%25255B1%25255D.png?imgmax=800" width="244" height="230"></a> <p>Click Submit Changes, now click the Apply Conf button. <p> <p>All done, now go ahead and try it out for yourself, dial <strong>*15 on a logged on user. You can also hack the dialplan to ask for username in case you want to change for non-logged on user.</strong> <p>As usual, do suggest improvements and report bugs.</p> <div class="blogger-post-footer">---http://highsecurity.blogspot.com---
---RSS http://feeds.feedburner.com/highsecurity---</div>JayWShttp://www.blogger.com/profile/04318296929423691109noreply@blogger.com0tag:blogger.com,1999:blog-7262335442574749724.post-3933432298398489622014-11-13T00:51:00.001+08:002014-12-03T18:19:07.549+08:00Setting up DHCP in a clustered (heartbeat) for Debian users<p>Some may want to do this in case you use a HA setup and where DHCP is required to be in HA too. Doing it via heartbeat isn’t good as it doesn’t keep track of IPs already issued and can cause long delays in providing IPs to clients should a failover/failback occur. <p>For document purpose we will assume the following, please take note and document the IPs as match below in the config files <ul> <li>Primary IP 10.10.10.1 <li>Secondary IP 10.10.10.2 <li>IP range offered to dhcp clients = from 10.10.10.20 to 10.10.10.250 <li>Netmask 255.255.255.0 (class B) <li>Gateway is 10.10.10.254 <li>NTP is referred to own servers and if you run NTP on the respective servers <li>Be sure if there’s a firewall to allow these servers to communicate per port 647 tcp/udp <li>Monitor the activities in /var/log/syslog <li>This config does NOT handle TFTP options, see add tftp manually if you need</li></ul> <p> <strong>1) First, install DHCP (</strong><a name="OLE_LINK3"></a><a name="OLE_LINK2"></a><a name="OLE_LINK1"><strong>on both servers</strong></a><strong>)</strong></p> <p><font face="Courier New">#apt-get install isc-dhcp-server</font> <p><strong>2) </strong><strong>Setup rndc key, paste the single liner like below </strong><a name="OLE_LINK4"><strong>(</strong></a><strong>on both servers)</strong> <br><font face="Courier New">#echo randomdh | base64 <br></font><font face="Arial">NOTE: Change, “randomdh” to anything you want. The above command should give you an output like this “cmFuZG9tZGgK”. Use this key where applicable, like below; Then paste it into relevant files like shown below;<br><br></font><font face="Courier New">#nano /etc/rndc.key</font><a name="OLE_LINK8"></a><a name="OLE_LINK7"></a><a name="OLE_LINK6"></a> <p><font face="Courier New">cmFuZG9tZGgK</font> <p><strong>3) Edit the dhcp defaults and ensure that the DHCP is only offering DHCP via the required interface, and in most cases may be eth0, locate work INTERFACES and add accordingly </strong><a name="OLE_LINK11"></a><a name="OLE_LINK10"></a><a name="OLE_LINK9"><strong>(</strong></a><strong>on both servers)</strong> <p>#nano /etc/default/isc-dhcp-server <p>INTERFACES="eth0" <p><strong>4) Edit the DHCPD config file as per below, change items accordingly (on master only)</strong> <br><br><font face="Courier New">#nano /etc/dhcp/dhcpd.conf<br><br>authoritative;<br>option domain-name "customername.internal";<br>option domain-name-servers 10.10.10.1,10.10.10.2;</font> <p><font face="Courier New">key rndckey {<br>algorithm hmac-md5;<br>secret "cmFuZG9tZGgK";<br>}</font> </p> <p> <p><font face="Courier New">failover peer "failover" {<br>primary;<br>address 10.10.10.1;<br>port 647;<br>peer address 10.10.10.2;<br>peer port 647;<br>max-response-delay 60;<br>max-unacked-updates 10;<br>mclt 3600;<br>split 128;<br>load balance max seconds 3;<br>}</font> <p><font face="Courier New">subnet 10.10.10.0 netmask 255.255.255.0<br>{<br>pool {<br>failover peer "failover";<br>range 10.10.10.20 10.10.10.250;<br>option dhcp-server-identifier 10.10.10.1;<br>option subnet-mask 255.255.255.0;<br>option broadcast-address 10.10.10.255;<br>default-lease-time 43200;<br>max-lease-time 43200;<br>option routers 10.10.10.254;<br>deny dynamic bootp clients;<br>option ntp-servers 10.10.10.1;<br>}<br>allow unknown-clients;<br>ignore client-updates;<br>}</font> <p><strong>5) Restart DHCP (on master only)</strong><br>#/etc/init.d/isc-dhcp-server restart <p><strong>6) Edit the DHCPD config file as per below, change items in red </strong><a name="OLE_LINK18"></a><a name="OLE_LINK17"><strong>(</strong></a><strong>on slave only)<br></strong><br><a name="OLE_LINK15"></a><a name="OLE_LINK14"><font color="#000000">#nano /etc/dhcp/dhcpd.conf</font></a> <p><font face="Courier New">authoritative;<br>option domain-name "customername.internal";<br>option domain-name-servers 10.10.10.2,10.10.10.1;</font> <p><font face="Courier New">key rndckey {<br>algorithm hmac-md5;<br>secret "</font><a name="OLE_LINK25"></a><font face="Courier New">mydhcprndckey2014";<br>}</font> <p><font face="Courier New">failover peer "failover" {<br>secondary;<br>address 10.10.10.2;<br>port 647;<br>peer address 10.10.10.1;<br>peer port 647;<br>max-response-delay 60;<br>max-unacked-updates 10;<br>mclt 3600;<br>load balance max seconds 3;<br>}</font> <p><font face="Courier New">subnet 10.10.10.0 netmask 255.255.255.0<br>{<br>pool {<br>failover peer "failover";<br>range </font><a name="OLE_LINK23"></a><a name="OLE_LINK22"></a><a name="OLE_LINK21"><font face="Courier New">10.10.10.20 10.10.10.250</font></a><font face="Courier New">;<br>option dhcp-server-identifier 10.10.10.2<br>option subnet-mask 255.255.255.0;<br>option broadcast-address 10.10.10.255;<br>default-lease-time 43200;<br>max-lease-time 43200;<br>option routers 10.10.10.254;<br>deny dynamic bootp clients;<br>option ntp-servers 10.10.10.2;<br>}</font> <p><font face="Courier New">allow unknown-clients;<br>ignore client-updates;<br>}</font> <p><strong>7</strong><a name="OLE_LINK19"><font color="#000000"><strong>) Restart DHCP (</strong></font></a><strong>on slave only)</strong><br><font face="Courier New">#/etc/init.d/isc-dhcp-server restart</font></p> <div class="blogger-post-footer">---http://highsecurity.blogspot.com---
---RSS http://feeds.feedburner.com/highsecurity---</div>JayWShttp://www.blogger.com/profile/04318296929423691109noreply@blogger.com0tag:blogger.com,1999:blog-7262335442574749724.post-13538897409292092402014-10-21T03:07:00.001+08:002014-10-23T11:22:37.830+08:00POODLE SSLv3 Vulnerabilities Fixes on Debian/pfSense for common widely used apps<p>Systems or apps that enabled SSLv3 is vulnerable and the <strong>only way currently</strong> <strong>is to disable SSLv3</strong> in various software, applications. Whenever you see any cert that says Version V3, it is vulnerable and must be disabled until further notice.<br>Ref: <a title="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566">CVE-2014-3566</a><br><br>IMPORTANT</p> <ul> <li><strong>USETHIS GUIDE AT YOUR OWN RISK, i am not responsible for any broken apps/programs etc etc. </strong> <li><strong>We do not know the extent of the vulnerability/fixes this is from best knowledge and effort, you are advised to research of your own too and not completely rely on these below. These methods are also described in many many online articles, i put them together mainly for our customers and people using Deb6/7.</strong> <li><strong>This article is to be done/performed by those who have sufficient knowledge in these apps/software</strong> <li><strong>Please read more articles and follow online security resources for updates should there be any. </strong> <li><strong>Until a patch is released, customers are advised to simply disable SSLv3 as part of an enforced or fallback method for providing encryption. </strong></li></ul> <p>Software that we use/distribute</p> <p>1) Apache<br>2) Asterisk<br>3) Nagios (and related software)<br>4) pfSense and related software (e.g. OpenVPN)<br>5) Other related software</p> <p>There are many guides out there and (i’ve) we have copied some of them for the ease of our clients</p> <h2>Apache fix</h2> <p>#nano /etc/apache2/mods-available/ssl.conf<br>Locate the value SSLProtocol, if it doesn’t exist, add exactly as below within the </ifmodule> tag<br>SLProtocol all -SSLv2 –SSLv3<br>if exist in that file, change as below<br>SLProtocol all -SSLv2 to <strong>SLProtocol all -SSLv2 –SSLv3</strong></p> <p>Restart apache<br>#/etc/init.d/apache2 restart</p> <p>A simple test for apache would be to run<br>#openssl s_client -ssl3 -connect localhost:443</p> <p>It should throw an error like handshake failure, that’s good!, SSLv3 is disabled on Apache!</p> <h2>Asterisk fix</h2> <p>Read stuff here: <a title="http://downloads.asterisk.org/pub/security/AST-2014-011.html" href="http://downloads.asterisk.org/pub/security/AST-2014-011.html">http://downloads.asterisk.org/pub/security/AST-2014-011.html</a></p> <p><u>For Asterisk 11</u></p> <p>Go to your Asterisk 11 source directory<br>#cd /usr/src/asterisk-11…..<br>If don't exist, just download from <a title="http://downloads.asterisk.org/pub/telephony/asterisk/" href="http://downloads.asterisk.org/pub/telephony/asterisk/">http://downloads.asterisk.org/pub/telephony/asterisk/</a>. NOTE: Asterisk 11.13.1 fixes this so you don’t have to patch as below if you are redownloading.<br>#wget <a href="http://downloads.asterisk.org/pub/security/AST-2014-011-11.diff">http://downloads.asterisk.org/pub/security/AST-2014-011-11.diff</a><br>#patch –p0 < AST-2014-011-11.diff<br><br>For recent installs (2013 onwards):<br>#make clean && ./configure --with-crypto --with-ssl --with-srtp=/usr/local/lib --prefix=/usr<br>#make && make install</p> <p>Older Installs simply run (Skip if the above worked!)<br>#make clean && ./configure</p> <p><u>For Asterisk 1.8</u></p> <p>Go to your Asterisk 1.8 source directory<br>#cd /usr/src/asterisk-1.8…..<br>If don't exist, just download from <a title="http://downloads.asterisk.org/pub/telephony/asterisk/" href="http://downloads.asterisk.org/pub/telephony/asterisk/">http://downloads.asterisk.org/pub/telephony/asterisk/</a>. NOTE: Asterisk 1.8.31.1 fixes this, so you don’t have to patch as below if you are redownloading<br>#wget <a title="http://downloads.asterisk.org/pub/security/AST-2014-011-1.8.diff" href="http://downloads.asterisk.org/pub/security/AST-2014-011-1.8.diff">http://downloads.asterisk.org/pub/security/AST-2014-011-1.8.diff</a><br>#patch –p0 < AST-2014-011-1.8.diff<br>#make clean && ./configure --with-crypto --with-ssl --with-srtp=/usr/local/lib --prefix=/usr<br><br>Older Installs simply run (Skip if the above worked!)<br>#make clean && ./configure</p> <p>#make && make install<br><br>For both 1.8 and 11, restart Asterisk (FreePBX users!)<br>#amportal kill<br>#amportal start</p> <h2>Nagios fix</h2> <p>[Nagios info contributor: Anthony [at..]] Astiostech.com<br>Nagios itself as a monitoring system doesn't use SSL in the monitoring core itself. With the <b>POODLE SSLv3 Vulnerabilities</b> in mind, so far Nagios itself is not vulnerable to the issue as the following explains. <p><u>Nagios Console (Monitoring Core)</u> <p>Nagios Core monitoring engine doesnt use SSL in itself. It is only used by the Nagios Web Console or any Nagios Web Configuration Editor. These web consoles are very dependant on the running HTTP server in the system. Therefore the POODLE vulnerabilities on the CORE Nagios should be properly handled by the HTTP server itself. <p><u>Nagios NRPE</u> <p>SSL option in <b>NRPE </b>is used to encrypt the monitoring data. When this is switched on Nagios <b>NRPE</b> encrypts the data between the Nagios Core and the remote server. According to the file '<b>src/nrpe.c</b>' line <b>256</b>, since <b>January 19th 2004</b>, by default <b>SSLv3 </b>and <b>SSLv2 </b>has been disabled in <b>NRPE </b>and only <b>TLS</b> protocols are used. Therefore it is considered safe if the SSL is enabled in the <b>NRPE </b>agent. <p><u>Nagios NDO2DB</u> <p>SSL option in <b>NDO2DB </b>is used to encrypt the received monitoring data from Nagios. When this is switched on Nagios <b>NDO2DB</b> encrypts the data between the Nagios Core and the <b>NDO2DB</b>server. According to the file '<b>src/ndo2db.c</b>' in line <b>167</b>, since <b>January 19th 2004</b>, by default <b>SSLv3 </b>and <b>SSLv2 </b>has been disabled in <b>ndo2db </b>and only <b>TLS </b>protocols are used. Therefore it is <h2>pfSense fix</h2> <p><u>The webserver</u></p> <p>Go into the shell of pfsense, and run<br>#openssl s_client -connect localhost:443 -ssl3<br>If you see a value other than NONE in the cipher then its vulnerable and must be fixed.</p> <p>Using the WebUI, we will download and install the system patch manager<br>1) Goto System, go to Packages, click on Available Packages<br>2) Locate System Patches and add it/install it<br>3) Go back to System, click on Patches<br>4) Click on + to add new patch<br>5) If using 2.2x, enter this “5ff7f58e5903cca4f99edd20f9db402163527fd6” without quotes as the commit ID<br>6) If using 2.1x, enter “29be59ad8ed25830f4e50a89977aca53ad8a29f4” without quotes as the commit ID<br>7) Click on Save, then it will bring you out to the main page, click on Fetch. Wait for it to complete. Now, you should see the word test, click on test. Once you can test, it will tell you patch can be applied cleanly. If only so, click Apply. If not, you’ve done something wrong :(<br>8) Restart the webservice<br>9) Point your browser to /restart_httpd.php, say if your pfsense IP is <a href="https://10.10.10.1">https://10.10.10.1</a> then just point to <a href="https://10.10.10.1/restart_httpd.php">https://10.10.10.1/restart_httpd.php</a><br>10) Run again<br>#openssl s_client -connect localhost:443 –ssl3<br>You should now get an error!</p> <p><u>The OpenVPN</u></p> <p>OpenVPN uses TLS so it is not vulnerable. OpenVPN uses TLSv1.0, or (with >=2.3.3) optionally TLSv1.2 and is thus not impacted by POODLE. [src pfsense forum]</p> <h2>Other software that uses SSLv3</h2> <p>If you are aware of any other encrypting software that may use SSLv3, you might need to search for documents online on how to disable SSLv3 within the app’s implementation. If you know of such app and need help from us, do contact us and we will have a look at it.</p> <div class="blogger-post-footer">---http://highsecurity.blogspot.com---
---RSS http://feeds.feedburner.com/highsecurity---</div>JayWShttp://www.blogger.com/profile/04318296929423691109noreply@blogger.com0tag:blogger.com,1999:blog-7262335442574749724.post-23565000425289506842014-10-11T01:50:00.001+08:002015-02-03T21:00:37.711+08:00Debian 7 (wheezy) based Asterisk 13, Freepbx 12 on VMware / Virtualbox (Asterisk VM/Asterisk Ready Virtual Machine)<p><strong>Show some love, do like our FB page </strong><a href="http://www.fb.com/Astiostech"><strong>www.fb.com/Astiostech</strong></a> |</p> <p><strong>[UPDATED: 03 FEB 2015]</strong></p> <p>Here’s a VMDK image to run a full featured Asterisk PaBX with FreePBX as the management UI using our default and secure install practices. No registrations, no username/password, no signing up for newsletter.</p> <p><strong><a href="https://sourceforge.net/projects/debianasterisk/"><img border="0" src="http://kasperskycontenthub.com/threatpost/files/2013/04/sourceforge-logo.png" width="81" align="left" height="55"></a>Get it from Sourceforge: </strong><a href="https://sourceforge.net/projects/debianasterisk/"><strong>https://sourceforge.net/projects/debianasterisk/</strong></a> [Select SWSterisk13 folder, then download the zip file therein] <p> <p>After extracting, You either need <a href="https://www.virtualbox.org/wiki/Downloads">VirtualBox</a> or <a href="https://my.vmware.com/web/vmware/free#desktop_end_user_computing/vmware_player/5_0">VMPlayer</a>/VMWare or any Virtualization products that supports VMDK files or if you’re using Hypervisor, convert the image to VHD using MVMC from <a href="http://technet.microsoft.com/library/hh967435.aspx">here</a>. This is to give you a feel of Asterisk with FreePBX without worrying about installation etc., its plug and play, literally. Just start up to your VirtualBox/VMplayer and get it up and running in seconds. Go in to FreePBX and start creating extensions and enable other features. <p><b>This image is free from any lockdowns or customizations that you cannot reverse or disable or enable as you wish. It is completely FREE from any personal restrictions. </b> <p><b>This image does not trace usage, or “dials home” or anything strange like that. Totally clean, totally lean and totally fast. It is functional and you can hook it up to a real production environment and you almost have a full fledge PBX, just add a <a href="http://www.digium.com/en/products/voip-gateways">Digium VoIP Gateway</a> or another IP based PSTN.</b> <p><strong>IMPORTANT</strong> <ul> <li><strong>DISCLAIMER: By using this VIRTUAL MACHINE IMAGE, i disclaim any sorts of liability whatsoever. What you do with this image is purely your choice/actions.</strong> <li><strong>This is not "another distros", nothing proprietary, i don't claim any copyrights, just make it look and feel like its mine for <u>fun</u>, but of course any of those customizations <u>can </u>be reversed. </strong><strong>All other trademarks are properties of their respective owners. All rights reserved.</strong></li></ul><strong>Here’s some information about the VM image you just downloaded</strong> <ul> <li>It’s in ZIP compression, just get <a href="http://www.rarlab.com/download.htm">WinRAR</a> or <a href="http://www.7-zip.org/download.html">7-ZIP</a> to extract. After extracting, there should be <strong>one vmdk</strong> just mount the vmdk into VMWare/VMPlayer or Virtualbox and start the image <li>Username/password <li><b>OS</b><br>- Username: <strong>root </strong>(the other non root user is support with same password as below)<br>- Password: <b>asteriskrocks </b>(change this!) <li><b>FreePBX(admin), MySQL(root), AMI(admin): usernames and passwords;</b><br>username: <b>admin</b><br>password: <b>@steriskRocks1 </b>(change this, here’s a good guide to start you off with<a href="http://www.freepbx.org/support/documentation/installation/first-steps-after-installation">http://www.freepbx.org/support/documentation/installation/first-steps-after-installation</a>) <li><strong><font color="#808000">REMEMBER REMEMBER REMEMBER: CHANGE PASSWORDS!</font></strong> <li>The network adapter is set to auto on eth0. <li>Image needs at least 384M memory (or more if you have more) <li>All source files except kernel-headers are removed to save disk space for downloading, you need to download them manually (Size before compression ~ 2.2GB, size after compression ~600M)</li></ul> <p><b>OS features/settings</b></p> <ul> <li><b>Debian 7.6.0 <u>64</u>bit (Source AMD64 netinstall)</b> <strong>UPDATED</strong>, <strong><u>Bash Vulnerability Fixed with latest patch no33, SSLV3 disabled and Ghost Vulnerability fixed.</u></strong> <li>Disks are LVM so you can add more storage <li>The interface, <b>eth0, is set to use DHCP</b>, so be sure to hook up DHCP or manually edit the IP. IPV6 is disabled. In case you can’t bring the interface up, run #ifconfig –a . Then edit the file in /etc/network/interfaces and set <strong>all</strong> values to correspond to the interface shown when you run ifconfig –a (not loopback of course) <li>Webmin installed but not started (# /etc/init.d/webmin start , then access using <a href="https://%3cipaddress%3e:10000/">https://<ipaddress>:10000</a>) . Use sparingly, has many holes if it doesn’t get updated constantly. <li>Apache as webserver with enforced HTTPS (Port 443) <li>MySQL administration with <b>Adminer</b> in <a href="https://<ipaddress>/adminer.php">https://<ipaddress>/dbmanage.php</a> <li>Phpsysinfo <a href="https://<ipaddress>/phpsysinfo">https://<ipaddress>/phpsysinfo</a> <li>Munin for monitoring in <a href="https://%3cipaddress%3e/munin">https://<ipaddress>/munin</a> <li>DHCP and TFTP server downloaded, not installed <li><b>Firewalled</b> with IPTables (be sure to see /bin/wallfire.sh) –<strong>UPDATED bug fixes</strong> can be stopped and started #wallfire stop #wallfire start <li>Time i.e NTP autosyncs with ntp.org daily, when starting and when stopping <li>Exim4 (mailserver) configured to relay, <strong>configure your email appropriately</strong> #dpkg-reconfigure exim4-config <li><b>fail2ban</b> properly set up and ready for ssh and asterisk failed attempts (modify notification email here /etc/fail2ban/jail.conf) - <strong>UPDATED</strong> <li>Many CLI tools for troubleshooting like tcpdump, ntop, htop… <li>Astribank support [if ever u need it] <li>Removed Virtualbox OSE addons for best compatibility</li></ul><b>FreePBX/Asterisk features</b> <ul> <li>FreePBX 12 with most basic and extended modules pre-installed – <strong>UPDATED to v12.0.36</strong> <li>Asterisk 13.1.1 (Dahdi tools/linux 2.10.0.1/LibPRI). <strong>NOTE I have set to chan_sip as the default sip driver, not pjssip. Had issues with fail2ban and other things. But all other components will work fine, not to worry. Change as you see fit.</strong> <li>Asterisk runs as high priority (Nice = 10) <li>New version of g711 selected <li>H323 Enabled <li>SRTP enabled (GoogleTalk/XMPP/Jingle + Secure RTP) <li>Iksemel for GoogleTalk/XMPP/Jingle <li>Asterisk-CEL logging enabled (in DB/table asteriskcdr/cel) <li>Log rotation enabled for files inside /var/log/asterisk/ <li>Extra codecs: Speex (wanted to add SILK and openg729 but they seem to crash Asterisk codec translators) <li><strong>WebRTC</strong> ready using FreePBX’s UAC <ul> <li>Notes on using this <ul> <li>A test user has been created for you to immediately use. <li>Click on UCP. <li>Username: 2000, password 2000 (password can be changed under User Management) <li>When using Chrome, be sure to check and enable “unsafe script” on top right corner in the address bar <li>Be sure ports 80 (or 443), ports 8088 both TCP are opened to this box <li>Here’s me making a test call with that user 2000 inside UCP <li><a href="http://lh5.ggpht.com/-xHJzgYBP0es/VDgcdGf0e1I/AAAAAAAADdc/kD9pQeU1TM4/s1600-h/image%25255B6%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; display: inline; border-top-width: 0px" border="0" alt="image" src="http://lh6.ggpht.com/-lkxZ_OMHX8s/VDgcdwMmKPI/AAAAAAAADdk/GB4v-dr1Y-c/image_thumb%25255B2%25255D.png?imgmax=800" width="248" height="345"></a> </li></ul></li></ul></li></ul> <div class="blogger-post-footer">---http://highsecurity.blogspot.com---
---RSS http://feeds.feedburner.com/highsecurity---</div>JayWShttp://www.blogger.com/profile/04318296929423691109noreply@blogger.com0tag:blogger.com,1999:blog-7262335442574749724.post-36524464533681309312014-10-07T01:05:00.001+08:002014-10-07T01:05:04.007+08:00Error 0x0000005d when installing Windows 10 tech preview on Oracle VirtualBox (4.3.x)<p>Thought of quickly setting a note on this. If you get this error with Windows 10 Tech Preview on Virtual Box, you probably have to set the in the General Setting to Windows 8.1 (32 or 64 bit depending on your version you’ve downloaded).</p> <p><a href="http://lh3.ggpht.com/-bcA7K3--hxY/VDLLuxIZJHI/AAAAAAAADdA/xOJPmwWerTc/s1600-h/image%25255B3%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; border-bottom: 0px; border-left: 0px; display: inline" border="0" alt="image" src="http://lh5.ggpht.com/-wAg5iNVAIEc/VDLLvnwctrI/AAAAAAAADdE/DubnxLl1ITw/image_thumb%25255B1%25255D.png?imgmax=800" width="427" height="267"></a> </p> <p>Also be sure to have sufficient video memory > 32M, reboot and start installation. Cheers :-)</p> <div class="blogger-post-footer">---http://highsecurity.blogspot.com---
---RSS http://feeds.feedburner.com/highsecurity---</div>JayWShttp://www.blogger.com/profile/04318296929423691109noreply@blogger.com0tag:blogger.com,1999:blog-7262335442574749724.post-4964694536963346502014-10-02T13:26:00.001+08:002014-10-02T19:54:28.254+08:00FreePBX RCE vulnerability CVE: 2014-7235<p>The FreePBX team has been made aware of a security vulnerability affecting one of its modules called the Asterisk Recording Interface (ARI). While many of our users do not use this module on a day to day basis, it is almost available in all our installs. <p>Important Notes <ul> <li>This vulnerability allows unauthenticated remove execution of code via the web and execute shell commands <b>which are then limited to the rights of the apache process (in our client's cases, that would be low privilege user asterisk)</b>. However, this user has rights to manage the Asterisk, FreePBX and other web related software or services. <li>FreePBX versions affected: Any version prior to version 12 (e.g. 2.8,2.9,2.10,2.11). <li>All OS versions <li>This is a FreePBX only bug, not Asterisk, not OS, etc.. <li>It is safe to upgrade during production/live. Restarts or reboots are <b>not required</b></li></ul> <p>The fixes are available since 30 Sept 2014 and users are advised to run the following commands and/or run from via the web interface or the module admin page: The following commands may require internet access from the Asterisk/FreePBX console to perform the upgrade. <p>(Do not copy the '#' when pasting into the putty/CLI interface, they are indicators of command line codes) <p><font face="Courier New">#rm -rf /var/www/html/admin/modules/admindashboard<br>#amportal a ma delete admindashboard</font> <p>NOTE: You may NOT have the above modules installed, even if in error, ignore and proceed as below; <p>Now, locate and delete these files like below <p><font face="Courier New">#for i in `find / -name 'c2.pl' -print`; do rm -i $i; done<br>#for i in `find / -name 'c.sh' -print`; do rm -i $i; done</font> <p>The above command will search through any of the automated hacking scripts <b>(if exists) </b>and ask you to remove, just hit [y]es if you find them. Otherwise, the command will return an empty output. <p>Finally, and most importantly, get the upgrade;<br>#<font face="Courier New">amportal a ma upgrade fw_ari</font> <br>#<font face="Courier New">amportal a r</font> <p>Alternatively, you can upgrade the module as show above via the FreePBX module admin module too. <p>Systems that expose the http/https port TCP80 or TCP443 (or FreePBX) interface via the internet is at <b>particularly higher risk</b>, you are advised to immediately close all access from the Internet to your FreePBX webUI and should be doing so anyway for best security practice. <p>For more detailed understanding, please checkout article: <a href="http://goo.gl/6JT3oT">http://goo.gl/6JT3oT</a></p> <div class="blogger-post-footer">---http://highsecurity.blogspot.com---
---RSS http://feeds.feedburner.com/highsecurity---</div>JayWShttp://www.blogger.com/profile/04318296929423691109noreply@blogger.com0tag:blogger.com,1999:blog-7262335442574749724.post-38353531557283975422014-09-26T13:31:00.001+08:002014-10-31T12:17:56.278+08:00Bash vulnerability possible quick fix for Debian 6 and 7 (squeeze and wheezy) - "CVE-2014-6271" or more CVEs<b>A bug discovered by Stephane Chazelas</b> <br />
<h3>
<b>IMPORTANT - MUST READ:</b></h3>
<ul>
<li><b>USE AT YOUR OWN RISK, i am not responsible for any broken apps/programs etc etc. Don’t sue me, im not rich anyway.</b> </li>
<li><b>We do not know the extent of the vulnerability/fixes this is from best knowledge and effort, you are advised to research of your own too and not completely rely on these below. These methods are also described in many many online articles, i put them together mainly for our customers and people using Deb6/7.</b> </li>
<li><b>This article is to be done/performed by people who know how to use bash and shell codes, not for newbies</b> </li>
<li><b>Please read more articles and follow online security resources for updates should there be any. If you need to reupgrade, just follow steps below again, in case there’s a better fix/newer version.</b></li>
</ul>
<b>NOTES</b> <br />
<ul>
<li><b>Note on command line operations: the # means its a shell code to run, copy paste that in your SSH console</b></li>
</ul>
<h3>
Intro</h3>
For immediate fix to possible vulnerable users: e.g. using vulnerable bash with bash codes that may run on publicly exposed protocols such as SSH/HTTP etc where publicly accessible shell codes are possible. <br />
<b>More reading: (askubuntu has an easy article to understand)</b> <br />
<ul>
<li>Good summarized read: <a href="http://askubuntu.com/questions/528101/what-is-the-cve-2014-6271-bash-vulnerability-and-how-do-i-fix-it">http://askubuntu.com/questions/528101/what-is-the-cve-2014-6271-bash-vulnerability-and-how-do-i-fix-it</a> </li>
<li>Official Debian security list info: <a href="https://lists.debian.org/debian-security-announce/2014/msg00220.html">https://lists.debian.org/debian-security-announce/2014/msg00220.html</a></li>
</ul>
<h3>
Test and Check Version </h3>
<h5>
<b>Note # denotes copy and paste into shell, don’t copy the # itself, copy after it, everything should be a single line unless said otherwise</b></h5>
1) Logon to your OS using SSH <br />
2) Run the following <br />
#curl <a href="https://shellshocker.net/shellshock_test.sh">https://shellshocker.net/shellshock_test.sh</a> | bash <br />
If you see the output showing "vulnerable" from 7 out of 7 checks, you need to fix, therefore, proceed to fix as below. <br />
3) To check bash version, run, you might need this info as you may be upgrading to a higher version of bash as shown in this article. this article for debian 6 will assume bash 4.1; <br />
#dpkg -s bash | grep Ver <br />
<h3>
Fix</h3>
<h4>
Fix for Squeeze (Deb6)</h4>
Following a guide from <a href="http://www.tannkost.no/2014/09/compile-bash-from-source-to-remedy-shellshock-on-debian-lenny/">http://www.tannkost.no/2014/09/compile-bash-from-source-to-remedy-shellshock-on-debian-lenny/</a> <br />
1) Do this in the /usr/src dir<br />#cd /usr/src<br />#wget <a href="http://ftp.gnu.org/gnu/bash/bash-4.1.tar.gz">http://ftp.gnu.org/gnu/bash/bash-4.1.tar.gz</a><br />#tar zxvf bash-4.1.tar.gz<br />#cd bash-4.1 <br />
2) Fetch all patches, including latest ones that patches all related CVEs, note if you are using bash 4.2x then change accordingly, eg change to 4.1 to 4.2 and 41 to 42 so on. Since more and more patches are coming up, i am setting the possible number of patches to 25, at time of writing, there are 17 patches. <br />
#for i in $(seq -f %03g 0 25); do wget -nv <a href="http://ftp.gnu.org/gnu/bash/bash-4.1-patches/bash41-">http://ftp.gnu.org/gnu/bash/bash-4.1-patches/bash41-</a>$i; patch -p0 < bash41-$i; done <br />
#./configure && make<br />#make install <br />
#mv /bin/bash /bin/bash.old<br />#ln -s /usr/local/bin/bash /bin/bash <br />
3) Check that you're not vulnerable anymore wiith the output of the following<br /># it should not output vulnerable word anymore<br />#curl <a href="https://shellshocker.net/shellshock_test.sh">https://shellshocker.net/shellshock_test.sh</a> | bash <br />
4) You can and also should delete the old one that's a problem<br />#rm /bin/bash.old <br />
5) Rerun Test!, you should not be vulnerable anymore. <br />
<h4>
Fix for Wheezy (Deb7)</h4>
1) Just run below for Wheezy <br />
#apt-get update <br />
#apt-get install --only-upgrade bash <br />
2) Rerun Test!, you should not be vulnerable anymore. Your bash version should also be higher than that specified above in the MUST READ section. <br />
---http://highsecurity.blogspot.com--- ---RSS http://feeds.feedburner.com/highsecurity---<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<div class="blogger-post-footer">---http://highsecurity.blogspot.com---
---RSS http://feeds.feedburner.com/highsecurity---</div>JayWShttp://www.blogger.com/profile/04318296929423691109noreply@blogger.com0tag:blogger.com,1999:blog-7262335442574749724.post-55156469453780959332014-08-22T00:55:00.001+08:002014-08-22T00:55:50.558+08:00Tribute to our fallen MH17<p><a href="http://lh5.ggpht.com/-zlgWFlWQ14o/U_YkV0rDzuI/AAAAAAAADb0/0-EgCaElLvk/s1600-h/ripmh17%25255B5%25255D.png"><img title="ripmh17" style="border-top: 0px; border-right: 0px; border-bottom: 0px; border-left: 0px; display: inline" border="0" alt="ripmh17" src="http://lh6.ggpht.com/-QOEkB6_5530/U_YkYnRtt5I/AAAAAAAADb8/RxHj2cJt1fE/ripmh17_thumb%25255B3%25255D.png?imgmax=800" width="693" height="320"></a></p> <div class="blogger-post-footer">---http://highsecurity.blogspot.com---
---RSS http://feeds.feedburner.com/highsecurity---</div>JayWShttp://www.blogger.com/profile/04318296929423691109noreply@blogger.com0tag:blogger.com,1999:blog-7262335442574749724.post-47792486737313562192014-08-01T02:10:00.001+08:002014-08-01T03:09:48.306+08:00Fixing magnet links on Google Chrome (and re-associate with uTorrent or <insert.favourite.torrent.program.here>)<h3><img src="https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQ6bfvvu55H2Fr0lPYogTWyZALYGF5Cmh7zs1zxo9RMBp4pvmka"></h3> <h3>NOTE: This post is for education purposes only.</h3> <p>Spent some time trying to fix and after reading/following some resources online like youtube links and others, they still didn't’ seem to work for me. Finally, found this regkey, changed one value and it worked for me. It may help you too..</p> <p>The association of magnet links on torrent sites (which most of them use instead of a .torrent file) may break if you’ve installed/uninstalled a program that <strong><u>also</u></strong> handles magnet/torrent links and may have override your favorite torrent proggie e.g. uTorrent as your default torrent handler. </p> <p>And now, Google Chrome won’t associate/open uTorrent when you click the <a href="http://lh6.ggpht.com/-iZ6JDcUQZHk/U9qGoCkXvdI/AAAAAAAADZo/M1fvevhy1f0/s1600-h/image%25255B2%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; display: inline; border-top-width: 0px" border="0" alt="image" src="http://lh6.ggpht.com/-ccLCYiTKtYQ/U9qGo-mUMUI/AAAAAAAADZs/_4GOs-E1NJA/image_thumb.png?imgmax=800" width="22" height="24"></a> icon or this type of link <a href="http://lh4.ggpht.com/-JBQny2AzdP0/U9qGpXN0geI/AAAAAAAADZ4/2DACiR_4rI0/s1600-h/image%25255B5%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; display: inline; border-top-width: 0px" border="0" alt="image" src="http://lh4.ggpht.com/-m5AAOz0oC_k/U9qGqBnl_cI/AAAAAAAADaA/eyapUGcg_Jw/image_thumb%25255B1%25255D.png?imgmax=800" width="152" height="28"></a> </p> <p><br>So, first do try the following:</p> <p>1) This Youtube link <a href="http://www.youtube.com/watch?v=6nELJpK7B5E">http://www.youtube.com/watch?v=6nELJpK7B5E</a></p> <p>2) This other resource <a title="http://www.metserve.com/blog/magnet-links-working-with-chrome" href="http://www.metserve.com/blog/magnet-links-working-with-chrome">http://www.metserve.com/blog/magnet-links-working-with-chrome</a></p> <p><strong></strong> </p> <p><strong>I</strong><strong>f those links still don’t help or the problem isn’t fixed, fear not, there’s one other thing you can do:,</strong></p> <p>1) Open up the registry (click start, then run, regedit). In Windows 7 or higher, just type in the application bar search box </p> <p>2) Look for the following key <br>HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\magnet\UserChoice</p> <p>3) Edit the REG_GZ value for ProgID and enter your favourite program you wish to associate with, e.g. uTorrent <br>(How to find my program’s progID - <a title="http://www.ehow.com/how_6871656_progid.html" href="http://www.ehow.com/how_6871656_progid.html">http://www.ehow.com/how_6871656_progid.html</a></p> <p> </p> <p><a href="http://lh6.ggpht.com/-DekH2hKIs0o/U9qGq2ncLnI/AAAAAAAADaI/dAUZIuYCjm8/s1600-h/image%25255B9%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; border-bottom-width: 0px; display: inline; border-top-width: 0px" border="0" alt="image" src="http://lh6.ggpht.com/-roFqtyNGGCw/U9qGrlnlWoI/AAAAAAAADaQ/9lFoDqqE6yk/image_thumb%25255B3%25255D.png?imgmax=800" width="664" height="318"></a> </p> <p> </p> <p>And done! IT should work now. Cheers!</p> <div class="blogger-post-footer">---http://highsecurity.blogspot.com---
---RSS http://feeds.feedburner.com/highsecurity---</div>JayWShttp://www.blogger.com/profile/04318296929423691109noreply@blogger.com0tag:blogger.com,1999:blog-7262335442574749724.post-24584634075643314772014-06-20T19:31:00.001+08:002014-06-20T19:56:14.992+08:00Monast – An uber cool FREE web based monitoring for Asterisk (an install guide for Debian users)<p>I had the chance to install and use Monast (<a title="http://monast.sourceforge.net/" href="http://monast.sourceforge.net/">http://monast.sourceforge.net/</a>) by Diego Aguirre and found it extremely useful, simple, fast and FREE to monitor Asterisk 1.4 or higher (this guide uses Asterisk 11.x). Thought i’d share this how to for basic asterisk monitoring needs. Even though the project has not been updated for years, i still find it super useful and works on Asterisk 11 for me just fine.</p> <p>Important notes:</p> <ul> <li>This guide is for users of Debian 32/64, other platforms can adapt, esp the “apt” parts :-)</li> <li>You should already have a running FreePBX (or at least Apache and related libraries) if you do not have FreePBX</li> <li>This guide would likely work for Ubuntu as well</li></ul> <p>Follow this guide to get it up and running in minutes</p> <ol> <li>Update your apt and get some packages</li> <li>#apt-get update</li> <li>#apt-get install python-twisted python-zope.interface php-pear</li> <li>#pear install HTTP_Client</li> <li>Get starpy package and install it</li> <li>#cd /usr/src</li> <li>#wget -O starpy-1.0.0a13.tar.gz <a href="http://downloads.sourceforge.net/project/starpy/starpy/1.0.0a13/starpy-1.0.0a13.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fstarpy%2Ffiles%2Fstarpy%2F1.0.0a13%2F&ts=1402506121&use_mirror=jaist">http://downloads.sourceforge.net/project/starpy/starpy/1.0.0a13/starpy-1.0.0a13.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fstarpy%2Ffiles%2Fstarpy%2F1.0.0a13%2F&ts=1402506121&use_mirror=jaist</a></li> <li>#tar –zxvf starpy-1.0.0a13.tar.gz</li> <li>#cd starpy-1.0.0a13/</li> <li>#./setup.py install</li> <li>#cd ..</li> <li>Now download monast</li> <li>#wget –O monast-3.0b4.tar.gz <a title="http://downloads.sourceforge.net/project/monast/Monast%20for%20Asterisk%201.4%2C%201.6%20and%201.8/3.0b4/monast-3.0b4.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fmonast%2Ffiles%2FMonast%2520for%2520Asterisk%25201.4%252C%25201.6%2520and%25201.8%2F3.0b4%2F&ts=1403193094&use_mirror=jaist" href="http://downloads.sourceforge.net/project/monast/Monast%20for%20Asterisk%201.4%2C%201.6%20and%201.8/3.0b4/monast-3.0b4.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fmonast%2Ffiles%2FMonast%2520for%2520Asterisk%25201.4%252C%25201.6%2520and%25201.8%2F3.0b4%2F&ts=1403193094&use_mirror=jaist">http://downloads.sourceforge.net/project/monast/Monast%20for%20Asterisk%201.4%2C%201.6%20and%201.8/3.0b4/monast-3.0b4.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fmonast%2Ffiles%2FMonast%2520for%2520Asterisk%25201.4%252C%25201.6%2520and%25201.8%2F3.0b4%2F&ts=1403193094&use_mirror=jaist</a></li> <li>#tar -zxvf monast-3.0b4.tar.gz</li> <li>#cd monast-3.0b4/</li> <li>At this point below, simply use the defaults, change if you know what you’re doing….</li> <li>#./install.sh</li> <li>Now, lets create an AMI user using FreePBX’s </li> <li>Note, use the module Asterisk Manager Users and its a recommended way to add AMI users</li> <li>Create a new manager user called monastfpbx with a secret like this “mysecret123”, select ALL for read, and ALL for write<br><br>Example below<br><a href="http://lh3.ggpht.com/-oueLIlxDWAE/U6QbSI_6thI/AAAAAAAADXI/D4Ur1waqMOk/s1600-h/image%25255B3%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; border-bottom: 0px; border-left: 0px; display: inline" border="0" alt="image" src="http://lh4.ggpht.com/-UNLICZ7SZYM/U6QbS93gSgI/AAAAAAAADXQ/vxBwS75Bep8/image_thumb%25255B1%25255D.png?imgmax=800" width="314" height="387"></a> </li> <li>Submit and apply</li> <li>If you do not have/use this module, create you own user like this in [freepbx users] /etc/asterisk/manager_custom.conf or rest of the world /etc/asterisk/manager.conf<br><br>[monastfpbx]<br>secret = mysecret123<br>deny=0.0.0.0/0.0.0.0<br>permit=127.0.0.1/255.255.255.0<br>read = system,call,log,verbose,command,agent,user,config,dtmf,reporting,cdr,dialplan,originate<br>write = system,call,log,verbose,command,agent,user,config,dtmf,reporting,cdr,dialplan,originate</li> <li>Then reload the manager module #asterisk –rx “manager reload”</li> <li>Now, edit the monast config file</li> <li>#nano /etc/monast.conf </li> <li>Look for the following and change per suggested here (basic setup, change others if you know what you’re doing)<br><br>auth_required = true<br><br>[server: Server_1] # Server name can not contains space<br>hostname = 127.0.0.1<br>hostport = 5038<br>username = monastfpbx<br>password = mysecret123<br><br>default_context = from-internal<br>transfer_context = from-internal-xfer<br><br>[user: admin]<br>secret = secret12345<br>roles = originate,queue,command,spy<br>servers = ALL<br></li> <li>Save and exit</li> <li>Now, lets test start monast<br>#/opt/monast/monast.py<br>You should see this at minimum (ignore server_2 errors)<br>[Fri Jun 20 19:17:05 2014] NOTICE :: Initializing Monast AMI Interface...<br>[Fri Jun 20 19:17:05 2014] NOTICE :: Parsing config file /etc/monast.conf<br>[Fri Jun 20 19:17:05 2014] NOTICE :: Server Server_1 :: AMI Connected...<br></li> <li>Now, ctrl-c to stop that and run this monast as a daemon instead (runs in background)<br>#/opt/monast/monast.py --daemon<br>You should see something like this:<br>Monast daemonized with pid 6738<br></li> <li>That’s about it, now log on to the webUI</li> <li>http(s)://<yourIP>/html/monast with username admin and password secret12345</li> <li>Remember, you can right click and do stuff to the tabs you see there such as originate calls…<br><a href="http://lh6.ggpht.com/-Z39t8NNNww4/U6QbTrG_6tI/AAAAAAAADXY/rWNAp_XhMNY/s1600-h/image%25255B7%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; border-bottom: 0px; border-left: 0px; display: inline" border="0" alt="image" src="http://lh3.ggpht.com/-frcAh_IBBG4/U6QbUikcYZI/AAAAAAAADXg/uGgnuzOTuKQ/image_thumb%25255B3%25255D.png?imgmax=800" width="481" height="103"></a> <br><a href="http://lh4.ggpht.com/-kktYa8gX0VI/U6QbVSHCtHI/AAAAAAAADXo/2JRCsD08QF4/s1600-h/image%25255B11%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; border-bottom: 0px; border-left: 0px; display: inline" border="0" alt="image" src="http://lh5.ggpht.com/-vAuPUXLGdvE/U6QbWIacLCI/AAAAAAAADXw/wQrxsKPKzYA/image_thumb%25255B5%25255D.png?imgmax=800" width="689" height="150"></a> <br><a href="http://lh3.ggpht.com/-5Pvz5_f7HNg/U6QbWk38D1I/AAAAAAAADX4/497XB1nmHwU/s1600-h/image%25255B15%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; border-bottom: 0px; border-left: 0px; display: inline" border="0" alt="image" src="http://lh4.ggpht.com/-7qq0FlelI7o/U6QbeFIfa-I/AAAAAAAADYA/js-l7-QUK9k/image_thumb%25255B7%25255D.png?imgmax=800" width="460" height="359"></a><br><a href="http://lh6.ggpht.com/-Ko55N172Cv4/U6Qbe052QSI/AAAAAAAADYI/Nu-hGBjk6k4/s1600-h/image%25255B19%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; border-bottom: 0px; border-left: 0px; display: inline" border="0" alt="image" src="http://lh6.ggpht.com/-lY7HNxpMcVk/U6Qbf7fKZAI/AAAAAAAADYQ/AexotdBWUbQ/image_thumb%25255B9%25255D.png?imgmax=800" width="544" height="321"></a> </li> <li>The init.d should be automatically added and should auto start in daemon mode, but do verify yourself</li> <li>Shout out to Diego Aguirre! awesome software mate :-)</li> <li>Thanks and as usual do give us feedback</li></ol> <p> </p> <p>Happy weekend folks!</p> <div class="blogger-post-footer">---http://highsecurity.blogspot.com---
---RSS http://feeds.feedburner.com/highsecurity---</div>JayWShttp://www.blogger.com/profile/04318296929423691109noreply@blogger.com1