So today I realized that the new PBX system wasn't secured from the outside world. The way we have things set up with it is eth0 is for the internal network, and eth1 is connected to the outside network, not being controlled by our firewall and DNS. That is where we connect to our SIP Trunk as well. So because of this, the phone system was a bit overly exposed to the cloud. So today I learned how to use WebMin and manage the IPTables that run on the system. So I changed a lot of rules to accept traffic only from eth0, thus locking out the outside world from some of the most easiest points of attack.
Then their was another thing that I found out today about the new system. It was using .htaccess lock to view voicemail. They tried to have admins add this back in March, but when I did, I didn't know my way around, and so I removed the locking file. But with this newer version, they had added it. So after spending lots of time trying to disable it, or find my way through it, I finally understood what the foram was saying for what to do about it. Here at http://www.pbxinaflash.com/community/index.php?threads/freepbx-2-10-latest-beta-voicemail-and-recordings-asks-for-auth-p-a-s-s-w-o-r-d.12407/ at about half way down where wardmundy is talking about what to do, it clicked what I needed to do. She gave the command to add a user for htaccess. She gave "htpasswd /usr/local/apache/p-a-s-s-w-d/wwwpasswd <username>". So I took that and started to enter it in and had to change it some. what I did was "htpasswd -bm /usr/local/apache/passwd/wwwpasswd <username> <password>" and that wrote a user in that file that I could share with everyone. So that was quite a learning experience for me, and a good one to know.
No comments:
Post a Comment