Asterisk Scurity Help

infiniledsys · October 15, 2014, 12:51am

Hi, i just want to see if you could help me increase my security

I use strong password for both the web panel and root user
I use strong password for the extensions

I recently installed fail2ban, but not quite sure if the config is the ideal one
I recently instaled gamin too, but so far i haven’t checked it out

I keep a constant eye on the console to catch possible intrussions and even monitor the calls.

An yet it seems i keep getting “hacked” or so it seems, today i catched a few international calls comming from and extension of someone who wasn’t logged in, my web password didn’t worked so i had to reset it, and the password i set up for the international calls outbound route was removed, in short, someone accessed my asterisk server and started to make calls.

And it doesn’t seem he just happened to guess the extension password, i don’t know what else to do, and now im worried there might be some sort of keylogger or something to get my password changes, which i do often, but this is not the first time i have had to reset my web panel password.

Could you help me out step by step and on the long run to make my server harder to access, it seems i just look away for a second and there it goes, part of my job is to keep an eye on the server but sometimes i can’t and this sort of thing happens.

But also I am fairly new to linux

david55 · October 15, 2014, 7:04am

For step by step security consultancy please use the Biz and Jobs forum.

For free advice, here, you would need to provide your complete sip.conf and any security related parts of the dialplan etc., with passwords and sensitve IP addresses obfuscated. For advice on the specific attack you would need to provide relevant dialplan and the full and security logs. People may be able to tell you where the flaws are, but they are not going to spend significant time telling you exactly how to fix them.

Note that fail2ban rate limits attempts. It cannot stop the first attempts.

I would make sure that you have allowguest=no specified explicitly and that you don’t have insecure on any SIP device that is in a context that can do anything dangerous.

PS. Whilst I’ve assume you use SIP, you should not have made me have to do that.

ianplain · October 15, 2014, 12:35pm

Hi

My guess is that as you havent mentioned updating or patching you havent done any of these recently, they are many holes at the moment in freepbx and ssl and bash any of thses will allow someone to hack you. you don’t mention checking your logs and seeing things there.

there are instructions on patching freepbx ari on my website and elsewhere about patching and security

infiniledsys · October 15, 2014, 4:54pm

Ok let me get the info you ask for, this is not some sort of problem that i need to fix on the spot, like i said im always online on the console, but i want to reduce the holes, keep it as tight as possible, so if i am not available for watch i can at least trust is a secure as it can be.

I don’t want to bother anyone, but yeah, im gonna need some time and help here, of course not forcing or demanding anything, just hoping i can get the guidance which is what i need, not exactly help but guidance.

this is my sip.conf which is in /etc/asterisk

[code];--------------------------------------------------------------------------------;
; Do NOT edit this file as it is auto-generated by FreePBX. All modifications to ;
; this file must be done via the web gui. There are alternative files to make ;
; custom modifications, details at: http://freepbx.org/configuration_files ;
;--------------------------------------------------------------------------------;
;
; This file is part of FreePBX.
;
; FreePBX is free software: you can redistribute it and/or modify
; it under the terms of the GNU General Public License as published by
; the Free Software Foundation, either version 2 of the License, or
; (at your option) any later version.
;
; FreePBX is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
; GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License
; along with FreePBX. If not, see http://www.gnu.org/licenses/.
;
; Copyright © 2004 Coalescent Systems Inc (Canada)
; Copyright © 2006 Why Pay More 4 Less Pty Ltd (Australia)
; Copyright © 2007 Astrogen LLC (USA)

[general]
allowguest=no
alwaysauthreject=yes

; These files will all be included in the [general] context
;
#include sip_general_additional.conf

;sip_general_custom.conf is the proper file location for placing any sip general
;options that you might need set. For example: enable and force the sip jitterbuffer.
;If these settings are desired they should be set the sip_general_custom.conf file.
;
; jbenable=yes
; jbforce=yes
;
;It is also the proper place to add the lines needed for sip nat’ing when going
;through a firewall. For nat’ing you’d need to add the following lines:
; nat=yes , externip= , localhost= , and optionally fromdomain= .
;
#include sip_general_custom.conf

;sip_nat.conf is here for legacy support reasons and for those that upgrade
;from previous versions. If you have this file with lines in it please make
;sure they are not duplicated in sip_general_custom.conf, if so remove them
;from sip_nat.conf as sip_general_custom.conf will have precedence.
include sip_nat.conf

;sip_registrations_custom.conf is for any customizations you might need to do to
;the automatically generated registrations that FreePBX makes.
;
#include sip_registrations_custom.conf
#include sip_registrations.conf

; These files should all be expected to come after the [general] context
;
#include sip_custom.conf
#include sip_additional.conf

;sip_custom_post.conf If you have extra parameters that are needed for a
;extension to work to for example, those go here. So you have extension
;1000 defined in your system you start by creating a line 1000 in this
;file. Then on the next line add the extra parameter that is needed.
;When the sip.conf is loaded it will append your additions to the end of
;that extension.
;
#include sip_custom_post.conf

#include additional_a2billing_sip.conf[/code]

Im checking the log file called “full” as ianplain mentioned i do not check the logs,i am looking if there is any info i should hide before posting it, it seems it only contains info from yesterday and today, anyway i will post it when i finish checking it.

But i do not understand the info about the scurity parts of the dial plan you asked for david55, what it’s that? the outbound routes? sorry but i am fairly new to this.

Edit
Sorry I forgot to thank you for replying, it really means a lot, any knowledge I can get will help me a lot

david55 · October 15, 2014, 8:44pm

You didn’t say you were using FreePBX. Most FreePBX users seem to be able to cope with the contents of sip.conf AND ITS INCLUDED FILES, but it is very difficult to support the FreePBX dialplan if you are not a FreePBX developer. FreePBX support is at community.freepbx.org/

The relevant information in sip.conf is in the included files, when you are using FreePBX.

Topic		Replies	Views
Sip.conf Security Help Asterisk Support	13	373	November 15, 2012
Asterisk Intruders - Break in attempts Asterisk Support	13	508	October 20, 2008
Hacked! Password compromised Asterisk Support	4	242	January 15, 2011
Asterisk server hacked, but how? Asterisk Support	5	487	September 18, 2018
Somebody trying to hack my server? Asterisk Support	2	270	April 25, 2015

Asterisk Scurity Help

Related topics