AW: Asterisk on FC3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I know about the security risks. But i go the following way:

* runs in an vmware on a fc3 hostmachine. I copy the vmware-image every
4 days. The only risk here are the mailboxes. Anyway. On the interface
of the host runs a NIDS. Aide runs on the asterisk server and several
other tools (rkhunter for example). * itself runs at a uid over 1000. no
other apps here.

But you are right. I guess kick the isa




Thx


andreas



-----Ursprüngliche Nachricht-----
Von: fedora-list-bounces@xxxxxxxxxx
[mailto:fedora-list-bounces@xxxxxxxxxx] Im Auftrag von Wolfgang S.
Rupprecht
Gesendet: Dienstag, 5. Juli 2005 20:24
An: fedora-list@xxxxxxxxxx
Betreff: Re: Asterisk on FC3



Andreas Wahlert <andreas.wahlert@xxxxxx> writes:
> Has anybody running this configuration or should i kick the ISA??

Since you asked, yes. ;-)

I do have an asterisk here and it does need some UDP ports open for
incoming traffic.  Simplest is just to open these ports in iptables (or
whatever) to allow outside packets to hit this local ports.

53/udp      (if running a local named)
5004/udp    RTP official port number (if using sip phones)
5060/udp    SIP
4569/udp    AIX2
10000/udp - 10100/udp  RTP as used by asterisk

Now the word of warning -- asterisk isn't the most defensively written
program.  The stock config runs as root without a chroot and has plenty
of system() calls.  It is a program that pretty much dares the kiddies
to find a buffer overflow and get rewarded with a root shell.

-wolfgang
-- 
Wolfgang S. Rupprecht                http://www.wsrcc.com/wolfgang/

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux