venturinog
Hi Venturinog,
My responses:
1) When I install Elastix 4.0 using VMWare it doesn't happen. I use the VMWare Hypervisor ESXi 6.0 and the VMWare VSphere 6.0 Client on the PC.
2) Yes. It happens after running the migration tool. If I migrate something from Elastix 2.5 to Issabel 4 the menus and the interface will still work but when you go to PBX Configuration --> Extensions you see no extensions and the "Apply Config" option but when you click on it, the error I get is:
Reload failed because retrieve_conf encountered an error: 255
click here for more info
1 error(s) occurred, you should view the notification log on the dashboard or main screen to check for more details.
"More details" shows this:
exit: 255
found language dir en_GB for speeddial, not installed on system, skipping
found language dir it for speeddial, not installed on system, skipping
found language dir ja for pbdirectory, not installed on system, skipping
found language dir en_GB for pbdirectory, not installed on system, skipping
found language dir it for pbdirectory, not installed on system, skipping
PHP Fatal error: Call to undefined function core_users_list() in /var/www/html/admin/modules/voicemail/functions.inc.php on line 181
When I restore an Elastix 4 backup it is WORSE. It ruins the interface and tries to show the FreePBX access screen (Admin Login, User Login and Support) but no password lets you in. If you run yum update issabel* the reinstallation process wrecks everything completely and you end with an unusable PBX GUI.
3) Results of iptables -L :
[root@voicesrv05 fail2ban]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
f2b-asterisk-ami tcp -- anywhere anywhere multiport dports 5038
f2b-asterisk-udp udp -- anywhere anywhere multiport dports 0:65535
f2b-asterisk-tcp tcp -- anywhere anywhere multiport dports 0:65535
f2b-postfix-sasl tcp -- anywhere anywhere multiport dports smtp,urd,submission,imap3,imaps,pop3,pop3s
f2b-postfix tcp -- anywhere anywhere multiport dports smtp,urd,submission
f2b-apache-shellshock tcp -- anywhere anywhere multiport dports http,https
f2b-apache-modsecurity tcp -- anywhere anywhere multiport dports http,https
f2b-apache-fakegooglebot tcp -- anywhere anywhere multiport dports http,https
f2b-apache-botsearch tcp -- anywhere anywhere multiport dports http,https
f2b-apache-nohome tcp -- anywhere anywhere multiport dports http,https
f2b-apache-overflows tcp -- anywhere anywhere multiport dports http,https
f2b-apache-noscript tcp -- anywhere anywhere multiport dports http,https
f2b-apache-badbots tcp -- anywhere anywhere multiport dports http,https
f2b-apache-auth tcp -- anywhere anywhere multiport dports http,https
f2b-sshd-ddos tcp -- anywhere anywhere multiport dports ssh
f2b-sshd tcp -- anywhere anywhere multiport dports ssh
ISSABEL_INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ISSABEL_FORWARD all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ISSABEL_OUTPUT all -- anywhere anywhere
Chain ISSABEL_FORWARD (1 references)
target prot opt source destination
ISSABEL_FORWARD_GEOIP all -- anywhere anywhere
Chain ISSABEL_FORWARD_GEOIP (1 references)
target prot opt source destination
Chain ISSABEL_INPUT (1 references)
target prot opt source destination
ISSABEL_INPUT_GEOIP all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
Chain ISSABEL_INPUT_GEOIP (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere -m geoip --source-country AG,AI,AW,BB,BL,BM,BS,BZ,CA,CR
RETURN all -- anywhere anywhere -m geoip --source-country CU,DM,DO,GD,GL,GP,GT,HN,HT,JM
RETURN all -- anywhere anywhere -m geoip --source-country KN,KY,LC,MF,MQ,MS,MX,NI,PA,PM
RETURN all -- anywhere anywhere -m geoip --source-country PR,SV,TC,TT,US,VC,VG
Chain ISSABEL_OUTPUT (1 references)
target prot opt source destination
ISSABEL_OUTPUT_GEOIP all -- anywhere anywhere
Chain ISSABEL_OUTPUT_GEOIP (1 references)
target prot opt source destination
Chain f2b-apache-auth (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-apache-badbots (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-apache-botsearch (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-apache-fakegooglebot (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-apache-modsecurity (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-apache-nohome (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-apache-noscript (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-apache-overflows (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-apache-shellshock (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-asterisk-ami (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-asterisk-tcp (1 references)
target prot opt source destination
REJECT all -- r-139-56-62-5.ff.avast.com anywhere reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere
Chain f2b-asterisk-udp (1 references)
target prot opt source destination
REJECT all -- r-139-56-62-5.ff.avast.com anywhere reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere
Chain f2b-postfix (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-postfix-sasl (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-sshd (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-sshd-ddos (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
[root@voicesrv05 fail2ban]#
I ran "geo-ip update" and it said the first time that the GeoLite-Country.dat was not present and created it. It also said that GeoLite-City.dat was outdated but regardless, intruders from other regions of the world are trying to attack asterisk. The curious thing is that Fail2Ban is unable to TRAP intruders who want to gain access using non-existant asterisk manager accounts like this:
[2017-07-10 13:39:09] NOTICE[28407] manager.c: 163.172.64.146 tried to authenticate with nonexistent user 'manager'
[2017-07-10 13:39:09] NOTICE[28407] manager.c: 163.172.64.146 failed to authenticate as 'manager'
[2017-07-10 14:00:01] NOTICE[28457] manager.c: 163.172.64.146 tried to authenticate with nonexistent user 'manager'
[2017-07-10 14:00:01] NOTICE[28457] manager.c: 163.172.64.146 failed to authenticate as 'manager'
This IP (163.172.64.146) has tried to log into the manager the whole night but Fail2Ban (and also the firewall) have been unable to contain it. Maybe the Jail for the asterisk service needs some changes to ban these guys trying to get access to the asterisk manager service but again, the main problem is that the GeoIP option to block or allow countries is not working. When I isolated it to "USA" it blocked my IP and when I forced GeoIP to open the service for "North America" then it let me in but it also lets IPs from Europe and Asia to get into the system.
4) Please d so. Anti-Hacker has a template where you can customize the text you want to get in an e-mail but the default text is fine. They use WHOIS (that has to be manually installed on Elastix 4 using yum install whois) to give you the information of the IP like the ISP and country it belongs to. The template is something like this:
From: * antihacker@server.com
Real Name: Anti-Hacker
Start Template: Tags: name - jail name | hostname* - hostname
[name] started
Hi,
The jail name has been started successfully.
Regards,
Anti-Hacker
Stop Template: Tags: name - jail name | hostname* - hostname
[name] stopped
Hi,
The jail name has been stopped successfully.
Regards,
Anti-Hacker
Ban Template: Tags: name - jail name | failures - count of failures | ip - IP address of the attacker | whois - whois command | hostname* - hostname
[name] banned IP ip
Hi,
The IP <ip> has just been banned by Anti-Hacker after failures attempts against name.
Here are more information about ip:
whois
Regards,
Anti-Hacker
Unban Template: Tags: name - jail name | whois - whois command | hostname* - hostname
[name] unbanned IP ip
Hi,
The IP ip has just been unbanned.
Regards,
Anti-Hacker
5) I just tested the addons and it only happens with the Call Center Stats Pro.
Best Regards,
Paul