AW: Asterisk on FC3
Andreas Wahlert
andreas.wahlert at gmx.de
Tue Jul 5 20:48:10 UTC 2005
I know about the security risks. But i go the following way:
* runs in an vmware on a fc3 hostmachine. I copy the vmware-image every
4 days. The only risk here are the mailboxes. Anyway. On the interface
of the host runs a NIDS. Aide runs on the asterisk server and several
other tools (rkhunter for example). * itself runs at a uid over 1000. no
other apps here.
But you are right. I guess kick the isa
Thx
andreas
-----Ursprüngliche Nachricht-----
Von: fedora-list-bounces at redhat.com
[mailto:fedora-list-bounces at redhat.com] Im Auftrag von Wolfgang S.
Rupprecht
Gesendet: Dienstag, 5. Juli 2005 20:24
An: fedora-list at redhat.com
Betreff: Re: Asterisk on FC3
Andreas Wahlert <andreas.wahlert at gmx.de> writes:
> Has anybody running this configuration or should i kick the ISA??
Since you asked, yes. ;-)
I do have an asterisk here and it does need some UDP ports open for
incoming traffic. Simplest is just to open these ports in iptables (or
whatever) to allow outside packets to hit this local ports.
53/udp (if running a local named)
5004/udp RTP official port number (if using sip phones)
5060/udp SIP
4569/udp AIX2
10000/udp - 10100/udp RTP as used by asterisk
Now the word of warning -- asterisk isn't the most defensively written
program. The stock config runs as root without a chroot and has plenty
of system() calls. It is a program that pretty much dares the kiddies
to find a buffer overflow and get rewarded with a root shell.
-wolfgang
--
Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/
--
fedora-list mailing list
fedora-list at redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
More information about the fedora-list
mailing list