Всем IT-шникам на заметку...

По роду своей работы в сфере IT мне достаточно часто приходится сталкиваться с проблемами не всегда стандартными для IT сферы. Так же заметки со ссылками на статьи которые очень часто на практике выручали, держать на своем компе стало не удобно. По этой причине создан этот блог - записная книжка статей и заметок. Авторов статей прошу не обижаться если местами забыл сделать на них обратную ссылку. Пишите в комментариях все обязательно поправлю..

Installing CSF Firewall Asterisk Based Systems

I have been using CSF firewall for a number of year

s with all flavours of asterisk and touch wood

none have ever been compromised. This is not a comp

lete Guide but will get your system locked

down

Firstly we need to install Webmin and CSF so log in

to console.

wget

http://prdownloads.sourceforge.net/webadmin/webmin-

1.580-1.noarch.rpm

rpm -U webmin-1.580-1.noarch.rpm

Now we will do CSF while we are in console.

wget http://www.configserver.com/free/csf.tgz

tar zxf csf.tgz

cd csf

sh install.sh

If all that went smooth we need to now log into Web

min from your web browser

https://your server ip:10000/

User will be root and whatever pass you set

Now we need to install the CSF Gui into Webmin

Click on Webmin as seen above, you will then see

Click on Webmin modules This will allow us to insta

ll module

Click to browse for the file

If you wish just copy this path and paste it in /et

c/csf/csfwebmin.tgz

Now just click install and leave everything as defa

ults, when done you will now see under system in

Webmin

Click on Configserver

Now we get down to the Nitty gritty of setting our

firewall up, you will need to add your local ip

range into the allow field and click allow to add i

Set testing to “ 0 “ this will enable the firewall

out of test mode

Remove inbound ports in TCP and also UDP leave blan

k, this will stop anyone connecting to your

system unless you allow the IP

In UDP outbound I added 1000:65000 just for ease, i

t doesn’t really matter as nothing can connect

until I allow it

Next this is if you use Dyndns names for remote ext

ensions with dynamic IP’s , set Dyndns to 300 to

check for change of address

Also set DYNDNS_IGNORE

= 1 this will ignore dyndns names and allow them

through

Next you really should disable this unless you want

thousand of emails

Next 1 to disable is process tracking or you will g

et flooded with mail

That is all that is needed to lock down your asteri

sk system, so any SIP trunks or remote connections

you will need to add into the allow list

This is a quick rundown so if anyone finds errors o

r has any suggestions feel free to contact me and I

will try to respond when I get some time

dave@itshack.com.au

DaveD

Источник <https://wdpvoip.net.au/pdf/CSF%20Install.pdf>

Комментариев нет:

Отправить комментарий

Всем IT-шникам на заметку...

Поиск по моему блогу

Installing CSF Firewall Asterisk Based Systems

Комментариев нет:

Реклама от BigBN