Elastix MySQL password change

Discussion in 'General' started by hema, Apr 13, 2009.

  1. hema

    Joined:
    Nov 9, 2008
    Messages:
    27
    Likes Received:
    0
    Hi All,

    It has been a pleasure to use Elastix for all our requirements. things are working excellent until recently someone changed mysql password :(

    Is there any way to change elastix mysql installation. As all admin/root passwords are public, anyone can do modifications to setup and ruin the system. Is there any way to change these default passwords? Specially MySQL password. I believe same password is hardcoded in number of places in elastix code. Please help.

    Regards,
    -Hema
     
  2. rafael

    Joined:
    May 14, 2007
    Messages:
    1,454
    Likes Received:
    1
    The mysql password is a security issue if you allow more users to ssh the server or if you have something like phpmyadmin public available for the world. You can change the password, but a lot of things could break up so you have to be sure, what are you using the pbx for adn check that everything works fine.

    regards,


    rafael
     
  3. hema

    Joined:
    Nov 9, 2008
    Messages:
    27
    Likes Received:
    0
    Thanks Rafael for your suggestion. Is there any guideline/checklist what all / where all changes are required if mysql password is changed? I believe this password is hardcoded in places in php code. Pointers to such files will be really helpful to everyone working with Elastix installation.

    Regards,
    Hema
     
  4. jgutierrez

    Joined:
    Feb 28, 2008
    Messages:
    5,737
    Likes Received:
    0
    Hello,

    I have found the password on the following files:

    /var/www/html/vtigercrmWrapper.php
    /var/www/html/libs/paloSantoInstaller.class.php
    /var/www/html/sugarcrmWrapper.php
    /var/www/html/modules/backup_restore/index.php
    /var/www/html/modules/conference/index.php
     
  5. hema

    Joined:
    Nov 9, 2008
    Messages:
    27
    Likes Received:
    0
    Thanks a lot for your reply. I made the changes and things are working fine so far. Will update the group if i will come across any other file where changes are required. Thanks again.

    Regards,
    -Hema
     
  6. jgutierrez

    Joined:
    Feb 28, 2008
    Messages:
    5,737
    Likes Received:
    0
    Excellent! good news, please kepp us updated about it, we would like to know more about it
     
  7. loanrefi

    Joined:
    Aug 20, 2009
    Messages:
    41
    Likes Received:
    0
    I changed the default password from "eLaStIx.2oo7" to something else.

    All the following files have been updated with the new password and work great;

    /var/www/html/vtigercrmWrapper.php
    /var/www/html/libs/paloSantoInstaller.class.php
    /var/www/html/sugarcrmWrapper.php
    /var/www/html/modules/backup_restore/index.php
    /var/www/html/modules/conference/index.php

    EXCEPT application;

    OpenFire

    I try to login in but the login page doesn't show up. Do you know where I can find this file?

    Thanks!
     
  8. jgutierrez

    Joined:
    Feb 28, 2008
    Messages:
    5,737
    Likes Received:
    0
    You may execute the following command:

    grep -r "eLaStIx" /var/www/html/*

    It will reveal you, where you haven't change yet the password
     
  9. loanrefi

    Joined:
    Aug 20, 2009
    Messages:
    41
    Likes Received:
    0
    Thanks for the reply!

    I just tried your command and it doesn't show me anything, just hangs.....
    [root@elastix ~]# grep -r "eLaStIx" /var/www/html/*
     
  10. loanrefi

    Joined:
    Aug 20, 2009
    Messages:
    41
    Likes Received:
    0
    This file I'm looking for must be located some where else. I tried the command one folder up and this is the output;

    [root@elastix ~]# grep -r "eLaStIx" /var/www/*
    /var/www/html/schema.meetme:IDENTIFIED BY 'eLaStIx.asteriskuser.2oo7';
    /var/www/html/modules/graphic_report/libs/grafic_queue.php:$dsnAsteriskCdr = "mysql://asteriskuser:eLaStIx.asteriskuser.2oo7@localhost/asteriskcdrdb";
    /var/www/html/modules/graphic_report/libs/grafic_queue.php:$dsnAsteriskDev = "mysql://asteriskuser:eLaStIx.asteriskuser.2oo7@localhost/asterisk";
    /var/www/html/modules/graphic_report/libs/grafic_trunk2.php:$dsnAsteriskCdr = "mysql://asteriskuser:eLaStIx.asteriskuser.2oo7@localhost/asteriskcdrdb";
    /var/www/html/modules/graphic_report/libs/grafic_trunk.php:$dsnAsteriskCdr = "mysql://asteriskuser:eLaStIx.asteriskuser.2oo7@localhost/asteriskcdrdb";
    /var/www/html/modules/report_call/configs/default.conf.php: $arrConfModule['dsn_conn_database'] = 'mysql://asteriskuser:eLaStIx.asteriskuser.2oo7@localhost/asteriskcdrdb';
     
  11. loanrefi

    Joined:
    Aug 20, 2009
    Messages:
    41
    Likes Received:
    0
    Okay, I can't figure out how to make OpenFire work after changing the default password from "eLaStIx.2oo7" to something else.

    1. I don't allow SSH from internet to my Elastix Server

    2. I don't allow access from internet to phpmyadmin

    Access is available from within the LAN

    Problem;
    I have a MS Terminal Server with users connecting to it on a daily basis and they have access to my LAN. They can access phpmyadmin and I found out they can even run putty to SSH into Elastix or any other Linux Server even thou they don't have rights to install & run programs in MS Win2003K Server.

    For Me - This is a security issue & my choices are;

    A) Leave the password changed to other than "eLaStIx.2oo7", have a broken OpenFire until I learn from this forum how to make OpenFire work after password change.
    B. Leave the default password as it is "eLaStIx.2oo7", have a working OpenFire and hope that I don't get hacked?

    Rafael's above post is correct

    "You can change the password, but a lot of things could break up so you have to be sure, what are you using the PBX for and check that everything works fine."

    IMO -If you change the password Great Chances are if you install something else down the road that is embedded with Elastix you will have problems because the programs use the default password "eLaStIx.2oo7".

    I thought I could use phpmyadmin to manage MySQL Databases by simply login in and managing the following listed Databases;
    asterisk latin1_swedish_ci Check Privileges
    asteriskcdrdb latin1_swedish_ci Check Privileges
    avantfax latin1_swedish_ci Check Privileges
    information_schema utf8_general_ci Check Privileges
    mya2billing latin1_swedish_ci Check Privileges
    mysql latin1_swedish_ci Check Privileges
    openfire latin1_swedish_ci Check Privileges
    roundcubedb latin1_swedish_ci Check Privileges
    sugarcrm latin1_swedish_ci Check Privileges
    vtigercrm503 latin1_swedish_ci Check Privileges
    Total: 10 latin1_swedish_ci

    I guess not? I have Drupal installed on a different server and that is how I manage & create databases.

    Feed back is appreciated!
    Thanks!
     
  12. loanrefi

    Joined:
    Aug 20, 2009
    Messages:
    41
    Likes Received:
    0
    Okay, I checked to see if Openfire is even runing and it appears that its not.

    I tried to start it with;

    [root@elastix init.d]# /etc/init.d/openfire start
    Starting openfire:
    [root@elastix init.d]#

    Nothing

    I tried stopping it;

    [root@elastix init.d]# /etc/init.d/openfire stop
    Shutting down openfire: /etc/init.d/openfire: line 134: kill: (7006) - No such process

    Where could that file be where I need to change the password????????:angry:
     
  13. loanrefi

    Joined:
    Aug 20, 2009
    Messages:
    41
    Likes Received:
    0
    I give up!

    Changing the default "eLaStIx.2oo7" password brakes the system. I'm using all the modules embedded with Elastix and to try and figure out were the passwords are stored, changed them, then if something else gets installed at a later time it will not work unless of course you developed Elastix then you would have no problems.

    After the password change my server was not working so I pulled my backup snapshot restored my server and I'm back in business.

    One thing that is not working after going back to my snapshot is "AvantFax". I can either get a fax to email "OR" store in Inbox but not both.

    If I remove these settings from /var/spool/hylafax/etc/config.ttyIAX* for every modem

    FaxrcvdCmd: bin/faxrcvd.php
    DynamicConfig: bin/dynconf.php
    UseJobTSI: true

    Then fax to email works but Inbox & Archive doesn't.

    What a nightmare.
     
  14. loanrefi

    Joined:
    Aug 20, 2009
    Messages:
    41
    Likes Received:
    0
    After messing around with the password change and reverting back to my backup I notice that my fax to email is now coming from;

    From: uucp uucp@mydomain.com

    Its supposed to come from Elastix@mydomain.com

    Why is it comming from uucp & what is uucp?
     
  15. donhwyo

    Joined:
    Aug 8, 2008
    Messages:
    293
    Likes Received:
    0
    uucp is a system user that many services use.

    Don
     
  16. loanrefi

    Joined:
    Aug 20, 2009
    Messages:
    41
    Likes Received:
    0
    Do you happen to know how I may be able to fix this issue. I need to show faxes coming from "Elastix@mydomain.com".

    Thanks!
     
  17. loanrefi

    Joined:
    Aug 20, 2009
    Messages:
    41
    Likes Received:
    0
    I found the problem in /var/www/html/avantfax/includes/local_config

    // AvantFAX System email address
    //
    // Emails from faxrcvd and notify are sent from this email address
    define('ADMIN_EMAIL', 'Elastix@mydomain.com'); // system return email address

    I only had "Elastix@" and added mydomain.com and now I get the email the way I want it.

    I don'tknow why I had to go through all this trouble if I went back to my snapshot backup and AvantFax, FaxVisor & AvantFAX Archiving was working great prior to me messing arround with password change.

    I had to install sendmail for all this to work again and had to add Masquerade to sendmail in order to overwrite my hostname in my email notifications in;

    /etc/mail/sendmail.mc

    to
    MASQUERADE_AS(exampledomain.com)dnl
    FEATURE(masquerade_envelope)dnl
    FEATURE(masquerade_entire_domain)dnl
    MASQUERADE_DOMAIN(exampledomain.com)dnl

    then ran comand make -C /etc/mail in terminal

    Now fax notification & archiving work but FaxVisor doesn't show my faxes coming in or our. It never showed my faxes going out anyway.

    I really don't mind if it doesn't show the incoming faxes since I'm using AvantFAX which does.

    I'll working on getting outbound faxes to show in AvantFAX GUI.
     
  18. ramoncio

    Joined:
    May 12, 2010
    Messages:
    1,663
    Likes Received:
    0
    With this command you can change all harcoded passwords at once:

    Code:
    find /var/www/ "*.*" | xargs perl -pi -e 's/eLaStIx.2oo7/newpassword/g'
    
    It is a one-liner but Fireboard happily breaks lines as usual.
     
  19. loanrefi

    Joined:
    Aug 20, 2009
    Messages:
    41
    Likes Received:
    0
    Ramoncio, Success!! Your command changes the password in the files automatically.

    Openfire did not work again but I started thinking about it and made me believe there was another file some where else.

    I found the file at; /opt/openfire/config/openfire.xml

    That was the file that holds the password that connects to MySQL. The password is near the bottom of the file.

    I found this file by referring to the instructions I followed from this
    site http://www.elastixconnection.com/index. ... &task=view

    Openfire automatically stores and uses whatever password you give it when you set it up in this file.

    So if you change Elastix default password you need to come to this file & change the password to match your MySQL passoword.

    I also had to make sure this file has 664 permissions and is owned by daemon daemon. After going thru the setup again I was afraid Iwas going to loose my database but I did not I still have it working.

    Just a summary, I'm using the following modules embedded with Elastix & changed the MySQL default password.

    IM Openfire
    AvantFax
    SugarCRM
    VTiger (Just testing it out)
    FreePBX of cours

    Files where to change password;
    /var/www/html/vtigercrmWrapper.php
    /var/www/html/libs/paloSantoInstaller.class.php
    /var/www/html/sugarcrmWrapper.php
    /var/www/html/modules/backup_restore/index.php
    /var/www/html/modules/conference/index.php

    AND /opt/openfire/conf/openfire.xml

    Success!! Problem Solved!!
    Thank you!
     
  20. Patrick_elx

    Joined:
    Dec 14, 2008
    Messages:
    1,120
    Likes Received:
    0
    It's also a security issue from the LAN... We should be able to change it as easily as the gui password. Or better, the password should be randomized during the initial install.
     

Share This Page