Internal Security

Discussion in 'General' started by dicko, Feb 24, 2009.

  1. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    (Or how to spy on all calls with impunity, without any body caring)
    The availability of "extensions" 555 (chanspy) and 888(ZapBarge) exposes a "naive" implementer to a "smartypants" FreePBX aware user. He may listen in to the Boss' private conversation with impunity. They should either be off (in feature codes" ) minimally, renumbered, or preferably re-implimented in a custom-extension that requires a password, The "Boss" should be made aware of this "feature" if it is enabled (Liability, anybody?)

    vm_general.inc should IMHO have:-

    forcename=yes
    forcegreeting=yes

    added to encourage new users to change their passwords ( and add greetings ) from a justifiable "new user state" of password=extension. for a similar privacy reasoning.

    Code:
    echo -e "forcename=yes\nforcegreeting=yes" >> /etc/asterisk/vm_general.inc
    
     
  2. gbonebrake

    Joined:
    Aug 25, 2008
    Messages:
    18
    Likes Received:
    0
    Along these same lines... I'm using the free version of iSymphony in a couple places for call management. The free version has unrestricted call barge capability with no security method for restricitng this by user. Is there a way through Asterisk configuration to system wide turn barge off without breaking something else? I know very little of the underlying methods that iSymphony uses to control calls and barge, guess I need to watch the log files during the process to see what is going on.

    Thanks in advance -

    Greg
     
  3. Chilling_Silence

    Joined:
    Sep 23, 2008
    Messages:
    488
    Likes Received:
    0
    Shouldnt that be:
    Code:
    echo -e "forcename=yes\nforcegreeting=yes" >> /etc/asterisk/vm_general.inc
    You missed the backslash before the "n" (But I think its just the Forum doing that)

    Appreciate the heads up, didnt know that could be done so easily! Brilliant stuff :)
    Is there a force pwd change option also?

    Edit: Stupid forum software keeps removing the backslash. See here: http://pastie.org/441499.txt
     
  4. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    Not without scripting it (which I have but it's a little complicated being a pair of modified /var/lib/asterisk/bin/chk_vm_pwd.agi scripts , and a context wrapper) but I believe it will be a feature in FreePBX very soon as part of the "check stupid passwords, at least for extension secrets" effort.
    I agree stupid software the backslash was indeed removed/var/lib/asterisk/agi-bin/
     

Share This Page