Securing Elastix, what else more

Discussion in 'General' started by alben, Feb 13, 2010.

  1. alben

    Joined:
    Jan 20, 2010
    Messages:
    28
    Likes Received:
    0
    Hi, with the help of this forum i have my elastix box safer, in things like ssh, elastix, freepbx and a2billing login.
    I am wondering now, do I need to take some additional steps?
    what about the other extras like sugar, tiger, fop, etc, do they have any open door?
    thanks a lot
     
  2. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    Just the normal security stuff really, first set up your firewall (hardware or iptables) as restrictively as possible. maybe start with:

    run nmap -v -p 1-65535 <your-server-ip> (at a quiet time) from a box on the outside.

    Investigate anything that shows up that you don't recognize. As to the html stuff I suggest you limit the access in /etc/httpd/conf/httpd.conf by allowable networks and hosts (deny all/allow <whatever you need> )

    look into ossec or fail2ban, add rkhunter or something like that, image your machine (and test it), before AND after every major change, mondorestore works for me. Make a complete backup of the system state every night, as I've said before some security issues are behind the keyboard.
     
  3. elastix-tob

    Joined:
    Aug 16, 2010
    Messages:
    13
    Likes Received:
    0
    is there any guide to follow for securing the elastix system?
     

Share This Page