英文名 Jack Lin
專長 Asterisk PBX Intsallation & basic setup
使用平台 PBX in a Flash on DELL SC-440, Asterisk on Asus WL-520GU, Asterisk/FreePBX on SheevaPlug
電子信箱 jack888lin@gmail.com
#!/bin/bash # Asterisk/FreePBX Install Script on SheevaPlug Debian Squeeze (For USB Drive or SDHC use but not for internal NAND) # Re-Written By Jack Lin, on Nov. 1, 2010 # # Originally based on a script by Stephen Brown - http://www.k1lnx.net/wiki/ # # This script installs the version of Asterisk 1.4.35, dahdi-linux-complete-2.2.1.2+2.2.1.1 and FreePBX 2.7.0 on a new install of Debian "Squeeze". # # You should be aware of that # If you don't like the Asterisk version above you can change it to any version as you wish between Asterisk1.4 and Asterisk1.6. # FreePBX version will fit from 2.6 to 2.8. # As for DAHDI Linux / DAHDI Tools you'd better stick with dahdi-linux-complete-2.4.0+2.4.0, dahdi-linux-complete-2.2.1.2+2.2.1.1 or dahdi-linux-complete-2.2.1+2.2.1 because the others will probably cause a high cpu usage issue in SheevaPlug. Or you can comment it out if you don't use Meetme conferencing. # # Must be run with superuser privileges. # # Script functions # # Random password generator function # This may not be the most secure method as it makes use of /dev/urandom but can generate random passwords nonetheless :) date df -h function passwd () { passwds=(`cat /dev/urandom | tr -dc "a-zA-Z0-9" | fold -w 10 | head -n 5`) MYSQL_ROOT_PW=`echo ${passwds[1]}` ASTERISK_DB_PW=`echo ${passwds[2]}` ASTERISK_MGR_PW=`echo ${passwds[3]}` ARI_PW=`echo ${passwds[4]}` echo "# Make sure to keep these in a safe place!!!" > /root/passwords echo "MySQL root password is: $MYSQL_ROOT_PW" >> /root/passwords echo "Asterisk database password is: $ASTERISK_DB_PW" >> /root/passwords echo "Asterisk manager portal password is: $ASTERISK_MGR_PW" >> /root/passwords echo "ARI password is: $ARI_PW" >> /root/passwords echo "Random passwords generated..." # encrypt the password file with gpg # This may not be a good idea. I would like to encrypt the final password file, but they can easily be seen in their respective config files anyhow echo "Encrypting file, please enter a password you will remember for decryption!" echo "The file WILL NOT be recoverable without it due to the use of strong encryption!" echo "Press return when ready: " ;read input gpg -c /root/passwords rm /root/passwords mkdir /root/passwords mv passwords.gpg /root/passwords echo "To decrypt this file run gpg passwords.gpg and supply the password you used to encrypt the file originally when asked" > /root/passwords/README.passwords } # Yes/No function for script interaction function promptyn () { echo -n "$1 [y/N]? " read ANSWER if [ ! -z $ANSWER ] then if [ $ANSWER = Y ] || [ $ANSWER = y ] then ANSWER=Y else ANSWER=N fi else ANSWER=N fi } # Intro text clear echo "This script installs the version of Asterisk 1.4.35, Asterisk Addons-1.4.11, FreePBX 2.7.0, libpri and dahdi-linux-complete-2.2.1.2+2.2.1.1" echo "It will first update/upgrade any packages, and then (optionally) install the OpenSSH server and client. This is highly recommended" echo "Press return to continue, Ctrl-C to abort: " ;read input # Password generation echo "Random passwords for all applications will now be generated and placed in /root/passwords" echo "File will be encrypted for your protection!!!" echo "Press enter to continue: " ;read input passwd # Ensure package directory up to date and system upgraded promptyn "Preparing to run package updates. Would you like to install the OpenSSH server and client?" if [ "$ANSWER" = "N" ] ; then echo "OpenSSH server will NOT be installed, press enter to continue" ;read input fi apt-get -y update apt-get -y dist-upgrade # Variables IP_ADDRESS=`ifconfig eth0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'` FREEPBX_VERSION=2.7.0 # Retrieve utilities and set debconf to noninteractive front-end apt-get -y install debconf-utils debconf-set-selections <<CONF_EOF debconf debconf/frontend select noninteractive CONF_EOF # Install mysql server apt-get -y install mysql-server-5.1 # Configure mysql root password mysqladmin -u root password ${MYSQL_ROOT_PW} # Set debconf back to normal interactive front-end debconf-set-selections <<CONF_EOF debconf debconf/frontend select Dialog CONF_EOF # Install the dependencies for Asterisk apt-get -y install ssh kernel-package g++ libncurses5-dev linux-libc-dev sqlite libnewt-dev libusb-dev zlib1g-dev libmysqlclient-dev libsqlite0-dev php5 mysql-server-5.1 php-pear php5-mysql php-db php5-gd linux-headers-$(uname -r) bison openssl libssl-dev libeditline0 libeditline-dev libedit-dev gcc make mc php5-cli sox # Download and extract Astersik and Asterisk-related files mkdir -p /usr/src/asterisk cd /usr/src/asterisk wget http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/asterisk-1.4.35.tar.gz wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-addons-1.4-current.tar.gz wget http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete/releases/dahdi-linux-complete-2.2.1.2+2.2.1.1.tar.gz wget http://downloads.digium.com/pub/libpri/libpri-1.4-current.tar.gz tar xfvz asterisk-1.4.35.tar.gz tar xfvz asterisk-addons-1.4-current.tar.gz tar xfvz dahdi-linux-complete-2.2.1.2+2.2.1.1.tar.gz tar xfvz libpri-1.4-current.tar.gz rm asterisk-1.4.35.tar.gz rm asterisk-addons-1.4-current.tar.gz rm dahdi-linux-complete-2.2.1.2+2.2.1.1.tar.gz rm libpri-1.4-current.tar.gz # Install Libpri cd `find . -name "libpri-1.4.*" -print` make clean make make install cd .. # Install DADHI cd `find . -name "dahdi-linux-complete-2.2.*" -print` make all make install make config cd .. # Install Asterisk 1.4 # In Asterisk Module and Build Option Selection, You can simply go with the defaults and press Exit - this will install all that is needed. # Or you can chose to install extra language and sound files in 12. Core Sound Packages, 13. Music On Hold File Packages and 14. Extras Sound Packages for better quality audio, and to avoid transcoding sound files. cd `find . -name "asterisk-1.4.*" -print` make clean ./configure --disable-xmldoc sed -i 's/PROC=armv5tel/PROC=arm/g' /usr/src/asterisk/asterisk-1.4.*/makeopts make menuselect make make install make samples make progdocs make config cd .. # Install Asterisk Addons # In asterisk-Addons module selection, make sure to deselect H323 in channel drivers. # Press Esc to return to the main menu, then x to save your changes. The install will continue. cd `find . -name "asterisk-addons-1.4.*" -print` make clean ./configure make menuselect make make install cd ../../ # Create asterisk user and group, adding to www-data group for apache server adduser asterisk --disabled-password --gecos "asterisk PBX" adduser www-data asterisk # Fix up apache configuration to run as asterisk user cp /etc/apache2/apache2.conf /etc/apache2/apache2.conf-orig sed -i "s/\(^User *\)\(.*\)/\1asterisk/" /etc/apache2/apache2.conf sed -i "s/\(^Group *\)\(.*\)/\1asterisk/" /etc/apache2/apache2.conf # Patch safe_asterisk script to use bash sed -i "s|#!/bin/sh|#!/bin/bash|" /usr/sbin/safe_asterisk # Add dummy timing device for asterisk modprobe dahdi_dummy # Download and unpack freepbx wget http://mirror.freepbx.org/freepbx-${FREEPBX_VERSION}.tar.gz tar xfvz freepbx-${FREEPBX_VERSION}.tar.gz rm freepbx-${FREEPBX_VERSION}.tar.gz # Add Asterisk startup item cat > /etc/init.d/asterisk <<-END_STARTUP #!/bin/bash set -e set -a PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DESC="Asterisk" NAME=amportal DAEMON=/usr/sbin/\$NAME test -x \$DAEMON || exit 0 d_start() { amportal start } d_stop() { amportal stop } d_reload() { amportal restart } case "\$1" in start) echo -n "Starting \$DESC: \$NAME" d_start echo "." ;; stop) echo -n "Stopping \$DESC: \$NAME" d_stop echo "." ;; restart|force-reload) echo -n "Restarting \$DESC: \$NAME" d_stop sleep 10 d_start echo "." ;; *) echo "Usage: \$SCRIPTNAME {start|stop|restart|force-reload}" >&2 exit 3 ;; esac exit 0 END_STARTUP chmod 755 /etc/init.d/asterisk update-rc.d asterisk defaults 90 10 # Configure freepbx cd freepbx-${FREEPBX_VERSION} # Setup databases for freepbx use mysqladmin -u root -p${MYSQL_ROOT_PW} create asterisk mysqladmin -u root -p${MYSQL_ROOT_PW} create asteriskcdrdb mysql -u root -p${MYSQL_ROOT_PW} asterisk < SQL/newinstall.sql mysql -u root -p${MYSQL_ROOT_PW} asteriskcdrdb < SQL/cdr_mysql_table.sql mysql -u root -p${MYSQL_ROOT_PW} <<-END_PRIVS GRANT ALL PRIVILEGES ON asterisk.* TO asteriskuser@localhost IDENTIFIED BY "${ASTERISK_DB_PW}"; GRANT ALL PRIVILEGES ON asteriskcdrdb.* TO asteriskuser@localhost IDENTIFIED BY "${ASTERISK_DB_PW}"; flush privileges; END_PRIVS # Reconfigure php for freepbx cp /etc/php5/apache2/php.ini /etc/php5/apache2/php.ini-orig sed -i "s/\(upload_max_filesize *= *\)\(.*\)/\120M/" /etc/php5/apache2/php.ini sed -i "s/\(memory_limit *= *\)\(.*\)/\1128M/" /etc/php5/apache2/php.ini #sed -i "s/\(magic_quotes_gpc *= *\)\(.*\)/\1Off/" /etc/php5/apache2/php.ini sed -i 's/;suhosin.memory_limit = 0/suhosin.memory_limit = 134217728/' /etc/php5/conf.d/suhosin.ini # Fix up directory use and permissions for asterisk chown asterisk:asterisk /var/run/asterisk chown asterisk:asterisk -R /etc/asterisk chown asterisk:asterisk -R /var/lib/asterisk chown asterisk:asterisk -R /var/log/asterisk chown asterisk:asterisk -R /var/spool/asterisk chown asterisk:asterisk -R /var/www sed -i "s/\[directories\](!) .*/[directories]/" /etc/asterisk/asterisk.conf sed -i "s|astrundir *=> */var/run|astrundir => /var/run/asterisk|" /etc/asterisk/asterisk.conf # Fix mohmp3 #mkdir -p /var/lib/asterisk/mohmp3 #cp /var/lib/asterisk/moh/* /var/lib/asterisk/mohmp3 ln -s /var/lib/asterisk/moh /var/lib/asterisk/mohmp3 #chown -R asterisk:asterisk /var/lib/asterisk/mohmp3 #chmod -R ug+rwx,o+rx-w /var/lib/asterisk/mohmp3 # Start Asterisk ./start_asterisk start # Configure amportal cp amportal.conf /etc/amportal.conf sed -i "s/# \(AMPDBUSER=asteriskuser\) */\1/" /etc/amportal.conf sed -i "s/# \(AMPDBPASS=\).*/\1${ASTERISK_DB_PW}/" /etc/amportal.conf sed -i "s/AUTHTYPE=none/AUTHTYPE=database/" /etc/amportal.conf sed -i "s|\(AMPWEBROOT=\)/var/www/html|\1/var/www|" /etc/amportal.conf sed -i "s|\(FOPWEBROOT=\)/var/www/html/panel|\1/var/www/panel|" /etc/amportal.conf sed -i "/#AMPWEBADDRESS=192.168.1.101/d" /etc/amportal.conf sed -i "s/AMPWEBADDRESS=/AMPWEBADDRESS=${IP_ADDRESS}/" /etc/amportal.conf # Change default manager password sed -i "s/secret = amp111/secret = ${ASTERISK_MGR_PW}/" /etc/asterisk/manager.conf sed -i "s/AMPMGRPASS=amp111/AMPMGRPASS=${ASTERISK_MGR_PW}/" /etc/amportal.conf # Enable DAHDI for FreePBX sed -i "s/# ZAP2DAHDICOMPAT=true|false/ZAP2DAHDICOMPAT=true/" /etc/amportal.conf # Install amp ./install_amp # Fix and start apache web server echo " ServerName Debian " >> /etc/apache2/apache2.conf /etc/init.d/apache2 restart # Start amportal amportal start # Set ARI admin password sed -i "s/ari_password/${ARI_PW}/" /var/www/recordings/includes/main.conf.php # Setup log rotation touch /etc/logrotate.d/asterisk echo " /var/log/asterisk/*log { missingok rotate 5 weekly create 0640 asterisk asterisk postrotate /usr/sbin/asterisk -rx 'logger reload' > /dev/null 2> /dev/null endscript } /var/log/asterisk/full { missingok rotate 5 daily create 0640 asterisk asterisk postrotate /usr/sbin/asterisk -rx 'logger reload' > /dev/null 2> /dev/null endscript } /var/log/asterisk/cdr-csv/*csv { missingok rotate 5 monthly create 0640 asterisk asterisk } /var/log/atftp.log { missingok rotate 5 monthly create 0640 nobody nobody } " > /etc/logrotate.d/asterisk clear echo "Complete. You can access FreePBX at http://$IP_ADDRESS/admin" echo "Login using username asteriskuser and password $ASTERISK_DB_PW" date df -h
cd /root chmod +x asterisk1435 ./asterisk1435
reboot
References:
http://www.k1lnx.net/wiki/
https://wiki.ubuntu.com/AsteriskScri...FreePBX_1.2.sh
http://www.corenetworks.com.au/wiki/...freepbx_script
http://www.plugpbx.org/?page_id=137
http://forums.plugpbx.org/index.php/topic,102.0.html
http://www.fonicaprojects.com/wiki/i...ePBX_on_Debian
Written by Jack Lin on Nov. 6, 2010
在SheevaPlug Debian Squeeze安裝好Asterisk/FreePBX後, 讓我覺得缺少些什麼,就像是沒有穿衣服一樣,
那就為它穿上一套功能極為強大又免費的OSSEC主機型入侵偵測系統,可以讓人多少安心一點.
什麼是OSSEC主機型入侵偵測系統? 為什麼要為Asterisk/FreePBX安裝OSSEC主機型入侵偵測系統?
就我簡而言之,就是OSSEC可隨時偵測主機系統在遭受到入侵行為時,主動加以阻斷反制並立即通知你的一套安全系統,好神.
所以要為Asterisk/FreePBX安裝OSSEC主機型入侵偵測系統是理所當然. 當然還有別的選擇,如 fail2ban 我也很喜歡.
有關OSSEC主機型入侵偵測系統詳細說明請參閱所附參考資料.