User:jack

    版本為 21:25, 23 Nov 2024

    到這個版本。

    返回到 版本存檔.

    查閱目前版本

    作者簡介

    英文名           Jack Lin
    專長               Asterisk PBX Intsallation & basic setup
    使用平台        PBX in a Flash on DELL SC-440, Asterisk on Asus WL-520GU, Asterisk/FreePBX on SheevaPlug

    電子信箱        jack888lin@gmail.com


    作品(筆記)

    1.Install Asterisk/FreePBX on SheevaPlug Debian Squeeze
    注意事項:
    1. 先決條件: SheevaPlug須設定從USB或SDHC端開機, 開機端OS為Debian Squeeze且為新安裝
    2. USB端可使用usb stick隨身碟或usb hd, 若使用usb hd時,hd須自備電源
    3. 為避免安裝途中發生意外錯誤或中斷, 安裝前須先將開機端整個作業系統image備份救援用
    4. 將下列Code 1虛線內整個script用記事本存為asterisk1435檔名
    5. 用winscp將asterisk1435檔複製到Debian Squeeze之root目錄,記得把asterisk1435.txt之副檔名.txt刪除
    6. 整個asterisk1435 script腳本安裝所需時間大約為1小時15分,安裝後佔用USB空間約為0.7G
    7. 執行指令須有root權限
    8. 安裝完畢後會自動顯示FreePBX之IP位址,帳號及密碼,要記起來,另有密碼包在/root/passwords,須妥慎保管
    9. 安裝完成後reboot重新啟動, 確認無誤
    Code 1: asterisk1435
    #!/bin/bash
    # Asterisk/FreePBX Install Script on SheevaPlug Debian Squeeze (For USB Drive or SDHC use but not for internal NAND)
    # Re-Written By Jack Lin, on Nov. 1, 2010
    #
    # Originally based on a script by Stephen Brown - http://www.k1lnx.net/wiki/
    #
    # This script installs the version of Asterisk 1.4.35, dahdi-linux-complete-2.2.1.2+2.2.1.1 and FreePBX 2.7.0 on a new install of Debian "Squeeze".
    #
    # You should be aware of that
    # If you don't like the Asterisk version above you can change it to any version as you wish between Asterisk1.4 and Asterisk1.6.
    # FreePBX version will fit from 2.6 to 2.8.
    # As for DAHDI Linux / DAHDI Tools you'd better stick with dahdi-linux-complete-2.4.0+2.4.0, dahdi-linux-complete-2.2.1.2+2.2.1.1 or dahdi-linux-complete-2.2.1+2.2.1 because the others will probably cause a high cpu usage issue in SheevaPlug. Or you can comment it out if you don't use Meetme conferencing.
    #
    # Must be run with superuser privileges.
    #
    # Script functions
    #
    # Random password generator function
    # This may not be the most secure method as it makes use of /dev/urandom but can generate random passwords nonetheless :)
    
    date
    df -h
    
    function passwd ()
    {
        passwds=(`cat /dev/urandom | tr -dc "a-zA-Z0-9" | fold -w 10 | head -n 5`)
        MYSQL_ROOT_PW=`echo ${passwds[1]}`
        ASTERISK_DB_PW=`echo ${passwds[2]}`
        ASTERISK_MGR_PW=`echo ${passwds[3]}`
        ARI_PW=`echo ${passwds[4]}`
        
        echo "# Make sure to keep these in a safe place!!!" > /root/passwords
        echo "MySQL root password is: $MYSQL_ROOT_PW" >> /root/passwords
        echo "Asterisk database password is: $ASTERISK_DB_PW" >> /root/passwords
        echo "Asterisk manager portal password is: $ASTERISK_MGR_PW" >> /root/passwords
        echo "ARI password is: $ARI_PW" >> /root/passwords
        echo "Random passwords generated..."
        
        # encrypt the password file with gpg
        # This may not be a good idea. I would like to encrypt the final password file, but they can easily be seen in their respective config files anyhow
        echo "Encrypting file, please enter a password you will remember for decryption!"
        echo "The file WILL NOT be recoverable without it due to the use of strong encryption!"
        echo "Press return when ready: " ;read input
        gpg -c /root/passwords
        rm /root/passwords
        mkdir /root/passwords
        mv passwords.gpg /root/passwords
        echo "To decrypt this file run gpg passwords.gpg and supply the password you used to encrypt the file originally when asked" > /root/passwords/README.passwords
    }
    
    # Yes/No function for script interaction
    
    function promptyn ()
    {
            echo -n "$1 [y/N]? "
            read ANSWER
        if [ ! -z $ANSWER ]
        then
                   if [ $ANSWER = Y ] || [ $ANSWER = y ]
                  then
                        ANSWER=Y
                else
                        ANSWER=N
                fi
        else
            ANSWER=N
        fi
    }
    
    # Intro text
    clear
    echo "This script installs the version of Asterisk 1.4.35, Asterisk Addons-1.4.11, FreePBX 2.7.0, libpri and dahdi-linux-complete-2.2.1.2+2.2.1.1"
    echo "It will first update/upgrade any packages, and then (optionally) install the OpenSSH server and client. This is highly recommended"
    echo "Press return to continue, Ctrl-C to abort: " ;read input
    
    # Password generation
    echo "Random passwords for all applications will now be generated and placed in /root/passwords"
    echo "File will be encrypted for your protection!!!"
    echo "Press enter to continue: " ;read input
    passwd
    
    # Ensure package directory up to date and system upgraded
    promptyn "Preparing to run package updates. Would you like to install the OpenSSH server and client?"
        if [ "$ANSWER" = "N" ] ; then
            echo "OpenSSH server will NOT be installed, press enter to continue" ;read input
        fi
    
    apt-get -y update
    apt-get -y dist-upgrade
    
    # Variables
    IP_ADDRESS=`ifconfig eth0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'`
    FREEPBX_VERSION=2.7.0
    
    # Retrieve utilities and set debconf to noninteractive front-end
    apt-get -y install debconf-utils
    debconf-set-selections <<CONF_EOF
    debconf debconf/frontend select noninteractive
    CONF_EOF
    
    # Install mysql server
    apt-get -y install mysql-server-5.1
    
    # Configure mysql root password
    mysqladmin -u root password ${MYSQL_ROOT_PW}
    
    # Set debconf back to normal interactive front-end
    debconf-set-selections <<CONF_EOF
    debconf debconf/frontend select Dialog
    CONF_EOF
    
    # Install the dependencies for Asterisk
    apt-get -y install ssh kernel-package g++ libncurses5-dev linux-libc-dev sqlite libnewt-dev libusb-dev zlib1g-dev libmysqlclient-dev libsqlite0-dev php5 mysql-server-5.1 php-pear php5-mysql php-db php5-gd linux-headers-$(uname -r) bison openssl libssl-dev libeditline0 libeditline-dev libedit-dev gcc make mc php5-cli sox
    
    # Download and extract Astersik and Asterisk-related files
    
    mkdir -p /usr/src/asterisk
    cd /usr/src/asterisk
    wget http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/asterisk-1.4.35.tar.gz
    wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-addons-1.4-current.tar.gz
    wget http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete/releases/dahdi-linux-complete-2.2.1.2+2.2.1.1.tar.gz
    wget http://downloads.digium.com/pub/libpri/libpri-1.4-current.tar.gz
    
    tar xfvz asterisk-1.4.35.tar.gz
    tar xfvz asterisk-addons-1.4-current.tar.gz
    tar xfvz dahdi-linux-complete-2.2.1.2+2.2.1.1.tar.gz
    tar xfvz libpri-1.4-current.tar.gz
    
    rm asterisk-1.4.35.tar.gz
    rm asterisk-addons-1.4-current.tar.gz
    rm dahdi-linux-complete-2.2.1.2+2.2.1.1.tar.gz
    rm libpri-1.4-current.tar.gz
    
    # Install Libpri
    cd `find . -name "libpri-1.4.*" -print`
    make clean
    make
    make install
    cd ..
    
    # Install DADHI
    cd `find . -name "dahdi-linux-complete-2.2.*" -print`
    make all
    make install
    make config
    cd ..
    
    # Install Asterisk 1.4
    # In Asterisk Module and Build Option Selection, You can simply go with the defaults and press Exit - this will install all that is needed.
    # Or you can chose to install extra language and sound files in 12. Core Sound Packages, 13. Music On Hold File Packages and 14. Extras Sound Packages for better quality audio, and to avoid transcoding sound files.
    cd `find . -name "asterisk-1.4.*" -print`
    make clean
    ./configure --disable-xmldoc
    sed -i 's/PROC=armv5tel/PROC=arm/g' /usr/src/asterisk/asterisk-1.4.*/makeopts
    make menuselect
    make
    make install
    make samples
    make progdocs
    make config
    cd ..
    
    # Install Asterisk Addons
    # In asterisk-Addons module selection, make sure to deselect H323 in channel drivers.
    # Press Esc to return to the main menu, then x to save your changes. The install will continue.
    cd `find . -name "asterisk-addons-1.4.*" -print`
    make clean
    ./configure
    make menuselect
    make
    make install
    
    cd ../../
    
    # Create asterisk user and group, adding to www-data group for apache server
    adduser asterisk --disabled-password --gecos "asterisk PBX"
    adduser www-data asterisk
    
    # Fix up apache configuration to run as asterisk user
    cp /etc/apache2/apache2.conf /etc/apache2/apache2.conf-orig
    sed -i "s/\(^User *\)\(.*\)/\1asterisk/" /etc/apache2/apache2.conf
    sed -i "s/\(^Group *\)\(.*\)/\1asterisk/" /etc/apache2/apache2.conf
    
    # Patch safe_asterisk script to use bash
    sed -i "s|#!/bin/sh|#!/bin/bash|" /usr/sbin/safe_asterisk
    
    # Add dummy timing device for asterisk
    modprobe dahdi_dummy
    
    # Download and unpack freepbx
    wget http://mirror.freepbx.org/freepbx-${FREEPBX_VERSION}.tar.gz
    tar xfvz freepbx-${FREEPBX_VERSION}.tar.gz
    rm freepbx-${FREEPBX_VERSION}.tar.gz
    
    # Add Asterisk startup item
    cat > /etc/init.d/asterisk <<-END_STARTUP
    #!/bin/bash
    set -e
    set -a
    PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
    DESC="Asterisk"
    NAME=amportal
    DAEMON=/usr/sbin/\$NAME
    
    test -x \$DAEMON || exit 0
    
    d_start() {
        amportal start
    }
    
    d_stop() {
        amportal stop
    }
    
    d_reload() {
        amportal restart
    }
    
    case "\$1" in
    
    start)
        echo -n "Starting \$DESC: \$NAME"
        d_start
        echo "."
    ;;
    
    stop)
        echo -n "Stopping \$DESC: \$NAME"
        d_stop
        echo "."
    ;;
    
    restart|force-reload)
        echo -n "Restarting \$DESC: \$NAME"
        d_stop
        sleep 10
        d_start
        echo "."
    ;;
    
    *)
    
        echo "Usage: \$SCRIPTNAME {start|stop|restart|force-reload}" >&2
        exit 3
    ;;
    
    esac
    
    exit 0
    END_STARTUP
    
    chmod 755 /etc/init.d/asterisk
    update-rc.d asterisk defaults 90 10
    
    # Configure freepbx
    cd freepbx-${FREEPBX_VERSION}
    
    # Setup databases for freepbx use
    mysqladmin -u root -p${MYSQL_ROOT_PW} create asterisk
    mysqladmin -u root -p${MYSQL_ROOT_PW} create asteriskcdrdb
    mysql -u root -p${MYSQL_ROOT_PW} asterisk < SQL/newinstall.sql
    mysql -u root -p${MYSQL_ROOT_PW} asteriskcdrdb < SQL/cdr_mysql_table.sql
    mysql -u root -p${MYSQL_ROOT_PW} <<-END_PRIVS
            GRANT ALL PRIVILEGES ON asterisk.* TO asteriskuser@localhost IDENTIFIED BY "${ASTERISK_DB_PW}";
            GRANT ALL PRIVILEGES ON asteriskcdrdb.* TO asteriskuser@localhost IDENTIFIED BY "${ASTERISK_DB_PW}";
            flush privileges;
    END_PRIVS
    
    # Reconfigure php for freepbx
    cp /etc/php5/apache2/php.ini /etc/php5/apache2/php.ini-orig
    sed -i "s/\(upload_max_filesize *= *\)\(.*\)/\120M/" /etc/php5/apache2/php.ini
    sed -i "s/\(memory_limit *= *\)\(.*\)/\1128M/" /etc/php5/apache2/php.ini
    #sed -i "s/\(magic_quotes_gpc *= *\)\(.*\)/\1Off/" /etc/php5/apache2/php.ini
    sed -i 's/;suhosin.memory_limit = 0/suhosin.memory_limit = 134217728/' /etc/php5/conf.d/suhosin.ini
    
    # Fix up directory use and permissions for asterisk
    chown asterisk:asterisk /var/run/asterisk
    chown asterisk:asterisk -R /etc/asterisk
    chown asterisk:asterisk -R /var/lib/asterisk
    chown asterisk:asterisk -R /var/log/asterisk
    chown asterisk:asterisk -R /var/spool/asterisk
    chown asterisk:asterisk -R /var/www
    sed -i "s/\[directories\](!) .*/[directories]/" /etc/asterisk/asterisk.conf
    sed -i "s|astrundir *=> */var/run|astrundir => /var/run/asterisk|" /etc/asterisk/asterisk.conf
    
    # Fix mohmp3
    #mkdir -p /var/lib/asterisk/mohmp3
    #cp /var/lib/asterisk/moh/* /var/lib/asterisk/mohmp3
    ln -s /var/lib/asterisk/moh /var/lib/asterisk/mohmp3
    #chown -R asterisk:asterisk /var/lib/asterisk/mohmp3
    #chmod -R ug+rwx,o+rx-w /var/lib/asterisk/mohmp3
    
    # Start Asterisk
    ./start_asterisk start
    
    # Configure amportal
    cp amportal.conf /etc/amportal.conf
    sed -i "s/# \(AMPDBUSER=asteriskuser\) */\1/" /etc/amportal.conf
    sed -i "s/# \(AMPDBPASS=\).*/\1${ASTERISK_DB_PW}/" /etc/amportal.conf
    sed -i "s/AUTHTYPE=none/AUTHTYPE=database/" /etc/amportal.conf
    sed -i "s|\(AMPWEBROOT=\)/var/www/html|\1/var/www|" /etc/amportal.conf
    sed -i "s|\(FOPWEBROOT=\)/var/www/html/panel|\1/var/www/panel|" /etc/amportal.conf
    sed -i "/#AMPWEBADDRESS=192.168.1.101/d" /etc/amportal.conf
    sed -i "s/AMPWEBADDRESS=/AMPWEBADDRESS=${IP_ADDRESS}/" /etc/amportal.conf
    
    # Change default manager password
    sed -i "s/secret = amp111/secret = ${ASTERISK_MGR_PW}/" /etc/asterisk/manager.conf
    sed -i "s/AMPMGRPASS=amp111/AMPMGRPASS=${ASTERISK_MGR_PW}/" /etc/amportal.conf
    
    # Enable DAHDI for FreePBX
    sed -i "s/# ZAP2DAHDICOMPAT=true|false/ZAP2DAHDICOMPAT=true/" /etc/amportal.conf
    
    # Install amp
    ./install_amp
    
    # Fix and start apache web server
    echo "
    ServerName Debian
    " >> /etc/apache2/apache2.conf
    
    /etc/init.d/apache2 restart
    
    # Start amportal
    amportal start
    
    # Set ARI admin password
    sed -i "s/ari_password/${ARI_PW}/" /var/www/recordings/includes/main.conf.php
    
    # Setup log rotation
    touch /etc/logrotate.d/asterisk
    echo "
    /var/log/asterisk/*log {
       missingok
       rotate 5
       weekly
       create 0640 asterisk asterisk
       postrotate
           /usr/sbin/asterisk -rx 'logger reload' > /dev/null 2> /dev/null
       endscript
    }
    
    /var/log/asterisk/full {
       missingok
       rotate 5
       daily
       create 0640 asterisk asterisk
       postrotate
           /usr/sbin/asterisk -rx 'logger reload' > /dev/null 2> /dev/null
       endscript
    }
    
    /var/log/asterisk/cdr-csv/*csv {
       missingok
       rotate 5
       monthly
       create 0640 asterisk asterisk
    }
    
    
    /var/log/atftp.log {
       missingok
       rotate 5
       monthly
       create 0640 nobody nobody
    }
    
    "  > /etc/logrotate.d/asterisk
    
    clear
    echo "Complete. You can access FreePBX at http://$IP_ADDRESS/admin"
    echo "Login using username asteriskuser and password $ASTERISK_DB_PW"
    
    date
    df -h
    Code 2: 開始安裝
    cd /root
    
    chmod +x asterisk1435
    
    ./asterisk1435
    2.Install Asterisk/FreePBX on SheevaPlug Debian Squeeze Part 2
                                 Written by Jack Lin on Nov. 6, 2010

    在SheevaPlug Debian Squeeze安裝好Asterisk/FreePBX後, 讓我覺得缺少些什麼,就像是沒有穿衣服一樣,那就為它穿上一套功能極為強大又免費的OSSEC主機型入侵偵測系統,可以讓人多少安心一點.

    什麼是OSSEC主機型入侵偵測系統? 為什麼要為Asterisk/FreePBX安裝OSSEC主機型入侵偵測系統?
    就我簡而言之,就是OSSEC可隨時偵測主機系統在遭受到入侵行為時,主動加以阻斷反制並立即通知你的一套安全系統,覺得好神.所以要為Asterisk/FreePBX安裝OSSEC主機型入侵偵測系統試試看. 如果覺得不合用,當然還有別的選擇,如 fail2ban 我也很喜歡,若不會造成衝突的話,也把fail2ban裝在一起試試看.


    有關OSSEC主機型入侵偵測系統詳細說明不在本筆記範圍,請參閱所附參考資料.

    A.安裝OSSEC主機型入侵偵測系統步驟:
    Code 1:
    cd /root
    
    wget http://www.ossec.net/files/ossec-hids-latest.tar.gz
    
    tar -zxvf ossec-hids-*.tar.gz
    
    rm ossec-hids-*.tar.gz
    
    cd ossec-hids-*
    
    ./install.sh

     

    執行./install.sh後會出現對話式問答, 以下 *號部份可能會出現亂碼,不必理會, 要注意紅色字樣部份:

      ** Para instalaA§A£o em portuguAas, escolha [br].
      ** e|a??c”‥a﹐-a–?e??e!?aR?e£…, e¯·e€?a?c [cn].
      ** Fur eine deutsche Installation wohlen Sie [de].
      ** I“I1I± IμI3IoI±I?I?I?I?I±I?I· I?I?I± I‧I?I?I·I?I1IoI?, IμI€I1I?I-I?I?Iμ [el].
      ** For installation in English, choose [en].
      ** Para instalar en EspaA±ol , eliga [es].
      ** Pour une installation en franA§ais, choisissez [fr]
      ** Per l'installazione in Italiano, scegli [it].
      ** a—¥a??ea?a§a??a?3a?1a??a??a??a—a?a?i??e﹐a??a—a|a﹐?a‧a?i??[jp].
      ** Voor installatie in het Nederlands, kies [nl].
      ** Aby instalowaA? w jA?zyku Polskim, wybierz [pl].
      ** D”D?N D﹐D?NN?N€N?DoN?D﹐D1 D?D? N?NN?D°D?D?D2DoDμ D?D° N€N?NNDoD?D? ,D2D2DμD’D﹐N?Dμ [ru].
      ** Za instalaciju na srpskom, izaberi [sr].
      ** TA?rkA§e kurulum iA§in seA§in [tr].
      (en/br/cn/de/el/es/fr/it/jp/nl/pl/ru/sr/tr) [en]:  按Enter鍵
     OSSEC HIDS v2.5.1 Installation Script - http://www.ossec.net

     You are about to start the installation process of the OSSEC HIDS.
     You must have a C compiler pre-installed in your system.
     If you have any questions or comments, please send an e-mail
     to dcid@ossec.net (or daniel.cid@gmail.com).

      - System: Linux debian 2.6.32-5-kirkwood
      - User: root
      - Host: debian


      -- Press ENTER to continue or Ctrl-C to abort. --  按Enter鍵

    以下安裝類別選用說明:
    a.server:除了監控自身主機外還可將區網內其它Windows, Linux等主機納入監控,這樣所有主機的安全狀態都在這裡,當然就是選用它了.
    b.agent:這須與a.server併用,將自身主機完全依附由server主機端監控,自身主機無監控功能.
    c.local:僅負責監控自身主機,既不受server主機端監控,也不能監控其它主機,如果Asterisk/FreePBX主機不必監控其它主機,就選它.

    1- What kind of installation do you want (server, agent, local or help)? server

      - Server installation chosen.

    2- Setting up the installation environment.

     - Choose where to install the OSSEC HIDS [/var/ossec]:  按Enter鍵

        - Installation will be made at  /var/ossec .

    3- Configuring the OSSEC HIDS.

      3.1- Do you want e-mail notification? (y/n) [y]:  按Enter鍵

       - What's your e-mail address? jack888lin@gmail.com

       - We found your SMTP server as: gmail-smtp-in.l.google.com.
       - Do you want to use it? (y/n) [y]: n

       - What's your SMTP server ip/host? localhost

      3.2- Do you want to run the integrity check daemon? (y/n) [y]:   按Enter鍵

       - Running syscheck (integrity check daemon).

      3.3- Do you want to run the rootkit detection engine? (y/n) [y ]:  按Enter鍵

       - Running rootcheck (rootkit detection).

      3.4- Active response allows you to execute a specific
           command based on the events received. For example,
           you can block an IP address or disable access for
           a specific user.
           More information at:
           http://www.ossec.net/en/manual.html#active-response

       - Do you want to enable active response? (y/n) [y]:   按Enter鍵

         - Active response enabled.

       - By default, we can enable the host-deny and the
         firewall-drop responses. The first one will add
         a host to the /etc/hosts.deny and the second one
         will block the host on iptables (if linux) or on
         ipfilter (if Solaris, FreeBSD or NetBSD).
       - They can be used to stop SSHD brute force scans,
         portscans and some other forms of attacks. You can
         also add them to block on snort events, for example.

       - Do you want to enable the firewall-drop response? (y/n) [y]:   按Enter鍵

         - firewall-drop enabled (local) for levels >= 6

       - Default white list for the active response:
          - 192.168.1.1

    以下如果要讓區網內其它主機不受Ossec server主機阻斷,就再加入特定IP或全區網段通行,都是自家人使用,所以我選用全區網段:
       - Do you want to add more IPs to the white list? (y/n)? [n]: y
       - IPs (space separated): 192.168.1.0/24

      3.5- Do you want to enable remote syslog (port 514 udp)? (y/n) [y]:   按Enter鍵

       - Remote syslog enabled.

      3.6- Setting the configuration to analyze the following logs:
        -- /var/log/messages
        -- /var/log/auth.log
        -- /var/log/syslog
        -- /var/log/mail.info
        -- /var/log/dpkg.log
        -- /var/log/apache2/error.log (apache log)
        -- /var/log/apache2/access.log (apache log)

     - If you want to monitor any other file, just change
       the ossec.conf and add a new localfile entry.
       Any questions about the configuration can be answered
       by visiting us online at http://www.ossec.net .


       --- Press ENTER to continue ---  按Enter鍵

    開始編譯Ossec過程,請稍後...

    編譯完成後會出現下列資訊:
     - System is Debian (Ubuntu or derivative).
     - Init script modified to start OSSEC HIDS during boot.

     - Configuration finished properly.

     - To start OSSEC HIDS:
                    /var/ossec/bin/ossec-control start

     - To stop OSSEC HIDS:
                    /var/ossec/bin/ossec-control stop

     - The configuration can be viewed or modified at /var/ossec/etc/ossec.conf


        Thanks for using the OSSEC HIDS.
        If you have any question, suggestion or if you find any bug,
        contact us at contact@ossec.net or using our public maillist at
        ossec-list@ossec.net
        ( http://www.ossec.net/main/support/ ).

        More information can be found at http://www.ossec.net

        ---  Press ENTER to finish (maybe more information below). --- 按Enter鍵



     - In order to connect agent and server, you need to add each agent to the server.
       Run the 'manage_agents' to add or remove them:

       /var/ossec/bin/manage_agents

       More information at:
       http://www.ossec.net/en/manual.html#ma

    B.編輯ossec.conf:

    讓Ossec Server主機端能隨時將監控及反制入侵者資料順利寄到所指定電子信箱:


    Code 2:  
    nano -w /var/ossec/etc/ossec.conf
    

    <ossec_config>
      <global>
        <email_notification>yes</email_notification>
        <email_to>jack888lin@gmail.com</email_to>
        <smtp_server>localhost</smtp_server>
        <email_from>ossecm@debian.dyndns.org</email_from>
      </global>

    C.編輯IPTables:

    讓區網內其它Windows, Linux等主機也納入監控


    Code 3:
    nano -w /etc/iptables.up.rules

    # Allow connections from Ossec Agents to our Ossec Server
    -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 1514 -j ACCEPT

    D.在FreePBX安裝Ossec Server Web介面:

    安裝OSSEC Module for FreePBX: ossec-1.0.2.tgz
    為FreePBX安裝Ossec Server Web介面之前,先將'asterisk'引號內參數填入/etc/group 之ossec這一行末:


    Code 4:
    sed -i '/ossec:/s|$|asterisk|' /etc/group
    

    主機重新啟動,確認執行無誤:


    Code 5:
    reboot
    

    主機重新啟動後再從http://www.fonicaprojects.com/wiki/index.php/FreePBX_Module:_OSSEC 網頁下載ossec-1.0.2.tgz檔到Windows桌面
    打開FreePBX-> Tools-> Module Admin-> Upload Module-> 瀏覽-> 桌面-> ossec-1.0.2.tgz
    點按Upload 後再到Module Administration-> Maintenance-> OSSEC-> Install
    完成安裝後,在左頁Tools-> 點按OSSEC 可看到Ossec Server Web介面如下圖示:

    freepbx-ossec-web2010-11-06.JPG

    E.停止,啟用OSSEC時之語法:
    Code 6:
    /var/ossec/bin/ossec-control stop
    
    /var/ossec/bin/ossec-control start
    
    /var/ossec/bin/ossec-control restart
    F.確認目前系統上是否已執行Ossec的語法:
    Code 7:
    ps -ef | grep ossec
    G.在Server和Linux Agent端的管理語法:
    Code 8:
    /var/ossec/bin/manage_agents
    

     

     

    Powered by MindTouch Core