Posts tagged: Securing Trixbox

Securing Trixbox

By , November 28, 2009 12:10 AM

How to Secure Trixbox with fail2ban

For usiness purposes Fail2Ban is an excellent solution for protecting at the SIP application layer.

It is worth reading how to set up Fail2Ban for Trixbox

http://www.voip-info.org/wiki/view/Fail2Ban+%28with+iptables%29+And+Asterisk

wget http://downloads.sourceforge.net/project/fail2ban/fail2ban-stable/fail2ban-0.8.4/fail2ban-0.8.4.tar.bz2 -jxf fail2ban*


How to Secure Trixbox by changing passwords

1)FOP, Default password is again : passw0rd

2) mysql default passwords is “passw0rd”

3) FreePBX web interface has the default user: maint with password ” password”

4) Trixbox main web Interface, access is wide open, meaning that anyone who knows your PBX IP address or sub domain, can access it. a) VoIP installers

Changing your default CentOS Password

passwd

You will be asked to enter your old password and to type in your new password twice.

Changing your default FreePBX Password

The default login and password for a newly installed FreePBX (formerly known as AMP) is:

Username: maint
Password: password

To change the default password at the CentOS command prompt type the following command.

passwd-maint

Changing your default FOP Password

edit /etc/amportal.conf

find FOPPASSWORD=passw0rd and change it for something reasonable

amportal restart

Changing your default MeetMe Password

passwd-meetme

It will ask you for your new password twice.

Changing your default System Mail Password

passwd admin

Changing your default MySQL Password

Edit /etc/amportal.conf and change AMPDBUSER=asteriskuser and AMPDBPASS=yourpassword.
Careful, the values at the top of that file are actually commented out (which is idiotic), the real values are at the very bottom of the file.

Edit /etc/asterisk/cdr_mysql.conf and change USER= asteriskuser and PASSWORD=yourpassword.

Edit /etc/astersik/ cbmysql.conf and change DBUSER= asteriskuser and DBPASS=yourpassword.

Lastly, login to the commandline on your TrixBox terminal as root and execute these commands:
amportal stop
mysqladmin -u
asteriskuser -p password yourpassword
[then enter your current password for root to confirm the change]
service mysqld restart
amportal start

mysql -u root -p
passw0rd

SET PASSWORD FOR asteriskuser@localhost=PASSWORD(‘newpass‘);

amp111

SUMMARY

DO NOT CHANGE DEFUALT PASSWORDS APART FROM MAINT AND FOP

IT IS JUST TOO HARD TO GET THE WHOLE TRIXBOX WORKING AGAIN!!!!!

PEOPLE WHO MADE TRIXBOX BIT SLOPPY IN THE PASSWORD SECURITY FRONT
WOULD NOT BE THAT HARD TO WRITE A SCRIPT THAT CHANGED ALL THE PASSWORDS
AND RELEVANT FILES

Thomas Challenger Thomas Challenger