Author Archives: Javi

Deploying Joomla 1.5

This howto is based in Debian 5.0.

The first step to install joomla without issues, is install dependencies.

apt-get update && apt-get upgrade

Installing MySQL

apt-get install mysql-server mysql client

Installing Apache & PHP

apt-get install apache2 apache2-doc php5 php5-mysql libapache2-mod-php5

Testing php

vim /var/www/test.php

write this code inside:

<?php phpinfo(); ?>

http://iphost/test.php

Managing database

For maintain our mysql database we’ll use chive.

wget -O – http://launchpad.net/chive/0.4/0.4.0/+download/chive_0.4.0.tar.gz|tar -xzp

http://www.chive-project.com/Wiki/Installation

http://ipaddress/chive and enjoy!!

add mysql extension to php
vim /etc/php5/apache2/php.ini
extension=mysql.so

Add include module in apache
$ a2enmod include

/etc/init.d/apache2 restart

Install bzip2

apt-get install unzip zip

Database

We are going to create database for Joomla

mysql -u root -p

mysql> create database joomla;

Create user CREATE USER 'joomla'@'localhost' IDENTIFIED BY 'opensource';

Adding privileges…

GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES  ON joomla.* TO 'joomla'@'localhost' IDENTIFIED BY 'opensource';

Enable Settings…

FLUSH PRIVILEGES;

Download and install Joomla:

cd /var/www
mkdir joomla
cd joomla

wget http://joomlacode.org/gf/download/frsrelease/13105/57240/Joomla_1.5.22-Stable-Full_Package.zip

unzip Joomla_1.5.22-Stable-Full_Package.zip

Permissions

chown -R www-data:www-data /var/www/joomla
find /var/www/joomla -type f -exec chmod 0644 {} \;
find /var/www/joomla -type d -exec chmod 0755 {} \;

Configure
Point your browser http://ipaddress/joomla and follow the steps

Don’t forget to remove the installation folder
rm -rf /var/www/joomla/installation/

See You!!

Advertisements

2010 in review

The stats helper monkeys at WordPress.com mulled over how this blog did in 2010, and here’s a high level summary of its overall blog health:

Healthy blog!

The Blog-Health-o-Meter™ reads This blog is doing awesome!.

Crunchy numbers

Featured image

A Boeing 747-400 passenger jet can hold 416 passengers. This blog was viewed about 4,500 times in 2010. That’s about 11 full 747s.

In 2010, there were 4 new posts, growing the total archive of this blog to 10 posts. There were 3 pictures uploaded, taking up a total of 141kb.

The busiest day of the year was November 11th with 67 views. The most popular post that day was Asterisk & OSSEC Part.II.

Where did they come from?

The top referring sites in 2010 were url4.eu, yandex.ru, google.com, en.wordpress.com, and google.de.

Some visitors came searching, mostly for ossec asterisk, asterisk cdr mysql, asterisk cdr, ossim netflow, and sipvicious error:takeasip:socket error: timed out.

Attractions in 2010

These are the posts and pages that got the most views in 2010.

1

Asterisk & OSSEC Part.II May 2010
3 comments

2

Asterisk CDR in MySQL November 2009
6 comments

3

Provisioning Linksys SPA922 November 2009

4

Ossim & Netflow March 2010
2 comments

5

Debian “Etch” + Asterisk + Asterisk-Addons + Zaptel + Libpri + mISDN + Asterisk-GUI January 2008


IAX2 Realtime

In this post I´m going to configure Asterisk iax2 extensions in realtime mode. In this way we don’t have to reload our Asterisk when We have to do any change in our extensions configuration.

1. Configuring extconfig.conf

[settings]

iaxusers => mysql,asterisk,iax_users

iaxpeers => mysql,asterisk,iax_users

2. Creating table

We are going to create the iax table in our asterisk database https://sysbrain.wordpress.com/2009/11/23/asterisk-cdr-in-mysql/

CREATE TABLE iax_users (name varchar(30) primary key NOT NULL, username varchar(30), type varchar(6) NOT NULL, secret varchar(50), md5secret varchar(32), dbsecret varchar(100), notransfer varchar(10), inkeys varchar(100), outkey varchar(100), auth varchar(100), accountcode varchar(100), amaflags varchar(100), callerid varchar(100), context varchar(100), defaultip varchar(15), host varchar(31) NOT NULL default 'dynamic', language char(5), mailbox varchar(50), deny varchar(95), permit varchar(95), qualify varchar(4), disallow varchar(100), allow varchar(100), ipaddr varchar(15), port integer default 0, regseconds integer default 0  );

After this, we have to reload Asterisk to apply the changes.

3. Creating users

We can create users trough MySQL CLI (tricky) or doing it with MySQL graphical tools (the best option).

Example in CLI mode:

INSERT INTO `iax_users` (`id`, `name`, `username`, `type`, `secret`, `md5secret`, `dbsecret`, `notransfer`, `inkeys`, `outkey`, `auth`, `accountcode`, `amaflags`, `callerid`, `context`, `defaultip`, `host`, `language`, `mailbox`, `deny`, `permit`, `qualify`, `disallow`, `allow`, `ipaddr`, `port`, `regseconds`) VALUES (1, ‘1000’, ‘1000’, ‘friend’, ‘1000’, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, ‘Javi’, ‘u-moviles’, NULL, ‘dynamic’, NULL, mail@mail.com, NULL, NULL, ‘yes’, ‘all’, ‘gsm’, NULL, 0, 0);

Graphical Mode:

This is the link to download Mysql Gui tools:

http://dev.mysql.com/downloads/gui-tools/5.0.html

It’s not necessary to post a example about create user with MySQL GUI because is very easy to manage tables and add new users.

You’ve to connect to asterisk database trough MySQL Query Browser app, edit iax_users table and insert the same data as in the previous example:

name (1000), username (1000), type (friend), secret(1000), callerid(javi), context(u-moviles), host(dynamic), disallow(all), allow(gsm)

The other fields are optional although I also use the ‘mailbox’ field:

`md5secret`, `dbsecret`, `notransfer`, `inkeys`, `outkey`, `auth`,`accountcode`, `amaflags`, `defaultip`,`language`, `mailbox`, `deny`, `permit` `ipaddr`, `port`, `regseconds`.

In the next Asterisk articles, I´ll post about SIP realtime, voicemail realtime and Microsoft Exchange calendar integration.

That’ s all!



Asterisk & OSSEC Part.II

In this post I’m going to explain how to define rules, decoders and active response in OSSEC server to prevent attacks in our Asterisk.

This is a schema of how OSSEC handles every events received.

More information of OSSEC:
http://www.ossec.net/wiki/OSSEC
http://www.amazon.com/OSSEC-Host-Based-Intrusion-Detection-Guide/dp/159749240X

DECODERS

Firstly I’m going to config decoders. Default, there are some decoders of Asterisk for SIP protocol and I’ve added decoders for IAX protocol. At this moment I’m working to add more decoders for SIP, IAX, etc.

/var/ossec/etc# vim decoder.xml (in green my adds)

<!– Asterisk logs–>
<decoder name=”asterisk”>
<program_name>^asterisk</program_name>
</decoder>

<decoder name=”asterisk-hijacking”>
<parent>asterisk</parent>
<prematch>^WARNING[\d+]: \S+ in \S+: Don’t know </prematch>
<order>user</order>
<regex offset=”after_prematch”>^\S+ how to respond via ‘(\w+/\d.\d/\w+)'</regex>
</decoder>

<decoder name=”asterisk-denied”>
<parent>asterisk</parent>
<prematch>^NOTICE[\d+]: \S+ in \S+: Registration from </prematch>
<regex offset=”after_prematch”>^(\S+) failed for ‘(\d+.\d+.\d+.\d+)'</regex>
<order>srcip</order>
</decoder>

<decoder name=”asterisk-denied2″>
<parent>asterisk</parent>
<prematch>Registration from </prematch>
<regex offset=”after_prematch”>failed for ‘(\d+.\d+.\d+.\d+)'</regex>
<order>srcip</order>
</decoder>

<decoder name=”asterisk-iax-enumeration”>
<parent>asterisk</parent>
<prematch>^NOTICE[\d+]: \S+ in \S+: No registration for peer </prematch>
<regex offset=”after_prematch”>^'(\S+)’ \(\S+ (\d+.\d+.\d+.\d+)\)</regex>
<order>user, srcip</order>
</decoder>

<decoder name=”asterisk-iax-authentication-denied”>
<parent>asterisk</parent>
<prematch>^NOTICE[\d+]: \S+ in \S+: Host </prematch>
<regex offset=”after_prematch”>^(\d+.\d+.\d+.\d+) failed MD5 authentication for (\S+)</regex>
<order>srcip, user</order>
</decoder>

RULES

Secondly, We have to set rules:

/var/ossec/rules# vim asterisk_rules.xml (in

<!– Asterisk Log messages –>
<group name=”syslog,asterisk,”>
<rule id=”6200″ level=”0″>
<decoded_as>asterisk</decoded_as>
<description>Asterisk messages grouped.</description>
</rule>

<rule id=”6201″ level=”1″>
<if_sid>6200</if_sid>
<match>^NOTICE</match>
<description>Asterisk notice messages grouped.</description>
</rule>

<rule id=”6202″ level=”3″>
<if_sid>6200</if_sid>
<match>^WARNING</match>
<description>Asterisk warning message.</description>
</rule>

<rule id=”6203″ level=”3″>
<if_sid>6200</if_sid>
<match>^ERROR</match>
<description>Asterisk error message.</description>
</rule>

<rule id=”6210″ level=”5″>
<if_sid>6201</if_sid>
<match>Wrong password</match>
<description>Login session failed.</description>
<group>authentication_failed,</group>
</rule>

<rule id=”6211″ level=”5″>
<if_sid>6201</if_sid>
<match>Username/auth name mismatch</match>
<description>Login session failed (invalid user).</description>
<group>invalid_login,</group>
</rule>

<rule id=”6212″ level=”5″>
<if_sid>6201</if_sid>
<match>No matching peer found</match>
<description>Login session failed (invalid extension).</description>
<group>invalid_login,</group>

<rule id=”6250″ level=”10″ frequency=”6″ timeframe=”300″>
<if_matched_sid>6211</if_matched_sid>
<same_source_ip />
<description>Multiple failed logins (user enumeration in process).</description>
</rule>

<rule id=”6251″ level=”10″ frequency=”6″ timeframe=”300″>
<if_matched_sid>6210</if_matched_sid>
<same_source_ip />
<description>Multiple failed logins.</description>

</rule>

<rule id=”6252″ level=”10″ frequency=”6″ timeframe=”300″>
<if_matched_sid>6212</if_matched_sid>
<same_source_ip />
<description>Extension enumeration.</description>
</rule>

<rule id=”100007″ level=”5″>
<if_sid>6201</if_sid>
<match>No registration for peer</match>
<description>Login session failed (invalid iax user).</description>
<group>invalid_login,</group>

</rule>

<rule id=”100008″ level=”10″ frequency=”3″ timeframe=”300″>
<if_matched_sid>100007</if_matched_sid>
<same_source_ip />
<description>Extension IAX Enumeration.</description>
</rule>

<rule id=”100009″ level=”5″>
<if_sid>6202</if_sid>
<match>Don’t know how to respond via</match>
<description>Possible Registration Hijacking.</description>
<group>invalid_login,</group>
</rule>

<rule id=”100010″ level=”5″>
<if_sid>6201</if_sid>
<match>failed MD5 authentication</match>
<description>IAX peer Wrong Password.</description>
<group>invalid_login,</group>
</rule>

<rule id=”100011″ level=”10″ frequency=”3″ timeframe=”300″>
<if_matched_sid>100010</if_matched_sid>
<same_source_ip />
<description>Multiple failed logins.</description>
</rule>

</group> <!– ASTERISK –>

more information about rules : http://www.ossec.net/wiki/FAQ

ACTIVE-RESPONSE

Now we are going to define active response to protect our Asterisk.

vim /var/ossec/ossec.conf.

<command>
<name>firewall-drop</name>
<executable>firewall-drop.sh</executable>
<expect>srcip</expect>
<timeout_allowed>yes</timeout_allowed>
</command>

<active-response>
<disabled>no</disabled>
<command>firewall-drop</command>
<location>local</location>
<agent_id>007</agent_id>
<level>10</level>
<rules_id>6252</rules_id>
<timeout>600</timeout>
</active-response>

We have defined an active response against extension enumeration attacks. When OSSEC detect this attack it’ll send to Asterisk a firewall-drop.sh script (iptables rule).

You can see different active responses in /var/ossec/active-response/bin/ directory.

TESTING

We’ve already configured our system and now We are going to test it.

http://code.google.com/p/sipvicious/downloads/list

1.- Search server with SIP port open: python  svmap.py 192.168.1.1-254

| 192.168.1.60:5060 | Asterisk PBX |

2.- We’ve discovered one server with SIP port opened. Now We are going to search extensions available.

python svwar.py -e0000-9999 192.168.1.60

Without protection of Ossec We can detect available extensions in our Asterisk
| Extension | Authentication |
——————————
| 4999      | reqauth        |

If We configure our Asterisk with this tutorial, this is the result of extensions scan.

sudo python svwar.py -e0000-9999 192.168.1.60
WARNING:root:found nothing
ERROR:TakeASip:socket error: timed out

Logs in our Ossec /var/ossec/alerts/logs/alerts.log:

** Alert 1274262205.108674992: mail  – syslog,asterisk,
2010 May 19 11:43:25 (asterisk) 192.168.1.60->/var/log/messages
Rule: 6252 (level 10) -> ‘Extension enumeration.’
Src IP: 192.168.210.48
User: (none)
May 19 11:42:17 asterisk asterisk[5200]: NOTICE[14808]: chan_sip.c:15889 in handle_request_register: Registration from ‘”361″<sip:361@192.168.1.60>’ failed for ‘192.168.210.48’ – No matching peer found
May 19 11:42:17 asterisk asterisk[5200]: NOTICE[14808]: chan_sip.c:15889 in handle_request_register: Registration from ‘”360″<sip:360@192.168.1.60>’ failed for ‘192.168.210.48’ – No matching peer found
May 19 11:42:17 asterisk asterisk[5200]: NOTICE[14808]: chan_sip.c:15889 in handle_request_register: Registration from ‘”359″<sip:359@192.168.1.60>’ failed for ‘192.168.210.48’ – No matching peer found
May 19 11:42:17 asterisk asterisk[5200]: NOTICE[14808]: chan_sip.c:15889 in handle_request_register: Registration from ‘”358″<sip:358@192.168.1.60>’ failed for ‘192.168.210.48’ – No matching peer found
May 19 11:42:17 asterisk asterisk[5200]: NOTICE[14808]: chan_sip.c:15889 in handle_request_register: Registration from ‘”357″<sip:357@192.168.1.60>’ failed for ‘192.168.210.48’ – No matching peer found
May 19 11:42:17 asterisk asterisk[5200]: NOTICE[14808]: chan_sip.c:15889 in handle_request_register: Registration from ‘”356″<sip:356@192.168.1.60>’ failed for ‘192.168.210.48’ – No matching peer found
May 19 11:42:17 asterisk asterisk[5200]: NOTICE[14808]: chan_sip.c:15889 in handle_request_register: Registration from ‘”355″<sip:355@192.168.1.60>’ failed for ‘192.168.210.48’ – No matching peer found

To check that Ossec has sent command to our Asterisk you can check active-response log (/var/ossec/logs/active-responses.log) or cheking in the ip tables rules of Asterisk

iptables in our Asterisk:

root@asterisk:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
DROP       0    —  192.168.210.48       anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
DROP       0    —  192.168.210.48       anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

If you have any questions or need help, post here.


Asterisk & Ossec Part.I

In previous post I was talking about Ossim and Netflow integration. In the next posts I am going to explain how to configure OSSEC module with different services.

The first “integration” that I am going to describe is how to protect Asterisk with this applications.

Add Asterisk to Ossec Server

cd /var/ossec/bin
./manage_agents
choose the option “add an agent” and enter the client IP and ID and quit (Q).
./ossec-control stop
./ossec-control start

Install ossec agent in Asterisk Server

– Download and extract ossec agent
/usr/src/wget http://www.ossec.net/files/ossec-hids-2.4.1.tar.gz
tar -zxvf ossec-hids-2.4.1.tar.gz

– Install it.
cd ossec-hids-1.6
./install.sh
Choose agent option and type ossec server IP.
Other questions by default.

– Configure the agent
cd /var/ossec/bin/
./manage_agent
Select option “I” to import agent key of the Ossec Server. To obtain this key you need to execute in Ossec Server the command “./manage_agent” and select option “E”. When you have the key you only have to copy this key in the agent client.

After this you have to restart Ossec Server and Ossec agent service:
/var/ossec/bin/ossec-control stop
/var/ossec/bin/ossec-control start

To verify that agent is working correctly execute this command in Ossec Server:
/var/ossec/bin/agent_control -l

In Part.2 I’will explain how to configure the ossec asterisk module.


Ossim & Netflow

I have started to use OSSIM, to monitor network issues and security.
http://www.ossim.net/wiki/doku.php?id=installation

My first steps with OSSIM have been with Netflow module (nfsen).

This is a mini Howto, to configure Nfsen in OSSIM server, to monitor Cisco Routers.

Configure netflow in Cisco Router
config t
interface FastEthernet 0/0 (or whatever you want)
ip route cache-flow
exit

ip flow-export destination “dst ip” “dst port”
ip flow-export source “src interface”
ip flow-export version 5

ip flow-cache timeout active 1
ip flow-cache timeout inactive 15

exit
write mem

Whit this, We already configured our device

Configure Nfsen

Then We have to add this device in nfsen.conf:

%sources = (
‘Router’ => { ‘port’ => ‘9567’, ‘col’ => ‘#0000ff’, ‘type’ => ‘netflow’}
,
);

Afther this we have to reconfig nfsen:

/usr/nfsen/bin/nfsen reconfig

Now, I have started to configure OSSEC and Snort modules. When I have a good results I will post another howto with this modules.


Asterisk CDR in MySQL

Install Mysql Server and MysqlClient

apt-get install php5-mysql mysql-client-5.0 mysql-client libmysqlclient15-dev mysql-server mysql-common

Install Asterisk-Addons

cd /usr/src

wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-addons-1.4.9.tar.gz

tar xvzf asterisk-addons-1.4.9.tar.gz

cd asterisk-addons*

./configure

make menuselect

select:

–> 1. Applications
[*] 1. app_addon_sql_mysql
–> 2. Call Detail Recording
[*] 1. cdr_addon_mysql

make && make install

Create Database

mysql -u root -p

CREATE DATABASE asterisk;

GRANT INSERT
ON asterisk.*
TO asterisk@localhost
IDENTIFIED BY ‘yourpassword’;

USE asterisk;

CREATE TABLE `cdr` (
`calldate` datetime NOT NULL default ‘0000-00-00 00:00:00’,
`clid` varchar(80) NOT NULL default ”,
`src` varchar(80) NOT NULL default ”,
`dst` varchar(80) NOT NULL default ”,
`dcontext` varchar(80) NOT NULL default ”,
`channel` varchar(80) NOT NULL default ”,
`dstchannel` varchar(80) NOT NULL default ”,
`lastapp` varchar(80) NOT NULL default ”,
`lastdata` varchar(80) NOT NULL default ”,
`duration` int(11) NOT NULL default ‘0’,
`billsec` int(11) NOT NULL default ‘0’,
`disposition` varchar(45) NOT NULL default ”,
`amaflags` int(11) NOT NULL default ‘0’,
`accountcode` varchar(20) NOT NULL default ”,
`userfield` varchar(255) NOT NULL default ”
);

ALTER TABLE `cdr` ADD `uniqueid` VARCHAR(32) NOT NULL default ”;
ALTER TABLE `cdr` ADD INDEX ( `calldate` );
ALTER TABLE `cdr` ADD INDEX ( `dst` );
ALTER TABLE `cdr` ADD INDEX ( `accountcode` );

Configure Asterisk CDR Mysql

vim /etc/asterisk/cdr.conf

[general]

enabled=yes

vim /etc/asterisk/cdr_mysql.conf

[global]
hostname=localhost
dbname=asterisk
table=cdr
password=”yourpassword”
user=asterisk
port=3306
;sock=/tmp/mysql.sock
;userfield=1

vim /etc/asterisk/modules.conf

load => cdr_addon_mysql.so

Restarting Asterisk

asterisk -r

CLI> restart when convenient

CLI > asterisk -r

CLI > cdr mysql status
Connected to asterisk@localhost, port 3306 using table cdr for 1 minutes, 28 seconds.
Wrote 0 records since last restart.

This it all..


%d bloggers like this: