Tag Archives: Security

Asterisk & Ossec Part.I

In previous post I was talking about Ossim and Netflow integration. In the next posts I am going to explain how to configure OSSEC module with different services.

The first “integration” that I am going to describe is how to protect Asterisk with this applications.

Add Asterisk to Ossec Server

cd /var/ossec/bin
choose the option “add an agent” and enter the client IP and ID and quit (Q).
./ossec-control stop
./ossec-control start

Install ossec agent in Asterisk Server

– Download and extract ossec agent
/usr/src/wget http://www.ossec.net/files/ossec-hids-2.4.1.tar.gz
tar -zxvf ossec-hids-2.4.1.tar.gz

– Install it.
cd ossec-hids-1.6
Choose agent option and type ossec server IP.
Other questions by default.

– Configure the agent
cd /var/ossec/bin/
Select option “I” to import agent key of the Ossec Server. To obtain this key you need to execute in Ossec Server the command “./manage_agent” and select option “E”. When you have the key you only have to copy this key in the agent client.

After this you have to restart Ossec Server and Ossec agent service:
/var/ossec/bin/ossec-control stop
/var/ossec/bin/ossec-control start

To verify that agent is working correctly execute this command in Ossec Server:
/var/ossec/bin/agent_control -l

In Part.2 I’will explain how to configure the ossec asterisk module.


Ossim & Netflow

I have started to use OSSIM, to monitor network issues and security.

My first steps with OSSIM have been with Netflow module (nfsen).

This is a mini Howto, to configure Nfsen in OSSIM server, to monitor Cisco Routers.

Configure netflow in Cisco Router
config t
interface FastEthernet 0/0 (or whatever you want)
ip route cache-flow

ip flow-export destination “dst ip” “dst port”
ip flow-export source “src interface”
ip flow-export version 5

ip flow-cache timeout active 1
ip flow-cache timeout inactive 15

write mem

Whit this, We already configured our device

Configure Nfsen

Then We have to add this device in nfsen.conf:

%sources = (
‘Router’ => { ‘port’ => ‘9567’, ‘col’ => ‘#0000ff’, ‘type’ => ‘netflow’}

Afther this we have to reconfig nfsen:

/usr/nfsen/bin/nfsen reconfig

Now, I have started to configure OSSEC and Snort modules. When I have a good results I will post another howto with this modules.

Asterisk VoIP Security

I leave here a link to the webinar on security in asterisk that took place last Friday. The speakers were an FBI agent, an expert from VOIPSA and two employee of the company Digium.

very interesting ..

%d bloggers like this: