[Asterisk-Dev] Disabling "!"

Tzafrir Cohen tzafrir.cohen at xorcom.com
Mon Feb 28 04:43:18 MST 2005


On Tue, Feb 22, 2005 at 02:23:33PM +0100, Alessio Focardi wrote:
> Hi,
> 
> I'm not a coder so I'm having some troubles finding where in the
> source code the cli "!" function is defined.
> 
> I would love to remove it to increase security ... tnx for any help !

How much does this increase security? From the CLI I can still add an
extension that will run System()  (but at least not as root).

I figure that to complement this you'd want a "safe mode" for the CLI
that will not allow changing settings.

A quick list I guess:

safe:
                agi debug  Enable AGI debugging
             agi no debug  Disable AGI debugging
            database show  Shows database contents
            debug channel  Enable debugging on a channel
             dump agihtml  Dumps a list of agi command in html format
                     help  Display help list, or specific help on a command
               iax2 debug  Enable IAX debugging
            iax2 no debug  Disable IAX debugging
           iax2 provision  Provision an IAX device
          iax2 show cache  Display IAX cached dialplan
       iax2 show channels  Show active IAX channels
       iax2 show firmware  Show available IAX firmwares
          iax2 show peers  Show defined IAX peers
    iax2 show peers begin  Show defined IAX peers
  iax2 show peers exclude  Show defined IAX peers
  iax2 show peers include  Show defined IAX peers
   iax2 show provisioning  Show iax provisioning
       iax2 show registry  Show IAX registration status
          iax2 show stats  Display IAX statistics
          iax2 show users  Show defined IAX users
         iax2 trunk debug  Request IAX trunk debug
      local show channels  Show status of local channels
                   meetme  Execute a command on a conference or conferee
      mgcp audit endpoint  Audit specified MGCP endpoint
               mgcp debug  Enable MGCP debugging
            mgcp no debug  Disable MGCP debugging
      mgcp show endpoints  Show defined MGCP endpoints
         no debug channel  Disable debugging on a channel
                odbc show  Show ODBC DSN(s)
           pri debug span  Enables PRI debugging on a span
   pri intense debug span  Enables REALLY INTENSE PRI debugging
        pri no debug span  Disables PRI debugging on a span
            pri show span  Displays PRI Information
                set debug  Set level of debug chattiness
              set verbose  Set level of verboseness
              show agents  Show status of agents
                 show agi  Show AGI commands or specific help
        show applications  Shows registered applications
         show application  Describe a specific application
        show audio codecs  Shows audio codecs
            show channels  Display information on channels
             show channel  Display information on a specific channel
              show codecs  Shows codecs
               show codec  Shows a specific codec
         show conferences  Show status of conferences
      show config handles  Show Config Handles
            show dialplan  Show dialplan
        show file formats  Displays file formats
        show image codecs  Shows image codecs
       show image formats  Displays image formats
         show indications  Show a list of all country/indications
                show keys  Displays RSA key information
     show manager command  Show manager command
    show manager commands  Show manager commands
   show manager connected  Show connected manager users
             show modules  List modules and info
         show parkedcalls  Lists parked calls
               show queue  Show status of a specified queue
              show queues  Show status of queues
            show switches  Show alternative switches
         show translation  Display translation matrix
              show uptime  Show uptime information
             show version  Display version info
        show video codecs  Shows video codecs
     show voicemail users  List defined voicemail boxes
     show voicemail zones  List zone message formats
                sip debug  Enable SIP debugging
             sip debug ip  Enable SIP debugging on IP
           sip debug peer  Enable SIP debugging on Peername
              sip history  Enable SIP history
             sip no debug  Disable SIP debugging
           sip no history  Disable SIP history
        sip show channels  Show active SIP channels
         sip show channel  Show detailed SIP channel info
         sip show history  Show SIP dialog history
           sip show inuse  List all inuse/limit
            sip show peer  Show details on specific SIP peer
           sip show peers  Show defined SIP peers
     sip show peers begin  Show defined SIP peers
   sip show peers exclude  Show defined SIP peers
   sip show peers include  Show defined SIP peers
        sip show registry  Show SIP registration status
   sip show subscriptions  Show active SIP subscriptions
           sip show users  Show defined SIP users
             skinny debug  Enable Skinny debugging
          skinny no debug  Disable Skinny debugging
        skinny show lines  Show defined Skinny lines per device
        zap show cadences  List cadences
        zap show channels  Show active zapata channels
         zap show channel  Show information on a channel

unsafe:
                        !  Execute a shell command
               abort halt  Cancel a running halt
            add extension  Add new extension into context
            add ignorepat  Add new ignore pattern
           add indication  Add the given indication to the country
         add queue member  Add a channel to a specified queue
             database del  Removes database key/value
         database deltree  Removes database keytree/values
             database get  Gets database value
             database put  Adds/updates database value
             dont include  Remove a specified include from context
        extensions reload  Reload extensions and *only* extensions
          iax2 set jitter  Sets IAX jitter buffer
          include context  Include context in other context
                init keys  Initialize RSA key passcodes
                     load  Load a dynamic module by name
            logger reload  Reopens the log files
            logger rotate  Rotates and reopens the log files
              mgcp reload  Reload MGCP configuration
             odbc connect  Connect to ODBC DSN
          odbc disconnect  Disconnect from ODBC DSN
                   reload  Reload configuration
         remove extension  Remove a specified extension
         remove ignorepat  Remove ignore pattern from context
        remove indication  Remove the given indication from the country
      remove queue member  Removes a channel from a specified queue
       restart gracefully  Restart Asterisk gracefully
              restart now  Restart Asterisk immediately
  restart when convenient  Restart Asterisk at empty call volume
               sip reload  Reload SIP configuration
              soft hangup  Request a hangup on a given channel
          stop gracefully  Gracefully shut down Asterisk
                 stop now  Shut down Asterisk immediately
     stop when convenient  Shut down Asterisk at empty call volume
                   unload  Unload a dynamic module by name
      zap destroy channel  Destroy a channel

-- 
Tzafrir Cohen     icq#16849755  +972-50-7952406
tzafrir.cohen at xorcom.com  http://www.xorcom.com



More information about the asterisk-dev mailing list