[asterisk-dev] New Feature Idea

Nir Simionovich nir.simionovich at gmail.com
Mon Sep 27 09:56:57 CDT 2010 

  Hi Andrew,

   Hmmmmm.... Find my comments below:

On 9/26/2010 4:05 PM, Andrew Kohlsmith (mailing lists account) wrote:
> On Sunday, September 26, 2010 08:26:14 am Nir Simionovich wrote:
>> Hmmm... True. Well, why not simply make CDR's to manager work as a
>> default in the code?
> Because it is trivial to alter the behaviour in cdr.conf.  I don't know about
> you, but I don't want CDR events to be forced on.  Fix your setup.
Ok, first thing's first, I'm not talking about a specific setup, I'm 
talking about a fairly generic
situation that is currently depicted in EVERY Asterisk distro on the 
planet. Be it Elastix, Trixbox,
AsteriskNOW, PIAF or whatever uses FreePBX in some form is susceptible. 
This is not a problem
with my setup, trust me, my Asterisk system had the NoCDR application 
removed all together,
but hey, that's just me.
>> not leaving the user a possibility to manage that portion. Having the
>> possibility to not register
>> CDR records, at least in my view, is somewhat dangerous. I admit that at
>> times you don't want
>> to do so, however, this should mainly be reflected in the MySQL backend
>> of the CDR files.
> I would argue that it is somewhat dangerous to incorrectly set up your system
> such that your CDR logging is open to attack.  You should implement the SQL
> CDR permissions as Tzafir suggested. That's exactly what I did on my systems.
> In fact, they log CDR to another machine entirely.
SQL permissions may prevent someone from deleting CDR records, but it 
will surely not prevent
them from modifying a config file and not generate CDR records all 
together. Logging to another
machine is a great idea, however, most "clueless" Asterisk admins don't 
have that level of Linux
abilities - you are expecting something that you shouldn't.
>> Be reasonable, in production environment systems you always turn all
>> logging off, specifically
>> verbose. I can't even imagine running verbose on my customer systems,
>> they can easily rack
>> up to 400 concurrent calls on a system, and that would inflate the
>> verbose log like crazy.
> Be reasonable and set up and secure your system instead of expecting the
> software to suit your specific conditions. Asterisk tries to strike a balance
> between several conflicting ideals, and as someone who's been using it since
> the days that the dialplan was compiled into the source, I have to say that
> they've done an admirable job of walking this fine line.
I totally agree with you. I've been using Asterisk since around 2002 - 
trust me, the road Asterisk
had taken over the years is beyond admirable. However, when a software 
crosses the line from
the Early Majority phase to the Market Acceptance, it has to change 
slightly, in order to facilitate
so that people not totally familiar can also get a fairly secure system 
out of the box. When you
install Linux out of the box, even with its default settings, it is a 
fairly secured server. Sure if you
add stuff and configure your box like an idiot it becomes insecure. I'm 
not saying that Asterisk
should follow the C2 standard, but hey, having some built-in idiot safe, 
baboon safe mechanisms
isn't bad in my view.
>> Well, that is not all that true. Sometimes only the web interface gets
>> hacked, thus, the hacker
>> is mostly interested in hiding their track then going about and deleting
>> stuff. Going about and
>> doing that just from the web isn't all that simplistic, and most of
>> these hackers are interested
>> in passing traffic - not hijacking the box for a botnet or something.
> Depending on the web interface, you can alter manager.conf.
That's related to securing the web interface, not making Asterisk a more 
secure environment.
> Getting your system compromised is not fun. Been there, done that. Your
> suggestion isn't a bad one, but I think that for your specific concerns it
> might be a better idea to simply compile out the NoCDR function entirely. That
> still won't prevent someone from deleting all your SQL records due to poor SQL
> permissions, but it's something to think about.
Oh, I can easily imagine the boozo that installed Elastix or Trixbox and 
is now reading this thread
thinking - "compiling Asterisk????? hmmmmmmm.... hold on, I'll check the 
web GUI for that
compile option".

Nir S

More information about the asterisk-dev mailing list