[Asterisk-Users] Absolute Minimum Installation Packages
Steven Critchfield
critch at basesys.com
Fri Oct 31 10:23:24 MST 2003
On Fri, 2003-10-31 at 10:24, David Gomillion wrote:
> I can understand the size concerns for putting it in an appliance or
> what-not. However, my opinion is that, due to the low cost of hard disk
> space, it is cheaper for the company to go out and buy another hard disk
> to replace the extra 500 MB they wasted on a sub-optimal installation
> than to pay me to try to get the installation as small as possible.
>
> What are the benefits to a really tiny installation, aside from possible
> appliance applications? Moreover, won't you still need a sizable hard
> disk for voice prompts, voicemail messages, sound file to direct people
> to dial the correct extension, etc?
The benefit of getting a appliance like asterisk system together is the
level of security you would have on the box. If you don't have gcc or
the other tools like that on the machine, it won't be too interesting to
a script kiddie if they make it on. If they can't make a root kit on
your machine, then worst case is they get pissed and try and deface the
system. Of course if you have properly secured the system, like making
the main FS read only, then all they could do maybe is muck with your
voicemail you didn't get sent off via mail before they screwed with the
thing.
Spending time securing a machine is much more valuable than having your
phones knocked over by a script kiddie. So the benefit here is if you
could get your voicemail storage to be stored somehow off machine, then
you could easily get this to boot of a CD and then you have minimal
system that could worst case be brought back up after the hitting of the
reset button. Think about that also when someone has to be put oncall to
do computer work through the dead hours. If you could just say hit the
reset button on all problems, you wouldn't get called in the middle of
the night.
While I haven't intentionally built minimum installs for asterisk yet, I
have already done what I can to make the OS and asterisk self recover
from some faults, and the rest are cured with a reset button press. This
keeps me from having to go on site for something hungup.
Everyone should spend some time around paranoid *nix admins to just
learn what to be looking out for. I don't subscribe to all of their
beliefs, but if you aren't educated in what the extremes are, then you
don't adequately know where you should be. Most people know that RH is
just the vasoline of the net, and then you learn to secure away till
only the bare basics are stock from RH.
--
Steven Critchfield <critch at basesys.com>
More information about the asterisk-users
mailing list