[Asterisk-Users] Administrative suggestions

[Philipp von Klitzing]

Hi there,

mostly based upon list postings I compiled a couple of administrative 
suggestions on the Wiki page below. I'd be glad to have this reviewed and 
commented:

http://www.voip-info.org/tiki-index.php?page=Asterisk+administration

Cheers, Philipp


Adminstrative suggestions 

Use a GUI client that's based upon the manger API (like gastman or astman 
etc) to obtain an overview of what is currently going on in your PBX. Of 
course you should also regularly check the log files in /var/log/asterisk 
and watch their size. 

Separate your PC network from your VoIP network (see also Quality-of-
Service (QoS) issues) 

Remove all uneeded modules from your Asterisk server. For example if you 
are only doing ZAP and SIP then specify noload= for MGCP, Skinny in 
modules.conf. That reduces risks of potential exploits sleeping in those 
modules 

Disallow users to work on your Asterisk server. The recently published 
serious kernel exploits all required local user access to start with. 

Consider to not use mpg123 for music-on-hold (MOH), or take provisions to 
kill hung mpg123 threads whenever applicable. mpg123 has the habit to not 
terminate after stopping Asterisk. 

Look into your startup script and take provisions to detect and restart 
and hung asterisk. Check out daemontools for this purpose. You could also 
regularly telnet into Asterisk (manager.conf) to at least make sure it 
hasn't completely crashed. 

Find out if you can run Asterisk with a user other than "root". The 
documentation states that in principle that should be possible, however 
there seem to be no/few users who have ever attempted this. 

Think about creating your extensions.conf, sip.conf and voicemail.conf 
based upon a database that can be shared like mySQL (or whatever else you 
are used to). The recently added ODBC support in Asterisk opens up a lot 
of possibilites. Next to that the #include syntax that permits to include 
other files into any of the .conf files can be of help. 

An unthoughtful change to extension.conf can have a disastrous effect on 
your entire PBX. Establish a procedure for those changes to be not 
suddenly left without e.g. emergency services (911 or 999 or 112) without 
you noticing. Always check the log file after having applied a change to 
extensions.conf in a production system. 

Think about putting a quota on voicemailboxes, or schedule a script that 
deletes all voicemail older than x days. One way to enable quotas is to 
trigger an AGI script just before a user is directed to voicemail and 
then decide if a message can be recorded or of the user has run out of 
space. 

Use Ethereal (with the IAX plugin) to analyse your network traffic. 

Set an AbsoluteTimeout value for all cost-producing calls to prevent sky-
high bills in case something should ever go wrong with either Asterisk or 
one of your phones. Take especially the SIP protocol and its limitations 
to detect a disconnected client into account. 

Regularly restart (better: stop and start) your PBX during off-hours. A 
repetitive reload will not be sufficient, and can actually cause more 
harm than it does good. 

Spend some thought on redundance, load balancing and maybe even 
clustering. So far there is not perfect solution worked out for Asterisk, 
however that should not prevent you from thinking about this issue (a 
search on the mailing list asterisk-users will reveal a lot of competent 
postings)

* * *