[asterisk-users] How do you harden an Asterisk install?

Warren (mailing lists) warren-lists at icruise.com
Thu Jul 13 12:36:19 MST 2006


shadowym wrote:
>  
> I remember reading a small write up somewhere.  I think it was on the
> Asterisk Wiki.  I can't find it anymore.  It's probably a bit dated by now
> but some of it would still be relevant.
> 
> Can anyone recommend a good guide or even some of their own suggestions.  
> 
> For clarity, what I mean by hardening is to make an Asterisk Server or
> network appliance or embedded server or whatever you want to call it, as
> fail safe, stable, and reliable as possible.  Just like an expensive
> traditional PBX.  This is for a small business application of 50 extensions
> or less.  It can't be too crazy like redundant servers or anything like
> that.  I am looking for ideas like RAID 1, redundant power supply, cron job
> to reboot every night (yuck!), disable caching(?), Astlinux on embedded with
> CF, yada yada!
> 
> Anyway to set up automatic failover to a second Network Card with same IP if
> primary network card fails?  That is one point of failure I haven't found a
> way around yet.  Failure of the managed switch is another one I get a bit
> paranoid about.  Switches generally don't fail but I'd like to have some
> sort of fail safe plan.
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users


You are talking about 2 things:
(1) How to harden a linux box
(2) How to do failover.

for (1), be sure telnet, ftp and any other service you do not need is
off.  Move standard services to non-standard ports, especially web and
ssh.  Do not run a name server on the box.

For (2): You need to have a secondary box that runs a mirror copy of
Asterisk and mysql and pretty much has everything else configured the
same.  mysql should be replicated to the second box.  You then run a
program on the second box that pings the first box.  If the first box
fails the second takes over the first box's IP and runs with it.  There
are heartbeat programs that can help out with this.

W



More information about the asterisk-users mailing list