[asterisk-users] How do you harden an Asterisk install?
Tom Vile
tvile at baldwintechsolutions.com
Thu Jul 13 19:53:43 MST 2006
For the NIC setup you can bond 2 cards together for redundency. Take
a look here for some more info on bonding.
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/ref-guide/s1-networkscripts-interfaces.html#S2-NETWORKSCRIPTS-INTERFACES-CHAN
On 7/13/06, shadowym <shadowym at hotmail.com> wrote:
> Thanks for the suggestions but I specifically asked for options OTHER than a
> second server. Your suggestions about disabling un-needed services are good
> though. I already do that. I am hoping someone has some suggestions that
> are not as obvious that I have perhaps not thought of.
>
> > -----Original Message-----
> > From: Warren (mailing lists) [mailto:warren-lists at icruise.com]
> > Sent: Thursday, July 13, 2006 12:36 PM
> > To: Asterisk Users Mailing List - Non-Commercial Discussion
> > Subject: Re: [asterisk-users] How do you harden an Asterisk install?
> >
> > shadowym wrote:
> > >
> > > I remember reading a small write up somewhere. I think it
> > was on the
> > > Asterisk Wiki. I can't find it anymore. It's probably a
> > bit dated by
> > > now but some of it would still be relevant.
> > >
> > > Can anyone recommend a good guide or even some of their own
> > suggestions.
> > >
> > > For clarity, what I mean by hardening is to make an
> > Asterisk Server or
> > > network appliance or embedded server or whatever you want
> > to call it,
> > > as fail safe, stable, and reliable as possible. Just like an
> > > expensive traditional PBX. This is for a small business
> > application
> > > of 50 extensions or less. It can't be too crazy like redundant
> > > servers or anything like that. I am looking for ideas like RAID 1,
> > > redundant power supply, cron job to reboot every night (yuck!),
> > > disable caching(?), Astlinux on embedded with CF, yada yada!
> > >
> > > Anyway to set up automatic failover to a second Network
> > Card with same
> > > IP if primary network card fails? That is one point of failure I
> > > haven't found a way around yet. Failure of the managed switch is
> > > another one I get a bit paranoid about. Switches generally
> > don't fail
> > > but I'd like to have some sort of fail safe plan.
> > > _______________________________________________
> > > --Bandwidth and Colocation provided by Easynews.com --
> > >
> > > asterisk-users mailing list
> > > To UNSUBSCRIBE or update options visit:
> > > http://lists.digium.com/mailman/listinfo/asterisk-users
> >
> >
> > You are talking about 2 things:
> > (1) How to harden a linux box
> > (2) How to do failover.
> >
> > for (1), be sure telnet, ftp and any other service you do not
> > need is off. Move standard services to non-standard ports,
> > especially web and ssh. Do not run a name server on the box.
> >
> > For (2): You need to have a secondary box that runs a mirror
> > copy of Asterisk and mysql and pretty much has everything
> > else configured the same. mysql should be replicated to the
> > second box. You then run a program on the second box that
> > pings the first box. If the first box fails the second takes
> > over the first box's IP and runs with it. There are
> > heartbeat programs that can help out with this.
> >
> > W
> >
> >
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
More information about the asterisk-users
mailing list