[asterisk-users] How do you harden an Asterisk install?

Warren (mailing lists) warren-lists at icruise.com
Fri Jul 14 08:44:47 MST 2006


Rich Adamson wrote:
[-snip-]
> Then, back up your config files on something else and wait for your
> server to be compromised. ;)

For cases where you expect something to be compromised, and potentially
overwritten, perhaps by an automated script, a trick that I have found
worthy of using is to move all of the writable files to somewhere
(should be /var) and put all of the read-only files under a single
directory structure.  Then take that structure and make an iso file
system out of it with mkisofs. Now remove that filesystem and just leave
an empty copy of the root directory.  From then on, mount the iso file
read only onto the root directory using the loopback device onto the
directory in question on boot before the service starts to run.

W



More information about the asterisk-users mailing list