[asterisk-users] How to secure Configuration files

Gordon Henderson gordon+asterisk at drogon.net
Tue Jul 6 07:21:03 CDT 2010


On Tue, 6 Jul 2010, ABBAS SHAKEEL wrote:

> Hello Community,
>
> I have a question , I have been working with asterisk and developed some
> successful applications. I am facing an issue of security i.e.  We deploy
> servers to client end. Now i dont want the client to see my configuration
> files (Of course copy and distribute or replicate the logic with out
> permission).
>
> Now the configuration files are stored in /etc/asterisk/*  (Of course we can
> specify a different location but at end we specify this in a configuration
> file).
>
> Is there a way that the configuration files get encrypted or some thing else
> so that some one who have system access can not copy the configuration files
> data or look into that files.

The simple answer is that you can't prevent anyone copying it if they have 
physical access.

All you can do is make it hard.

If you wanted to encrypt them, you'd need to alter asterisk.

You could use something like trucrypt, or another whole disk encryption 
technology, but that'll require someone typing in a password at boot time 
making unattended reboots impossible.

Another way which I have seen is to do away with the dialplan entirely and 
do it all in a single big compiled AGI C program. (Ok, you have minimal 
dialplan to pump everything into it, but...) and don't distribute the 
source to the C program...

You need to work out just what it's worth to you if someone does copy it. 
Realistically, what's your target audience? Are your clients the sort of 
people likely to copy and and sell it on? For most businesses, I'd guess 
not.

Gordon



More information about the asterisk-users mailing list