[Asterisk-Users] Security audit scripts
Matt Riddell
matt.riddell at sineapps.com
Tue Jan 18 15:50:40 MST 2005
Remco Barende wrote:
> That is my major concern too, the * config files (as we all know) are
> not the easiest to read and when the setup becomes more complicated it's
> difficult to know for sure if you haven't left any loopholes open (for
> example a caller on hold that can dial outside etc.)
Well, you can do a show dialplan context
where context is the context you want to check. This will also loop
through includes.
So, say you had an inbound line and in zapata.conf you defined it as
being in the context incoming.
You would type show dialplan incoming and it will tell you what they can
directly access. This is the simplest way.
I think someone could write a program that could analyse you config
files. I've kinda got too many projects on the go, but maybe you could
write a spec and submit a bounty?
--
Cheers,
Matt Riddell
_______________________________________________
http://www.sineapps.com/news.php (Daily Asterisk News - html)
http://www.sineapps.com/rssfeed.php (Daily Asterisk News - rss)
More information about the asterisk-users
mailing list