Hello Community, I have a question , I have been working with asterisk and developed some successful applications. I am facing an issue of security i.e. We deploy servers to client end. Now i dont want the client to see my configuration files (Of course copy and distribute or replicate the logic with out permission). Now the configuration files are stored in /etc/asterisk/* (Of course we can specify a different location but at end we specify this in a configuration file). Is there a way that the configuration files get encrypted or some thing else so that some one who have system access can not copy the configuration files data or look into that files. -- Best Regards Shakeel Abbas -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100706/1373c712/attachment.htm
On Tue, Jul 6, 2010 at 7:40 AM, ABBAS SHAKEEL <shakeel.abbas.qau at gmail.com> wrote:> Hello Community, > > I have a question , I have been working with asterisk and developed some > successful applications. I am facing an issue of security i.e.? We deploy > servers to client end. Now i dont want the client to see my configuration > files (Of course copy and distribute or replicate the logic with out > permission). >You have no problems using Asterisk and GPL, but not distributing your settings?> Is there a way that the configuration files get encrypted or some thing else > so that some one who have system access can not copy the configuration files > data or look into that files. >No, asterisk still needs permission to view your config files. Lock down the box and deny your customer access to the hardware. $ chmod -R 600 /etc/asterisk Of course, this is all a moot point if they have physical access to the machine. -- Paul Belanger | dCAP Polybeacon | Consultant Jabber: paul.belanger at polybeacon.com | IRC: pabelanger (Freenode) blog.polybeacon.com
On Tue, 6 Jul 2010, ABBAS SHAKEEL wrote:> Hello Community, > > I have a question , I have been working with asterisk and developed some > successful applications. I am facing an issue of security i.e. We deploy > servers to client end. Now i dont want the client to see my configuration > files (Of course copy and distribute or replicate the logic with out > permission). > > Now the configuration files are stored in /etc/asterisk/* (Of course we can > specify a different location but at end we specify this in a configuration > file). > > Is there a way that the configuration files get encrypted or some thing else > so that some one who have system access can not copy the configuration files > data or look into that files.The simple answer is that you can't prevent anyone copying it if they have physical access. All you can do is make it hard. If you wanted to encrypt them, you'd need to alter asterisk. You could use something like trucrypt, or another whole disk encryption technology, but that'll require someone typing in a password at boot time making unattended reboots impossible. Another way which I have seen is to do away with the dialplan entirely and do it all in a single big compiled AGI C program. (Ok, you have minimal dialplan to pump everything into it, but...) and don't distribute the source to the C program... You need to work out just what it's worth to you if someone does copy it. Realistically, what's your target audience? Are your clients the sort of people likely to copy and and sell it on? For most businesses, I'd guess not. Gordon
On Tuesday 06 Jul 2010, ABBAS SHAKEEL wrote:> Hello Community, > > ..... I am facing an issue of security i.e. We deploy > servers to client end. Now i dont want the client to see my configuration > files (Of course copy and distribute or replicate the logic with out > permission). [ 1 paragraph omitted ] > Is there a way that the configuration files get encrypted or some thing > else so that some one who have system access can not copy the configuration > files data or look into that files.Well! It's a good job Mark Spencer was never so mean-spirited, otherwise you would never have been *given* the power of Asterisk. -- AJS