Hi, since I run asterisk as root with a CLI open on TTY12 I was wondering if the "!" (shell) command can be disabled from the config, for safety reasons it seems me usefully. Tnx for any help ! -- Best regards, Alessio mailto:afoc@interconnessioni.it
you could comment that portion out and rebuild? On Fri, 2004-12-17 at 13:15 +0100, Alessio Focardi wrote:> Hi, > > since I run asterisk as root with a CLI open on TTY12 I was wondering > if the "!" (shell) command can be disabled from the config, for safety > reasons it seems me usefully. > > Tnx for any help ! >
Hello Justin, Friday, December 17, 2004, 3:43:12 PM, you wrote: JC> you could comment that portion out and rebuild? You are right, I will do like this (well at first I have to understand where the comment has to be put) ... just wondering if maybe we can suggest a new option in the config for the purpose. -- Best regards, Alessio mailto:afoc@interconnessioni.it
> since I run asterisk as root with a CLI open on TTY12 I was wondering > if the "!" (shell) command can be disabled from the config, for safety > reasons it seems me usefully.well. IMHO if someone can get access to your asterisk console, they can always ctrl+z or shutdown now or something. secure your server. don't trust asterisk to do it roy
I decided, since there was interest, to send them to the who list.
Here they are.
BTW: I am also sending an excerpt from my passwd and inittab files.
the passwd entry is so that i can ssh into pbx@my.pbx.name and get an
asterisk CLI.
This "Feature" is why I have "!" disabled.
I hope that this helps people out.
I would strongly suggest this only if:
1) The "!" command is disabled int the CLI.
2) Telnet is COMPLETELY disabled!!!
3) SSH access is only by the use of RSA keys.
This is the setup that we use.
It works very good for us.
--
Christopher Dobbs
--> Sorry, Forgot to attach the files!! :)
I decided, since there was interest, to send them to the who list.
Here they are.
BTW: I am also sending an excerpt from my passwd and inittab files.
the passwd entry is so that i can ssh into pbx@my.pbx.name and get an
asterisk CLI.
This "Feature" is why I have "!" disabled.
I hope that this helps people out.
I would strongly suggest this only if:
1) The "!" command is disabled int the CLI.
2) Telnet is COMPLETELY disabled!!!
3) SSH access is only by the use of RSA keys.
This is the setup that we use.
It works very good for us.
--
Christopher Dobbs
-------------- next part --------------
ast:12345:respawn:/sbin/astmain
-------------- next part --------------
pbx:x:0:0::/root:/sbin/astrun
-------------- next part --------------
#! /bin/bash
exec ssh pbx@pbx
-------------- next part --------------
#! /bin/bash
exec ssh root@pbx