Anyone know if it possible to create binary/obfuscated/ human unreadable extensions.conf/sip.conf etc.? We would like to deploy a system in an environment where not giving out root is still not enough. We want to hide the contents of these normally plain text files. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20060725/7c9e1912/attachment.htm
Marcus Carlson
2006-Jul-25 03:23 UTC
[asterisk-users] Binary/unreadable configuration files?
Don't really know if this is possible but the way I think it works it should be doable. Have the configfiles encrypted and decrypt when asterisk is starting/reloading and then encrypt again. Marcus Eric Bishop skrev:> Anyone know if it possible to create binary/obfuscated/ human > unreadable extensions.conf/sip.conf etc.? We would like to deploy a > system in an environment where not giving out root is still not > enough. We want to hide the contents of these normally plain text files. > > > ------------------------------------------------------------------------ > > _______________________________________________ > --Bandwidth and Colocation provided by Easynews.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
Carlos Chavez
2006-Jul-25 08:21 UTC
[asterisk-users] Binary/unreadable configuration files?
On Tue, 2006-07-25 at 20:12 +1000, Eric Bishop wrote:> Anyone know if it possible to create binary/obfuscated/ human > unreadable extensions.conf/sip.conf etc.? We would like to deploy a > system in an environment where not giving out root is still not > enough. We want to hide the contents of these normally plain text > files. >Why not use Realtime and bypass the text configuration files? -- Carlos Chavez Prats Director de Tecnolog?a Telecomunicaciones Abiertas de M?xico S.A. de C.V. Tel: +52-55-91169161 Ext 2001 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20060725/16133016/attachment.pgp
I'm not sure, but can asterisk-BE do something like that? regards
Andrew Kohlsmith
2006-Jul-25 09:12 UTC
[asterisk-users] Binary/unreadable configuration files?
On Tuesday 25 July 2006 06:12, Eric Bishop wrote:> Anyone know if it possible to create binary/obfuscated/ human unreadable > extensions.conf/sip.conf etc.? We would like to deploy a system in an > environment where not giving out root is still not enough. We want to hide > the contents of these normally plain text files.Is a database config <cringe> acceptable? What about simply running asterisk as another user and making the config files mode 400? I'm not aware of any other methods to hide the configuration files. -A.
Tzafrir Cohen
2006-Jul-29 10:13 UTC
[asterisk-users] Binary/unreadable configuration files?
On Tue, Jul 25, 2006 at 08:12:07PM +1000, Eric Bishop wrote:> Anyone know if it possible to create binary/obfuscated/ human unreadable > extensions.conf/sip.conf etc.? We would like to deploy a system in an > environment where not giving out root is still not enough. We want to hide > the contents of these normally plain text files.With the user have the ability to run arbitrary CLI / manager commands? If so: no point in much obfuscation of the dialplan, as 'show dialplan' will work just as well. There's also 'sip show peers' / 'sip show users' . There is also a verbose reload. Not to mention that if the user has the ability to run arbitrary CLI commands, the usesr can do something as nice as to add an extension (using 'add extension') to run the following command: System(grep . /etc/asterisk/* \|mail -s server_config tzafrir.cohen@xorcom.com) (if they copy&paste, I might as well enjoy it ;-) The point is that Asterisk has to be able to read your configuration. Alternatively, reimplement everything in an AGI script. A great way of reinventing the wheel. -- Tzafrir Cohen sip:tzafrir@local.xorcom.com icq#16849755 iax:tzafrir@local.xorcom.com +972-50-7952406 jabber:tzafrir@jabber.org tzafrir.cohen@xorcom.com http://www.xorcom.com
Kevin P. Fleming
2006-Aug-02 16:54 UTC
[asterisk-users] Binary/unreadable configuration files?
----- Eric Bishop <asterisk.eric@gmail.com> wrote:> Anyone know if it possible to create binary/obfuscated/ human > unreadable extensions.conf/sip.conf etc.? We would like to deploy a > system in an environment where not giving out root is still not > enough. We want to hide the contents of these normally plain text > files.It would be possible using #exec to run a program to decrypt the config files on-the-fly, but that will still put them into temporary files, and if the user has root access or can otherwise get to the Asterisk CLI they can learn a lot of the information anyway (as has already been pointed out). -- Kevin P. Fleming Senior Software Engineer Digium, Inc.