If you just need the name of the system it may be contained in the variable
${SYSTEMNAME}.
This is assuming you have the systemname set in asterisk.conf
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Main+Configuration+File
That said, for SHELL support you probably need to set :
live_dangerously = yes
Also in your asterisk.conf
https://wiki.asterisk.org/wiki/display/AST/Privilege+Escalations+with+Dialplan+Functions
On Tue, Jul 5, 2016 at 7:27 AM, Michael Jepson <Michael.Jepson at cm.nl>
wrote:
> Even weirder, when I check in asterisk, using "core show
functions", I can
> see the function SHELL right there.
> From what I can find, the call is made from a conf. file, as grep shows:
>
> globals.conf: G_server=${SHELL(hostname)}
>
> Is this even correct? The config files are from a much older version of
> asterisk, which I am trying to update.
>
> -----Original Message-----
> From: asterisk-users-bounces at lists.digium.com [mailto:
> asterisk-users-bounces at lists.digium.com] On Behalf Of Michael Jepson
> Sent: dinsdag 5 juli 2016 16:07
> To: Asterisk Users Mailing List - Non-Commercial Discussion <
> asterisk-users at lists.digium.com>
> Subject: Re: [asterisk-users] Function SHELL not registered
>
> I have rebuilt a new version, making sure func_shell was selected, but I
> am still getting this error.
>
> -----Original Message-----
> From: asterisk-users-bounces at lists.digium.com [mailto:
> asterisk-users-bounces at lists.digium.com] On Behalf Of A J Stiles
> Sent: maandag 4 juli 2016 09:34
> To: Asterisk Users Mailing List - Non-Commercial Discussion <
> asterisk-users at lists.digium.com>
> Subject: Re: [asterisk-users] Function SHELL not registered
>
> On Monday 04 Jul 2016, Michael Jepson wrote:
> > Hi all,
> >
> > I am getting the following error when starting asterisk:
> > pbx_functions.c: Function SHELL not registered
> >
> > Some of my conf files use a SHELL command, which used to work with an
> > older version of asterisk, but now with version 13.9.1 I see this
> > warning in the error log. How can I register the SHELL function? From
> > what I can find in the wiki's, it should just be available?
> >
> > Best regards,
> >
> > Michael Jepson
>
> Did you include func_shell in your Asterisk build?
>
> Fortunately, it's no biggie to build a missing module, because the
"make"
> command explicitly keeps track of everything it has already done and does
> not need to do again. Just cd into the folder with your Asterisk source,
> run `make menuselect` and select "func_shell" (under dialplan
functions).
> Then run `make` and finally `make install`.
>
> --
> AJS
>
> Note: Originating address only accepts e-mail from list! If replying
> off- list, change address to asterisk1list at earthshod dot co dot uk .
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New
> to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New
> to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
--
A human being should be able to change a diaper, plan an invasion, butcher
a hog, conn a ship, design a building, write a sonnet, balance accounts,
build a wall, set a bone, comfort the dying, take orders, give orders,
cooperate, act alone, solve equations, analyze a new problem, pitch manure,
program a computer, cook a tasty meal, fight efficiently, die gallantly.
Specialization is for insects.
---Heinlein
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20160705/00794d38/attachment.html>
Maybe Asterisk dialplan apps and functions don't work in the [globals] section. On 07/05/2016 11:40 AM, John Kiniston wrote:> If you just need the name of the system it may be contained in the > variable ${SYSTEMNAME}. > > This is assuming you have the systemname set in asterisk.conf > > https://wiki.asterisk.org/wiki/display/AST/Asterisk+Main+Configuration+File > > That said, for SHELL support you probably need to set : > > live_dangerously = yes > > Also in your asterisk.conf > > https://wiki.asterisk.org/wiki/display/AST/Privilege+Escalations+with+Dialplan+Functions > > > On Tue, Jul 5, 2016 at 7:27 AM, Michael Jepson <Michael.Jepson at cm.nl > <mailto:Michael.Jepson at cm.nl>> wrote: > > Even weirder, when I check in asterisk, using "core show > functions", I can see the function SHELL right there. > From what I can find, the call is made from a conf. file, as grep > shows: > > globals.conf: G_server=${SHELL(hostname)} > > Is this even correct? The config files are from a much older > version of asterisk, which I am trying to update. > > -----Original Message----- > From: asterisk-users-bounces at lists.digium.com > <mailto:asterisk-users-bounces at lists.digium.com> > [mailto:asterisk-users-bounces at lists.digium.com > <mailto:asterisk-users-bounces at lists.digium.com>] On Behalf Of > Michael Jepson > Sent: dinsdag 5 juli 2016 16:07 > To: Asterisk Users Mailing List - Non-Commercial Discussion > <asterisk-users at lists.digium.com > <mailto:asterisk-users at lists.digium.com>> > Subject: Re: [asterisk-users] Function SHELL not registered > > I have rebuilt a new version, making sure func_shell was selected, > but I am still getting this error. > > -----Original Message----- > From: asterisk-users-bounces at lists.digium.com > <mailto:asterisk-users-bounces at lists.digium.com> > [mailto:asterisk-users-bounces at lists.digium.com > <mailto:asterisk-users-bounces at lists.digium.com>] On Behalf Of A J > Stiles > Sent: maandag 4 juli 2016 09:34 > To: Asterisk Users Mailing List - Non-Commercial Discussion > <asterisk-users at lists.digium.com > <mailto:asterisk-users at lists.digium.com>> > Subject: Re: [asterisk-users] Function SHELL not registered > > On Monday 04 Jul 2016, Michael Jepson wrote: > > Hi all, > > > > I am getting the following error when starting asterisk: > > pbx_functions.c: Function SHELL not registered > > > > Some of my conf files use a SHELL command, which used to work > with an > > older version of asterisk, but now with version 13.9.1 I see this > > warning in the error log. How can I register the SHELL function? > From > > what I can find in the wiki's, it should just be available? > > > > Best regards, > > > > Michael Jepson > > Did you include func_shell in your Asterisk build? > > Fortunately, it's no biggie to build a missing module, because the > "make" > command explicitly keeps track of everything it has already done > and does not need to do again. Just cd into the folder with your > Asterisk source, run `make menuselect` and select "func_shell" > (under dialplan functions). Then run `make` and finally `make > install`. > > -- > AJS > > Note: Originating address only accepts e-mail from list! If > replying off- list, change address to asterisk1list at earthshod > dot co dot uk . > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com > -- New to Asterisk? Join us for a live introductory webinar every > Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com > -- New to Asterisk? Join us for a live introductory webinar every > Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > > > > > -- > A human being should be able to change a diaper, plan an invasion, > butcher a hog, conn a ship, design a building, write a sonnet, balance > accounts, build a wall, set a bone, comfort the dying, take orders, > give orders, cooperate, act alone, solve equations, analyze a new > problem, pitch manure, program a computer, cook a tasty meal, fight > efficiently, die gallantly. Specialization is for insects. > ---Heinlein > >-- if at first you don't succeed, skydiving isn't for you -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20160705/ccd6c590/attachment.html>
Adding live_dangerously did the trick. Thanks! But how dangerous is Asterisk
living now ?
From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces
at lists.digium.com] On Behalf Of John Kiniston
Sent: dinsdag 5 juli 2016 17:41
To: Asterisk Users Mailing List - Non-Commercial Discussion <asterisk-users
at lists.digium.com>
Subject: Re: [asterisk-users] Function SHELL not registered
If you just need the name of the system it may be contained in the variable
${SYSTEMNAME}.
This is assuming you have the systemname set in asterisk.conf
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Main+Configuration+File
That said, for SHELL support you probably need to set :
live_dangerously = yes
Also in your asterisk.conf
https://wiki.asterisk.org/wiki/display/AST/Privilege+Escalations+with+Dialplan+Functions
On Tue, Jul 5, 2016 at 7:27 AM, Michael Jepson <Michael.Jepson at
cm.nl<mailto:Michael.Jepson at cm.nl>> wrote:
Even weirder, when I check in asterisk, using "core show functions", I
can see the function SHELL right there.
From what I can find, the call is made from a conf. file, as grep shows:
globals.conf: G_server=${SHELL(hostname)}
Is this even correct? The config files are from a much older version of
asterisk, which I am trying to update.
-----Original Message-----
From: asterisk-users-bounces at
lists.digium.com<mailto:asterisk-users-bounces at lists.digium.com>
[mailto:asterisk-users-bounces at
lists.digium.com<mailto:asterisk-users-bounces at lists.digium.com>] On
Behalf Of Michael Jepson
Sent: dinsdag 5 juli 2016 16:07
To: Asterisk Users Mailing List - Non-Commercial Discussion <asterisk-users
at lists.digium.com<mailto:asterisk-users at lists.digium.com>>
Subject: Re: [asterisk-users] Function SHELL not registered
I have rebuilt a new version, making sure func_shell was selected, but I am
still getting this error.
-----Original Message-----
From: asterisk-users-bounces at
lists.digium.com<mailto:asterisk-users-bounces at lists.digium.com>
[mailto:asterisk-users-bounces at
lists.digium.com<mailto:asterisk-users-bounces at lists.digium.com>] On
Behalf Of A J Stiles
Sent: maandag 4 juli 2016 09:34
To: Asterisk Users Mailing List - Non-Commercial Discussion <asterisk-users
at lists.digium.com<mailto:asterisk-users at lists.digium.com>>
Subject: Re: [asterisk-users] Function SHELL not registered
On Monday 04 Jul 2016, Michael Jepson wrote:> Hi all,
>
> I am getting the following error when starting asterisk:
> pbx_functions.c: Function SHELL not registered
>
> Some of my conf files use a SHELL command, which used to work with an
> older version of asterisk, but now with version 13.9.1 I see this
> warning in the error log. How can I register the SHELL function? From
> what I can find in the wiki's, it should just be available?
>
> Best regards,
>
> Michael Jepson
Did you include func_shell in your Asterisk build?
Fortunately, it's no biggie to build a missing module, because the
"make"
command explicitly keeps track of everything it has already done and does not
need to do again. Just cd into the folder with your Asterisk source, run `make
menuselect` and select "func_shell" (under dialplan functions). Then
run `make` and finally `make install`.
--
AJS
Note: Originating address only accepts e-mail from list! If replying off-
list, change address to asterisk1list at earthshod dot co dot uk .
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to
Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to
Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
--
A human being should be able to change a diaper, plan an invasion, butcher a
hog, conn a ship, design a building, write a sonnet, balance accounts, build a
wall, set a bone, comfort the dying, take orders, give orders, cooperate, act
alone, solve equations, analyze a new problem, pitch manure, program a computer,
cook a tasty meal, fight efficiently, die gallantly. Specialization is for
insects.
---Heinlein
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20160706/6295fce7/attachment.html>
On Wed, Jul 6, 2016 at 4:05 AM, Michael Jepson <Michael.Jepson at cm.nl> wrote:> Adding live_dangerously did the trick. Thanks! But how dangerous is Asterisk > living now ? > > >>From README-SERIOUSLY.bestpractices.txt:==========================Avoid Privilege Escalations ========================== External control protocols, such as Manager, often have the ability to get and set channel variables; which allows the execution of dialplan functions. Dialplan functions within Asterisk are incredibly powerful, which is wonderful for building applications using Asterisk. But during the read or write execution, certain diaplan functions do much more. For example, reading the SHELL() function can execute arbitrary commands on the system Asterisk is running on. Writing to the FILE() function can change any file that Asterisk has write access to. When these functions are executed from an external protocol, that execution could result in a privilege escalation. Asterisk can inhibit the execution of these functions, if live_dangerously in the [options] section of asterisk.conf is set to no. In Asterisk 12 and later, live_dangerously defaults to no. When setting 'live_dangerously' to yes, you are taking responsibility for preventing permission escalation for those dialplan functions that can alter the underlying system. In addition to running Asterisk as a non-root user - which is always a good idea - your external applications should be sanitizing data passed through to said dialplan functions, and should implement their own stringent access control. Matt -- Matthew Jordan Digium, Inc. | CTO 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: http://digium.com & http://asterisk.org
On Wednesday 06 Jul 2016, Michael Jepson wrote:> Adding live_dangerously did the trick. Thanks! But how dangerous is > Asterisk living now ?I must admit, still using an ancient Asterisk version, I didn't know about live_dangerously. But it sort of makes sense. It is somewhat dangerous to have a function that can execute arbitrary system commands, especially as root. Just how dangerous depends on what commands can end up being executed. For instance, it probably would -not- be a good idea to include something like exten => 666,1,NoOp(${SHELL(/sbin/init 0)}) in a dialplan on a production server ..... Just be careful what commands you execute and what parameters you feed to them. You might even want to use a wrapper script around anything that could misbehave if given a wrong parameter (especially if the paramters depend on anything user-settable); do a quick sanity-check in the script itself, and only execute the "real" command if everything is within the range you expect. And don't think that blocking SHELL() makes your Asterisk server magically safe. You can still run dangerous system commands from within an AGI script. -- AJS Note: Originating address only accepts e-mail from list! If replying off- list, change address to asterisk1list at earthshod dot co dot uk .