vicidial.org

[Kumba]

It's about that time. I'll be working on a new version of ViciBox v.4.0 based on OpenSuSE v.11.4 in both 32 and 64 bit forms. Because of that, I am starting the wishlist of features people want. Below are mine:

1) 'nomodeset' added as default kernel boot option (fixes weird VGA issues)
2) a 'vicidial-base' package to load pre-requisites on the system allowing a base OpenSuSE install to be a package-based vicibox (for hosted clients)
3) A menu-based vicibox-install program
4) Some sort of vicidial update program (maybe)
5) GeoIP and xtables configured for blocking countries and regions
6) fail2ban configured for SIP brute force attacks (maybe)
7) Some SNMP extensions for monitoring the local asterisk process
The elusive version specific 'vicibox' manual that has been mentioned before covering advanced partitioning, network, and HA modes. (Ugh, documentation)
9) Maybe an 11.4 'demo' CD, if I have time and interest

If you have any suggestion, or better yet, code you would like to add, feel free to reply and let me know what you have or want.

[williamconley]

Perhaps a log viewing mechanism to allow those level 9 managers without root access to see the asterisk/astguiclient logs. A cool addition would be to 'rotate' upon viewing (so the next view would be the next log) for asterisk logs (along with an historical view to see earlier logs that were rotated before).

Perhaps a menu-driven "just install the silly thing" option removing the need for menuing ... for the great masses of first time installers with no cluster and no hardware. Auto-install OS, update OS, reboot, install vicidial, random passwords, EST time zone (all of which can be changed later if desired, but now the install is stupid simple ...?)

Of course, upon completion you would log in with "vicidial" as the root password, you'd be shown the "system" passwords in the splash and required to immediately change the root pwd!

And you can't do some of this in 3.2 before the big jump to 4.0?

[Kumba]

Some of this already went into 3.1.11. Check that thread for what's new and improved there. It even include a 'ViciBox Express' ISO. I guess technically it should be v.3.2 but I feel lazy at the moment. v.3.2 or v.4.0 will probably coincide with Matt releasing v.2.4 ViciDial branch. The current ISO and installation method is mostly the same, just more/different features and bug fixes.

[indreias]

Is there any chances to configure the Asterisk service to be ran as asterisk (user and group) in the next release?

[ciacho]

1.
<Home> and <End> keys console patch (in console via SSH home and end keys not working):

@line 140 and 141 /etc/inputrc:
#
# Normal keypad and cursor of xterm
#
#"\e[1~": history-search-backward
#"\e[4~": set-mark

2.
Admin/Carriers view restricted to user level 9 only.

[williamconley]

I just had another instance where nomodeset was required in a Dell server. Can we "lock" this to always be nomodeset regardless of what the suse installer thinks the video driver may want?

[williamconley]

echo 'export EDITOR=/usr/bin/nano' >> /root/.bashrc
echo 'test -s ~/.alias && . ~/.alias || true' >> /root/.bashrc
will not take effect until next login (dupe your login NOW to test if you like)

Test (crontab -e uses the "default editor"):
crontab -e

[williamconley]

Code: Select all

nano +30 /etc/apache2/default-server.conf

add the "FilesMatch" portion

Code: Select all

         Allow from all
        <FilesMatch "\.(log|txt)$">
           Order allow,deny
           Deny from all
        </FilesMatch>
</Directory>

restart apache!

Code: Select all

/etc/init.d/apache2 restart

[williamconley]

it would also be nice if the date.timezone were the same in both php.ini files.

/etc/php5/apache2/php.ini
/etc/php5/cli/php.ini

it is presently set properly in the apache version, but left empty in the cli version

[Kumba]

Work has begun on ViciBox v.4.0. It will be based on OpenSuSE v.12.1 and contain the new release of ViciDial v.2.4. The below options have been added.

1.
<Home> and <End> keys console patch (in console via SSH home and end keys not working):

@line 140 and 141 /etc/inputrc:
#
# Normal keypad and cursor of xterm
#
#"\e[1~": history-search-backward
#"\e[4~": set-mark

echo 'export EDITOR=/usr/bin/nano' >> /root/.bashrc
echo 'test -s ~/.alias && . ~/.alias || true' >> /root/.bashrc
will not take effect until next login (dupe your login NOW to test if you like)

Test (crontab -e uses the "default editor"):
crontab -e

Code: Select all

nano +30 /etc/apache2/default-server.conf

add the "FilesMatch" portion

Code: Select all

         Allow from all
        <FilesMatch "\.(log|txt)$">
           Order allow,deny
           Deny from all
        </FilesMatch>
</Directory>

restart apache!

Code: Select all

/etc/init.d/apache2 restart

it would also be nice if the date.timezone were the same in both php.ini files.

/etc/php5/apache2/php.ini
/etc/php5/cli/php.ini

it is presently set properly in the apache version, but left empty in the cli version

[rrb555]

Sound GREAT. been waiting for a new update for a while since OpenSUSE 11.3 version faced EOL

[Kumba]

Yeah. For some reason they have decided to kill off the public repositories a few months early this time. That combined with Matt working on his v.2.4 branch release makes it an opportune time. Hopefully there will be something to show for it by the end of the month.

[rrb555]

I have new server installation and facing some errors with this repo server:php:extensions_11.3 . Will Vicidial still works flawlessly even this repo is not been updated? or do u have any suggestions?

[Kumba]

The php5-eaccelerator package comes from that repo. If there is an update made to php then that would need to be updated as well. After your update you can run php -v and if it doesn't say anything about eaccelerator being compiled for a different version then you are OK.

[rrb555]

I have requested the repositories maintainers to re-upload again that repo. Hope they approve my request.

anyway i have found same repo the same with the dead one. I hope using this new repo is ok. http://download.opensuse.org/repositori ... /repodata/

The php5-eaccelerator package comes from that repo. If there is an update made to php then that would need to be updated as well. After your update you can run php -v and if it doesn't say anything about eaccelerator being compiled for a different version then you are OK.

using the new repo and the code php -v

Vicidial:~ # php -v
No log handling enabled - turning on stderr logging
Created directory: /var/lib/net-snmp/mib_indexes
PHP 5.3.3 (cli)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
with eAccelerator v0.9.6.1, Copyright (c) 2004-2010 eAccelerator, by eAccelerator

will this work?

[Kumba]

Yeah, you will be fine. The message will say "This version of e-accelerator was compiled for a different version of php" if it doesn't work.

Unfortunately the problem is that the update and OSS repositories are going offline. They should be up for another 3 months or so but aren't. Usually they kill them off a few weeks prior to release.

[DomeDan]

I wish webroot_writable = 0 as default.

Edit: never mind, just notice this in /agc/vicidial.php: "# 120223-2119 - Removed logging of good login passwords if webroot writable is enabled"
but is this done to scripts writing to project_auth_entries.txt in /vicidial/ too?

[williamconley]

IPtables Mod:

1) Keep all existing setup on "whitelist only" instead of "everything open"

2) Create a new web page that runs only on port 81

3) Be sure the web page is NOT "index" so it must be addressed directly (no guessing, make it an impossible to guess page name like "akjsajg816j1283ja.php"). Consider rotating it regularly and sending the dynamic agents a link every morning before work if you're really security conscious.

4) That new web page has one purpose: Check user/pass against vicidial_users table (borrow the code from any vicidial page!) and if the user authenticates, add their IP address to the iptables "good" file managed by the "Recent" module in iptables.
This module allows the creation of a file that can be checked against within the iptables system.

5) If an entry is present or absent, special action can be taken. In this case, the action would be ACCEPT, thus after logging in to this page the agent is now "whitelisted" until reboot when that file is cleaned out.

We charge $100 to install this in a standard Vicibox installation, as we've already invested the time to create it. And you're right, it was fun to make. I'd like to make it part of Vicibox. Maybe I'll suggest that to Kumba

So: Perhaps this could be an "option" at installation?

We also have a version that's merely a table in mysql written to the same "good" file at reboot and each time the table is altered. Allows a manager to add a good ip without putty/ssh. We've considered modifying this to acquire IP addresses from the phone table (so the manager could manually place the ip in the phone record and iptables would just suddenly allow that ip past the firewall for access). Simple change to our existing system.

If this were to be part of 4.0, I would be quite proud.

[mflorell]

William- Have you opened up an Issue Tracker ticket for this where you've uploaded your code?

[williamconley]

Not yet, it's not exactly something that is directly in Vicidial (it's purely OpenSuse/Apache). But if it will get used as part of the system, I'd be happy to upload it! (If it isn't a waste of time, certainly!)

[mflorell]

James has said he would be open to offering it as an option. We would appreciate if you could add it to an Issue Tracker ticket with instructions and post the link here.

[williamconley]

I actually started to and realized it's a bit of a task. It's more "instructions" than "files". We create it without an install package (not enough using it to have paid for an installer). But I'll get it in there soon. I may have to reach into an existing install and 'extract'. I actually posted most of it here in a thread a couple times (back when there were some serious security problems happening for several clients ...). But not on the tracker at that point. And it has evolved a couple times since then (each new install grows it).

[randy_delgado_03]

If possible kumba, maybe we can add a option or configuration to freely change the sound of enter.h and leave.h (^_^) ...

[Trying]

William, the QC system in here would be very cool.

[Kumba]

If possible kumba, maybe we can add a option or configuration to freely change the sound of enter.h and leave.h (^_^) ...

That's statically compiled into the custom version of Asterisk. No real way to change it without some hefty modifications of the asterisk code.

[Acidshock]

I vote for a Pizza button