Noob question, but a good one. (It's actually Linux related!)

Steve Alligood steve at betterlinux.com
Fri Apr 5 19:17:57 MDT 2013


Not a problem if you lock down apache to specific IPs :)

In fact, there are enough sip vulnerabilities from time to time that I put the phones themselves on either a private network (or controlled public netowork) or give them dyndns set ups and have a script auto update the iptables rules to those DNA names.

-Steve

On Apr 5, 2013, at 7:02 PM, "S. Dale Morrey" <sdalemorrey at gmail.com> wrote:

> You know, that's a very good question that I've never explored.  Can anyone
> chime in on that for me?  Also is there a security problem with letting
> Apache own the config files for Asterisk?
> 
> 
> On Fri, Apr 5, 2013 at 7:29 PM, Jima <jima at beer.tclug.org> wrote:
> 
>> On 2013-04-05 18:06, S. Dale Morrey wrote:
>>> Hey Pluggers,
>>> 
>>> I've got a quick best practices question for you.
>>> 
>>> I have asterisk installed and running as the asterisk user and apache
>>> installed and running as the apache user.
>>> 
>>> I've got a new web interface that needs to execute some scripts to modify
>>> asterisk dialplans, tell asterisk to reload itself, etc.
>>> 
>>> Would it be best to add asterisk to the apache group, apache to the
>>> asterisk group, both of the above or something else?
>> 
>>  Is there a reason Asterisk needs to be able to write to the tree?  As
>> long as it can read the configuration files, you don't really need to
>> muck around with group ownership.  Personally, I'd just grant the apache
>> user the ability to reload Asterisk via sudo, and let it own the configs.
>> 
>>      Jima
>> 
>> 
>> 


More information about the PLUG mailing list