Building Elastix 4 via RPM Repo
-
@dom said:
Maybe if I start fresh and open the ports before the install -will that work? But still left with the problem of root access blown away!
Yes, open ports and enable root access directly prior to installation. CentOS is root on by default, you'll need to run that way for Elastix or make custom accommodations for their RPMs.
-
BTW Im quite new to linux.
I tried another install a few days back and it was after installing this /root/rpmbuild/RPMS/noarch/elastix-firstboot-3.0.0-6.noarch.rpm
is when my sudoers files was overwritten - its not your script.So how do I do this? "So if you rely on /etc/sudoers, you must keep it updated after any yum run". LINUX noob...sorry guys
-
-
@dom said:
So how do I do this? "So if you rely on /etc/sudoers, you must keep it updated after any yum run". LINUX noob...sorry guys
If you are new to Linux, I would not use sudoers for this one specific workload. Generally, yes, sudoers is great. This will cause you no end of pain on Elastix, it's worth skipping.
If you want to be reasonably secure without sudoers you can do this...
- Set a password (long and complex) for the root user.
- Create non-root users for you to log in as.
- Always log in as your non-root user.
- Access root with this command:
- su - which will ask you for that root password before letting you access root
- You can also block root access via SSH and only allow your user(s) accounts to access over SSH
Ideal? No, not at all. Does it work? Yes, and it is more secure that tons of normal installs and more secure than CentOS / RHEL defaults.
-
Additionally, you can make your user accounts access via keys instead of passwords for another layer of protection.
-
So what if you want to fix the suders problem?
Try this...
- Fix sudoers and test it. Make sure that it does what you want.
- Copy the /etc/sudoers file to /etc/sudoers.custommaster
- Make a cron job that runs every fifteen minutes that does this...
- cp /etc/sudoers.custommaster /etc/sudoers
Not great, but it replaces suders four times and hour (more if you want) so if you lose access, you wait a few minutes and it puts it back.
Tools like Ansible and Chef would handle this too, but that is was more complex.
-
As a general point, Azure isn't ideal for Linux. It's expensive and unnecessarily complex and limited. It's not bad, but as a new Linux user it is certainly worth considering another platform.
I mostly use Rackspace and Digital Ocean for Linux VMs. Vultr is pretty good, too. AWS is good, but very hard to use.
-
@scottalanmiller said:
As a general point, Azure isn't ideal for Linux. It's expensive and unnecessarily complex and limited. It's not bad, but as a new Linux user it is certainly worth considering another platform.
I mostly use Rackspace and Digital Ocean for Linux VMs. Vultr is pretty good, too. AWS is good, but very hard to use.
He has free space and is using it for testing/lab. there is nothing wrong with Linux under Azure any more than there is under any other hosted provider.
-
@JaredBusch said:
He has free space and is using it for testing/lab. there is nothing wrong with Linux under Azure any more than there is under any other hosted provider.
Azure does not provide console access and expects that you address the traditional needs for it yourself. It requires more effort and expertise than is requires by DO, RS and Vultr which are prepared for the VPS type mode. If you are a large enterprise, these things are not so big of a deal on Azure. If you are an SMB, it often presents additional risk and complexity which results in more cost.
-
said:
Try this...
Awesome, thanks for the tips. Yes Azure is just our test lab I get $190/month credit so why not use it, right? Ill try the cron job and see if that works, will let you know.
-
@dom said:
said:
Try this...
Awesome, thanks for the tips. Yes Azure is just our test lab I get $190/month credit so why not use it, right? Ill try the cron job and see if that works, will let you know.
That makes sense then.
-
OK so I ran the install again. prompted me for mysql password and freepbx password. It rebooted so all was good.
When I go the website it shows me a server error http 500. Is there something else I need to do? ports are open 80, 443 and 3306. Web files look as though they are all there. Permissions?
-
@dom said:
OK so I ran the install again. prompted me for mysql password and freepbx password. It rebooted so all was good.
When I go the website it shows me a server error http 500. Is there something else I need to do? ports are open 80, 443 and 3306. Web files look as though they are all there. Permissions?
I can't remember if netstat is installed by default. Try this...
netstat -tulpn
If that fails, do this first then run the command again...
yum -y install net-tools
-
Port 3306 should not be open. That is the private database port for MariaDB and you absolutely do not want that exposed to anything.
-
@scottalanmiller said:
yum -y install net-tools
its already installed - when I run netstat it shows my internal ip here
cyrus-master
tcp 0 0 100.78xxxxxxxx
But I don't see my public ip in the list -
@dom said:
@scottalanmiller said:
yum -y install net-tools
its already installed - when I run netstat it shows my internal ip here
cyrus-master
tcp 0 0 100.78xxxxxxxx
But I don't see my public ip in the listThat's not at all the output of...
netstat -tulpn
-
Something in the installation is incorrect...If i need to change the server name or ip address which file do I do that in? hostfile?
-
@dom said:
Something in the installation is incorrect...If i need to change the server name or ip address which file do I do that in? hostfile?
Hostname is...
vi /etc/hostname
IP Address is changed easiest using a TUI:
nmtui
-
What is the output of...
netstat -tulpn
-
said:
netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:20004 0.0.0.0:* LISTEN 2553/php
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1841/mysqld
tcp 0 0 0.0.0.0:5038 0.0.0.0:* LISTEN 2519/asterisk
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 2496/cyrus-master
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 2496/cyrus-master
tcp 0 0 0.0.0.0:4559 0.0.0.0:* LISTEN 2547/hfaxd
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 1295/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1290/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2057/master
tcp 0 0 0.0.0.0:4190 0.0.0.0:* LISTEN 2496/cyrus-master
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 2496/cyrus-master
tcp 0 0 100.78.250.75:16001 0.0.0.0:* LISTEN 1298/python
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 2496/cyrus-master
tcp6 0 0 :::110 :::* LISTEN 2496/cyrus-master
tcp6 0 0 :::143 :::* LISTEN 2496/cyrus-master
tcp6 0 0 :::80 :::* LISTEN 3853/httpd
tcp6 0 0 :::53 :::* LISTEN 1295/dnsmasq
tcp6 0 0 :::22 :::* LISTEN 1290/sshd
tcp6 0 0 :::25 :::* LISTEN 2057/master
tcp6 0 0 :::443 :::* LISTEN 3853/httpd
tcp6 0 0 :::4190 :::* LISTEN 2496/cyrus-master
tcp6 0 0 :::993 :::* LISTEN 2496/cyrus-master
tcp6 0 0 :::995 :::* LISTEN 2496/cyrus-master
udp 0 0 0.0.0.0:53 0.0.0.0:* 1295/dnsmasq
udp 0 0 0.0.0.0:68 0.0.0.0:* 3800/dhclient
udp 0 0 0.0.0.0:69 0.0.0.0:* 1303/xinetd
udp 0 0 127.0.0.1:323 0.0.0.0:* 647/chronyd
udp 0 0 0.0.0.0:4520 0.0.0.0:* 2519/asterisk
udp 0 0 0.0.0.0:2727 0.0.0.0:* 2519/asterisk
udp 0 0 0.0.0.0:50631 0.0.0.0:* 3800/dhclient
udp6 0 0 :::53 :::* 1295/dnsmasq
udp6 0 0 ::1:323 :::* 647/chronyd
udp6 0 0 :::53939 :::* 3800/dhclient