Home Forum Developers IP0x saving changes on ip02

JRPassphrase Registration Control

In order to register on this site, you must first submit the passphrase below.

TODO list for each hardware target can be found as sticky topic in the corresponding forum


uros09
useravatar
User Info

saving changes on ip02

Hello,

I have recently updated my astfin atcom ip02 device to switchfin. I have newer version of Asterisk and Linux kernel now. However I am new at this type of OS. I also dislike GUI interface and I want to change configuration by manually editing files. I made some changes via ssh access, I have changed root password too and box used my new password for some time, but in the morning I found out that it reverts back to old default root password and has overwritten my configuration changes. Why did it do that ?

How can I save changes made via ssh access to that device ?

Thank you,
Uros


Administrator has disabled public posting
Chewi
useravatar
User Info

Re: saving changes on ip02

Only files in /persistent will keep their changes. Most of these are symlinked from /, particularly the files in /etc/asterisk, which you are probably interested in. I plan on making this more transparent so that just about any file can be changed.


Administrator has disabled public posting
uros09
useravatar
User Info

Re: saving changes on ip02

Why is impossible to change default root password for ssh access ?

I tried many times with passwd root but nothing changes in /persistent/etc/passwd and I am able to log in via ssh only with default password which is in my opinion giant security hole because default ssh password is available to everyone in manual.

I also tried to manually change configuration for FXO and FXS ports (chan_dahdi.conf) and sip configuration in sip.conf using vi editor. I saved changes and checked those files after changes and also checked how Asterisk sees it. That configuration worked some time but when I wake up in the morning everything was messed up like device did some sort of sync with Asterisk GUI and wrote what it wanted (which is not what I want) and what is worse which is incorrect. It has written that fxo device is in other context and did similar with sip.conf ...

It must be the way to turn of that GUI and to disable those overwriting and to change default root password.


Administrator has disabled public posting
Chewi
useravatar
User Info

Re: saving changes on ip02

It seems to be true that /etc/passwd remains unchanged. I changed it when I built the firmware image so I haven't had this problem but I suspect the reason is that the passwd command performs security checks, which could include making sure that /etc/passwd is not a symlink. This problem should also go away with my planned changes.

The other problem is probably due to the GUI. I have never used it myself. If you don't want it then disable it during "make menuconfig".


Administrator has disabled public posting
uros09
useravatar
User Info

Re: saving changes on ip02

I didn't go through entire procedure of building my own firmware. I tried that ,downloaded svn source code but miserably failed at "make uBoot" step from README file. I just completed step 1 (read README file). It says "No rule to make target" like I am doing it wrongly or from wrong directory(root of downloaded files I also tried from uBoot folder with same effect) and README does not say where to do it just do "make uBoot". I am green in this so I failed to prceed and never reached step "make menuconfig".

Then I found an image "uImage-ip02-ip08-v624.img" at switchvoice web site and upgraded from Astfin to Switchfin using "Upgrade Firmware" option from GUI.

Can I disable GUI with some command via ssh without need to make my own firmware for device ? Can I just delete GUI from its folder ?


Administrator has disabled public posting
Chewi
useravatar
User Info

Re: saving changes on ip02

I wouldn't know. Best hand over to one of the other guys for that one.


Administrator has disabled public posting
admin
useravatar
User Info

Re: saving changes on ip02

Hi uros09,

Yes it seems passwd command doesn't work as it should.
I don't think it is related with the GUI.
As work around you may calculate your 'crypth' string and put it manually in /etc/passwd for now.

The GUI password can be changed from the option menu.

Best Regards
Dimitar


Administrator has disabled public posting
uros09
useravatar
User Info

Re: saving changes on ip02

Ok

That's clear about passwd I will try that.

Why my files in /persistent/etc/asterisk/ are not like I leave them half day ago ?

What is changing them and is there a way to stop it (except building my custom

firmware) ? (I didn't access GUI at all and some files has been changed since

yesterday).

Thanks


Administrator has disabled public posting
uros09
useravatar
User Info

Re: saving changes on ip02

I also had strange situation when I come back from work I found out device unreachable for ssh access (refusing connections before asking for password with some message about identity), and port 1 and port 2 leads not turned on and GUI unreachable too. The day before I changed just extensions.conf and commented out 2 lines (where it includes other files for which I think are calling some commands which overwrite changes and add some unwanted dialplan and configuration). After reboot I could login via ssh and saw no dahdi device has been found.I accessed GUI (after I removed ; from those 2 lines) and it shows no FXO port, no analog hardware... My /etc/dahdi/system.conf lost fxo and fxs lines.

I thought device or at least modules stopped working but after I did firmware ugrade (to same firmware it used) leds were turned on and hardware has been recognised.

I don't know what is this device doing and why it can't stay in same condition for more than half day ? (It was ok in the morning with the same configuration I left last night). It hasn't been hacked for sure because only LAN traffic has been allowed to connect to port 22. I just saw some brute force attempts to login on one sip account.

If I can suggest you might consider putting software like iptables and fail2ban in future firmware releases so device can ban brute force attackers.


Administrator has disabled public posting
uros09
useravatar
User Info

Re: saving changes on ip02

ok I think I managed to put device under control by disabling asterisk manager interface,http-static, commenting extensions.conf first line where it includes extensions_custom.conf, completly disabling ssh from outside of my local network enabling it just from LAN, disabling remote managment of my router.

It looks fine now. It can even do less command which it couldn't few days ago.


Administrator has disabled public posting
uros09
useravatar
User Info

Re: saving changes on ip02

It works fine. I enabled GUI and configured it and everything is fine. I can see callerid for incomming calls. Thing I can't find in GUI wchich could be useful is
to block incomming calls from some numbers (blacklist). Is there any chance to put this feature in next release of Switchfin ?


Administrator has disabled public posting

Board Info

Board Stats:   Total Users: 2587  Total Topics: 299  Total Polls: 1  Total Posts: 1727  Dormant
User Info:   Newest User :  user2553   Members Online: 0   Guests Online: 544
Online  There are no members online
Topic
New
Locked
Topic
New
Locked
Sticky
Active
New/Active
Sticky
Active
New/Active
New/Closed
New Sticky
Closed/Active
New/Locked
New Sticky
Locked/Active
Active/Sticky
Sticky/Locked
Sticky Active Locked
Active/Sticky
Sticky/Locked
Sticky/Active/Locked