Building Elastix 4 via RPM Repo

scottalanmiller

@dom said:

BTW Im quite new to linux.

Welcome to the dark side

We have cookies, of course.

scottalanmiller

@dom said:

So how do I do this? "So if you rely on /etc/sudoers, you must keep it updated after any yum run". LINUX noob...sorry guys

If you are new to Linux, I would not use sudoers for this one specific workload. Generally, yes, sudoers is great. This will cause you no end of pain on Elastix, it's worth skipping.

If you want to be reasonably secure without sudoers you can do this...

• Set a password (long and complex) for the root user.
• Create non-root users for you to log in as.
• Always log in as your non-root user.
• Access root with this command:
  • su - which will ask you for that root password before letting you access root
• You can also block root access via SSH and only allow your user(s) accounts to access over SSH

Ideal? No, not at all. Does it work? Yes, and it is more secure that tons of normal installs and more secure than CentOS / RHEL defaults.

scottalanmiller

Additionally, you can make your user accounts access via keys instead of passwords for another layer of protection.

scottalanmiller

So what if you want to fix the suders problem?

Try this...

• Fix sudoers and test it. Make sure that it does what you want.
• Copy the /etc/sudoers file to /etc/sudoers.custommaster
• Make a cron job that runs every fifteen minutes that does this...
  • cp /etc/sudoers.custommaster /etc/sudoers

Not great, but it replaces suders four times and hour (more if you want) so if you lose access, you wait a few minutes and it puts it back.

Tools like Ansible and Chef would handle this too, but that is was more complex.

scottalanmiller

As a general point, Azure isn't ideal for Linux. It's expensive and unnecessarily complex and limited. It's not bad, but as a new Linux user it is certainly worth considering another platform.

I mostly use Rackspace and Digital Ocean for Linux VMs. Vultr is pretty good, too. AWS is good, but very hard to use.

JaredBusch

@scottalanmiller said:

As a general point, Azure isn't ideal for Linux. It's expensive and unnecessarily complex and limited. It's not bad, but as a new Linux user it is certainly worth considering another platform.

I mostly use Rackspace and Digital Ocean for Linux VMs. Vultr is pretty good, too. AWS is good, but very hard to use.

He has free space and is using it for testing/lab. there is nothing wrong with Linux under Azure any more than there is under any other hosted provider.

scottalanmiller

@JaredBusch said:

He has free space and is using it for testing/lab. there is nothing wrong with Linux under Azure any more than there is under any other hosted provider.

Azure does not provide console access and expects that you address the traditional needs for it yourself. It requires more effort and expertise than is requires by DO, RS and Vultr which are prepared for the VPS type mode. If you are a large enterprise, these things are not so big of a deal on Azure. If you are an SMB, it often presents additional risk and complexity which results in more cost.

dom

said:

Try this...

Awesome, thanks for the tips. Yes Azure is just our test lab I get $190/month credit so why not use it, right? Ill try the cron job and see if that works, will let you know.

scottalanmiller

@dom said:

said:

Try this...

Awesome, thanks for the tips. Yes Azure is just our test lab I get $190/month credit so why not use it, right? Ill try the cron job and see if that works, will let you know.

That makes sense then.

dom

OK so I ran the install again. prompted me for mysql password and freepbx password. It rebooted so all was good.

When I go the website it shows me a server error http 500. Is there something else I need to do? ports are open 80, 443 and 3306. Web files look as though they are all there. Permissions?

scottalanmiller

@dom said:

OK so I ran the install again. prompted me for mysql password and freepbx password. It rebooted so all was good.

When I go the website it shows me a server error http 500. Is there something else I need to do? ports are open 80, 443 and 3306. Web files look as though they are all there. Permissions?

I can't remember if netstat is installed by default. Try this...

 netstat -tulpn

If that fails, do this first then run the command again...

yum -y install net-tools

scottalanmiller

Port 3306 should not be open. That is the private database port for MariaDB and you absolutely do not want that exposed to anything.

dom

@scottalanmiller said:

yum -y install net-tools

its already installed - when I run netstat it shows my internal ip here
cyrus-master
tcp 0 0 100.78xxxxxxxx
But I don't see my public ip in the list

scottalanmiller

@dom said:

@scottalanmiller said:

yum -y install net-tools

its already installed - when I run netstat it shows my internal ip here
cyrus-master
tcp 0 0 100.78xxxxxxxx
But I don't see my public ip in the list

That's not at all the output of...

netstat -tulpn

dom

Something in the installation is incorrect...If i need to change the server name or ip address which file do I do that in? hostfile?

scottalanmiller

@dom said:

Something in the installation is incorrect...If i need to change the server name or ip address which file do I do that in? hostfile?

Hostname is...

vi /etc/hostname

IP Address is changed easiest using a TUI:

nmtui

scottalanmiller

What is the output of...

netstat -tulpn

dom

said:

netstat -tulpn

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:20004 0.0.0.0:* LISTEN 2553/php
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1841/mysqld
tcp 0 0 0.0.0.0:5038 0.0.0.0:* LISTEN 2519/asterisk
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 2496/cyrus-master
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 2496/cyrus-master
tcp 0 0 0.0.0.0:4559 0.0.0.0:* LISTEN 2547/hfaxd
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 1295/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1290/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2057/master
tcp 0 0 0.0.0.0:4190 0.0.0.0:* LISTEN 2496/cyrus-master
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 2496/cyrus-master
tcp 0 0 100.78.250.75:16001 0.0.0.0:* LISTEN 1298/python
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 2496/cyrus-master
tcp6 0 0 :::110 :::* LISTEN 2496/cyrus-master
tcp6 0 0 :::143 :::* LISTEN 2496/cyrus-master
tcp6 0 0 :::80 :::* LISTEN 3853/httpd
tcp6 0 0 :::53 :::* LISTEN 1295/dnsmasq
tcp6 0 0 :::22 :::* LISTEN 1290/sshd
tcp6 0 0 :::25 :::* LISTEN 2057/master
tcp6 0 0 :::443 :::* LISTEN 3853/httpd
tcp6 0 0 :::4190 :::* LISTEN 2496/cyrus-master
tcp6 0 0 :::993 :::* LISTEN 2496/cyrus-master
tcp6 0 0 :::995 :::* LISTEN 2496/cyrus-master
udp 0 0 0.0.0.0:53 0.0.0.0:* 1295/dnsmasq
udp 0 0 0.0.0.0:68 0.0.0.0:* 3800/dhclient
udp 0 0 0.0.0.0:69 0.0.0.0:* 1303/xinetd
udp 0 0 127.0.0.1:323 0.0.0.0:* 647/chronyd
udp 0 0 0.0.0.0:4520 0.0.0.0:* 2519/asterisk
udp 0 0 0.0.0.0:2727 0.0.0.0:* 2519/asterisk
udp 0 0 0.0.0.0:50631 0.0.0.0:* 3800/dhclient
udp6 0 0 :::53 :::* 1295/dnsmasq
udp6 0 0 ::1:323 :::* 647/chronyd
udp6 0 0 :::53939 :::* 3800/dhclient

dom

said:

nmtui

BTW should mention that Im using dynamic ip address

internal ip is 100.78.250.75
public dynamic is 40.121.19.1

scottalanmiller

So https://100.78.250.75/ is bringing up the 500 error?