Forum Replies Created

Viewing 15 posts - 226 through 240 (of 262 total)
  • Author
    Posts
  • Avatar photoTelium Support Group
    Participant
    Post count: 268

    You are welcome to download the latest software from the Telium website, and overwrite your installation. Please be sure to carefully compare the included config file to check for changes in stanzas, key names, new keys, etc.

    If you are running the Free Edition the new software will work immediately. If you have an active maintenance agreement then the upgrade will work as well.

    However, if your maintenance agreement has expired then the upgrade will revert to the Free Edition. Since you cannot extend a maintenance agreement that has expired you would have to purchase a new license.

    If your maintenance agreement is still active then you can extend it for as long as you like (purchased in 1 year increments from the BUY tab on the Telium web site).

    Avatar photoTelium Support Group
    Participant
    Post count: 268

    First of all make sure you know which system is generating the error (the host running HAAst, or the host which the post-sync script is connecting to). That may change the answer, and/or where you need to apply changes.

    One of these solutions should help:

    1. Try adding the “-t” parameter to the ssh command to create a pseudo terminal for the command to run in.
    2. Instead of “-t” try “-tt” to force a tty (even if ssh has no local tty).
    3. Remove sudo completely from the command in your bash script. Since the HAAst (service) runs as root the processes it forks also run as root (unless the system is further locked down). Assuming error is locally generated.
    4. Comment out the line “Defaults requiretty” in the /etc/sudoers file. Then sudo won’t require a TTY anymore for sudo commands. (But undstand security implications).
    5. Use the “su –c” command instead of sudo
    Avatar photoTelium Support Group
    Participant
    Post count: 268

    Instead of relying on FreePBX to recreate the AstDB, you should let HAAst synchronize it. (This is the standard HAAst configuration as of Jan 2016). To have HAAst synchronize the AstDB add an entry like this to the haast configuration:


    asteriskdb/description=Asterisk internal database
    asteriskdb/type=astdb
    asteriskdb/interval=300
    asteriskdb/debug=off
    asteriskdb/postsynccondition=never
    asteriskdb/postsyncruntime=60

    If you use the sample Asterisk sync file (sample_files/synchronizations/asteriskconfig.sync.conf) then this will be setup for you automatically.

    Warning: Do not try to synchronize this file using ‘file’ type. HAAst must read and write this file using SQL commands or you risk corrupting the file. As well, do not put this file on a DRBD partition, nor put it on a network share if there is any chance of the peer reading/writing this file at the same time.

    HAAst also has the ability replicated all keys from the AstDB, or generate new values for keys which must be unique, or leave each node with original values. Please contact Telium support for details on how to configure HAAst to control these keys during replication.

    Avatar photoTelium Support Group
    Participant
    Post count: 268

    The best way to communicate programmatically with HAAst is through the socket interface. When haast is running it creates a socket in the directory /var/run. This socket looks and acts just like a regular file; you can write to the file and read from the file to command HAAst and gather status information.

    To retrieve the status of the cluster via the socket interface, use the ‘getstatus’ command. The pseudocode to do so is as follows:


    Open file /var/run/haast.sock as read+write
    Read ‘ready>’ prompt from file
    Optionally write command ID and newline to file, e.g. ‘id: 123n’
    Write get status command and newline to file, e.g. ‘command:getstatus\n\n’
    Read response from file
    Close file
    Parse response

    The ID sent can be any string (to uniquely identify the response) but is optional. In general we recommend sending an auto-incremented counter. Once all required parameters (of this command) have been sent, send a second newline (i.e. 2 sequential newline characters) to tell HAAst the command is complete and ready for processing.

    The following is the actual output (read) in red color, and input (written) in blue color, from the above pseudo code:

    haast socket interface v1.1
    ready>id: 123
    command:getstatus
    
    id: 123
    result: ok
    cluster name: Telium
    cluster start time: 1459816998033
    cluster start time formatted: Mon Apr 4 20:43:18 2016
    cluster run duration: 12404571
    cluster run duration formatted: 71 days, 13 hours, 42 minutes, 51 seconds
    cluster fail over count: 79
    local peer name: PBX1 in Waterloo data center wall
    local haast state: 4
    local haast state formatted: Active
    local peer health state: 1
    local peer health state formatted: Normal
    local asterisk state: 2
    local asterisk state formatted: Started
    local asterisk connection state: 7
    local asterisk connection state formatted: Logged in
    local start time: 1464643147663
    local start time formatted: Mon May 30 17:19:07 2016
    local haast run duration: 2740022
    local haast run duration formatted: 15 days, 17 hours, 7 minutes, 2 seconds
    local fail over count: 11
    local previous fail over timestamp: 1465102805740
    local previous fail over timestamp formatted: Sun Jun 5 01:00:05 2016
    local previous fail over cause: 2
    local previous fail over cause formatted: Dual standby peer contention detected
    local previous haast state: 3
    local previous haast state formatted: Standby
    local to remote peerlink connection state: 7
    local to remote peerlink connection state formatted: Up
    remote data available: 1
    remote peer name: PBX2 VM in Mississauga data center
    remote haast state: 3
    remote haast state formatted: Standby
    remote peer health state: 1
    remote peer health state formatted: Normal
    remote asterisk state: 4
    remote asterisk state formatted: Stopped
    remote asterisk connection state: 4
    remote asterisk connection state formatted: Connect failed
    remote start time: 1464643407951
    remote start time formatted: Mon May 30 17:23:27 2016
    remote haast run duration: 2739761
    remote haast run duration formatted: 15 days, 17 hours, 2 minutes, 41 seconds
    remote fail over count: 8
    remote previous fail over timestamp: 1465102804675
    remote previous fail over timestamp formatted: Sun Jun 5 01:00:04 2016
    remote previous fail over cause: 23
    remote previous fail over cause formatted: Local peer automatic demotion request
    remote previous haast state: 4
    remote previous haast state formatted: Active
    remote to local peerlink connection state: 7
    remote to local peerlink connection state formatted: Up
    ready>

    To learn how to use the HAAst socket interface you can use the ‘socat’ command to interact with the HAAst socket from a Bash command line. (You may need to add the socat command / package to your particular Linux installation). The exact syntax for the socat command is as follows:


    socat – UNIX-CONNECT:/var/run/haast.sock

    You can then send any invalid command (eg: XXXX) and HAAst will respond with a list of valid commands.

    Avatar photoTelium Support Group
    Participant
    Post count: 268

    If you are using the Commercial Unlimited edition of SecAst, then you can check how an IP address scores on the SecData service using the telnet interface to SecAst. Connect to your local SecAst server by telnet and issue the ‘hackerdb check’ command. For example:

    $ telnet 172.1.1.1 3000
    Trying 172.1.1.1…
    Connected to 172.1.1.1.
    Escape character is ‘^]’.
    SecAst telnet interface on ‘PBX1 on Waterloo data center wall’
    SecAst>hackerdb check 1.2.3.4
    Action: checking Telium hacker database
    Database match: exact IP
    IP address: 1.2.3.4
    Score: 25
    SecAst>[/color]

    Alternatively, if you subscribe to the SecData service directly then you can check how an IP address scores from a browser by entering the query into the address bar; for example:
    https://XXX.telium.io/check-ipaddress?key=YYY&ip=1.2.3.4&format=p
    (you will need to substitute the hostname and key with those assigned to your account.)

    Please note that manual queries of the SecData service through SecAst are throttled, so if you issue too many queries too quickly you will receive a warning to try again later.

    Avatar photoTelium Support Group
    Participant
    Post count: 268

    SecData is a cloud based service, with load spread over multiple different cloud providers (including Amazon and GoDaddy). We have tested many times the load you require and SecData has no difficulty keeping up.

    If you are using SecAst to access the SecData, then by design your calls will never be delayed/dropped. SecAst allows calls to proceed in parallel to checking the SecData service for fraudulent phone numbers and IP addresses. If a match is found (and the score exceeds the threshold you define) then the call is disconnected and the caller’s IP is blocked.

    Avatar photoTelium Support Group
    Participant
    Post count: 268

    The sensor/health graphs show current and historical health scores, as generated by non-core sensors. Core sensor are the ones built into HAAst (non-configurable) and trigger an immediate failover upon detection of a critical issue.

    User defined sensors generate scores that show up in the graphs and reporting. So if you have not defined any sensors then you will not see any graphs.

    Note that some installations are satisfied with the core sensors only. But as you become more familiar with HAAst you will likely want to add some sensors (e.g. monitor the network/cable carrying SIP/RTP traffic from the PBX to the ITSP).

    Avatar photoTelium Support Group
    Participant
    Post count: 268

    The most likely cause is that one or more shared libraries are not installed. Ensure that all prerequisite libraries are installed. First, use the “ldd” command to show what libraries HAAst needs, and are available:

    root@pbx~$ldd haast
    linux-vdso.so.1 => (0x00007ffffbded000)
    libQt5Sql.so.5 => not found
    libQt5Xml.so.5 => not found
    libQt5Network.so.5 => not found
    libQt5Core.so.5 => not found
    libpthread.so.0 => /lib/x86_64-linuxgnu/
    libpthread.so.0 (0x00007ff6b71c4000)
    libstdc++.so.6 => /usr/lib/x86_64-linuxgnu/
    libstdc++.so.6 (0x00007ff6b6ec3000)
    libgcc_s.so.1 => /lib/x86_64-linuxgnu/
    libgcc_s.so.1 (0x00007ff6b6cad000)
    libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007ff6b68ed000)
    /lib64/ld-linux-x86-64.so.2 (0x00007ff6b73ef000)
    libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007ff6b65f0000)

    You would then have to add the missing libraries (normally through your package manager like apt-get or yum). In the above example case, the Qt libraries are missing; see section 7 of the instructions for details on how to add the Qt libraries to your Linux distribution.

    Avatar photoTelium Support Group
    Participant
    Post count: 268

    The most likely cause is that the banned IP’s are not being handled properly by the firewall. There is also a known issue with fail2ban – in case you are attempting to run fail2ban alongside SecAst.

    If you are using local IPtables to block attackers, ensure that the SECAST chain exists, and that the first rule on the INPUT chain jumps to target chain SECAST. For example, the command “iptables –L” should show something like:

    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    SECAST all — anywhere anywhere
    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    Chain SECAST (1 references)
    target prot opt source destination
    RETURN all — anywhere anywhere

    Avatar photoTelium Support Group
    Participant
    Post count: 268

    The most likely cause is that Asterisk is not providing enough information about an account violation.

    If you are running Asterisk 13 or later, then you should tell SecAst to use the AMI for talking to Asterisk (don’t use a security log file). This exposes a lot more information to SecAst.

    If you must use the Asterisk log file, please send that log file and the SecAst log file to support for assistance in identifying the attack type and adjusting your setting to recognize the attack.

    Avatar photoTelium Support Group
    Participant
    Post count: 268

    The attacker is providing a fake IP address (your server) as the source IP address in the SIP header, and this confuses Asterisk and results in the above error. SecAst is able to detect this type of attack and block the attacker at the network edge.

    Digium is aware of the underlying issue and has resolved it in Asterisk version 10 and later, but older Asterisk versions will not receive updated code. (Some users have posted changes to the Asterisk C code but this is beyond most users to apply). In versions of Asterisk 10 through 12, you can enable the Asterisk security log as described here: https://wiki.asterisk.org/wiki/display/AST/Asterisk+Security+Event+Logger) to view more accurate error messages; and you can tell SecAst to use the security log you specified (as described in the detailed installation guide).

    However, there are still dangers remaining from this type of attack. In version 13 and later of Asterisk you should not be using a security log file, and instead set SecAst to use the AMI for notification of events. Setting SecAst to use the AMI not only increases the speed and accuracy of blocking attackers, it allows SecAst access to detailed caller behavior which can be used to identify fraud and hacking before any damage has been done.

    If SecAst communicates with Asterisk through the AMI then numerous other protective measures are also enabled, including detection of stolen credentials, suspicious dialing patterns, etc.

    Avatar photoTelium Support Group
    Participant
    Post count: 268

    The SecAst executable has started, but a critical connection to Asterisk has not been successful. This in turn is preventing SecAst from protecting the Asterisk server.

    A delay in starting Asterisk, or a delay in Asterisk responding to SecAst may be the root cause, and no action is needed as the connection will succeed momentarily. Depending on the alert settings, a successful start email may be forthcoming. If not, examine the secast.log file for clues as to what Asterisk connection has been unsuccessful. The most common cause is that the AMI is unavailable because either the Asterisk is not started (yet), or the AMI connection settings mismatch.

    Avatar photoTelium Support Group
    Participant
    Post count: 268

    Confirm that your Asterisk (AMI) configuration in secast.conf matches the AMI configuration in manager.conf. If you are certain the interface credentials, port, and settings are correct, please contact support for further assistance.

    Avatar photoTelium Support Group
    Participant
    Post count: 268

    The SecAst log file or its parent directory has world write permissions, and newer versions of logrotate do not allow this to rotate. Manually running logrotate shows the results below:

    $logrotate -d -v secast
    reading config file secast
    Handling 1 logs
    rotating pattern: /var/log/secast after 1 days (7 rotations)
    empty log files are rotated, old logs are removed
    considering log /var/log/secast
    error: skipping “/var/log/secast” because parent directory has insecure permissions

    The solution is to uncomment the line in the /etc/logrotate.d/secast file to allow rotating regardless of permission:

    su root root

    Avatar photoTelium Support Group
    Participant
    Post count: 268

    One or more shared libraries are not installed. The solution is to ensure that all prerequisite libraries are installed.

    First, use the “ldd” command to show what libraries SecAst needs, and are available. You should see something like this:

    root@pbx~$ ldd secast-0.345.3.0-x86_64-ub12/secast
    linux-vdso.so.1 => (0x00007ffffbded000)
    libQt5Sql.so.5 => not found
    libQt5Xml.so.5 => not found
    libQt5Network.so.5 => not found
    libQt5Core.so.5 => not found
    libpthread.so.0 => /lib/x86_64-linuxgnu/
    libpthread.so.0 (0x00007ff6b71c4000)
    libstdc++.so.6 => /usr/lib/x86_64-linuxgnu/
    libstdc++.so.6 (0x00007ff6b6ec3000)
    libgcc_s.so.1 => /lib/x86_64-linuxgnu/
    libgcc_s.so.1 (0x00007ff6b6cad000)
    libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6
    (0x00007ff6b68ed000)
    /lib64/ld-linux-x86-64.so.2 (0x00007ff6b73ef000)
    libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6
    (0x00007ff6b65f0000)

    Based on the response shown in your case, you will have to add the missing libraries (normally through your package manager like apt-get or yum). In the above example case, the Qt libraries are missing; see section 5 of the instructions for details on how to add the Qt libraries.

Viewing 15 posts - 226 through 240 (of 262 total)