API tools faq
paste
Advertisement
load-net

asterisk-20

load-net
Mar 5th, 2024 (edited)
59
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.11 KB | None | 0 0
raw download clone embed print report
  1. ;;;;;;;ASTERISK INSTALL;;;;;;;;;;;;
  2.  
  3. cd /usr/src
  4. wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-20-current.tar.gz
  5. tar xzvf asterisk-20-current.tar.gz
  6. cd /usr/src/asterisk-20.6.0/
  7. contrib/scripts/install_prereq install
  8. ./configure --with-pjproject-bundled
  9. make menuselect
  10. make -j4 && make install && make samples && make config && ldconfig
  11. ;Дадим права
  12. adduser --system --group --home /var/lib/asterisk --no-create-home --gecos "Asterisk" asterisk
  13. usermod -a -G dialout,audio asterisk
  14. chown -R asterisk: /var/{lib,log,run,spool}/asterisk /usr/lib/asterisk /etc/asterisk
  15.  
  16.  
  17. sed -i 's/;runuser = asterisk/runuser = asterisk/' /etc/asterisk/asterisk.conf
  18. sed -i 's/;rungroup = asterisk/rungroup = asterisk/' /etc/asterisk/asterisk.conf
  19. sed -i '/^;\[radius\]/ s/^;//' /etc/asterisk/cdr.conf
  20. sed -i '/^;radiuscfg =>/ s/^;//' /etc/asterisk/cdr.conf
  21. sed -i '/^;full.log => n/ s/^;//' /etc/asterisk/logger.conf
  22.  
  23.  
  24. systemctl enable asterisk
  25. systemctl stop asterisk && systemctl start asterisk && systemctl status asterisk
  26. asterisk -rvvvvvv
  27.  
  28.  
  29. sed -i -e '$a\' -e 'cd /etc/asterisk/' ~/.bashrc
  30. export CDPATH="/etc/asterisk/"
  31.  
  32.  
  33. apt install -y rsyslog
  34.  
  35. mcedit /etc/logrotate.d/rsyslog
  36.  
  37. ###Добавить
  38.  
  39.  
  40. /var/log/asterisk/queue_log
  41. /var/log/asterisk/messages.log
  42. /var/log/asterisk/full.log
  43.  
  44. {
  45. rotate 6
  46. size 20M
  47. missingok
  48. notifempty
  49. compress
  50. delaycompress
  51. sharedscripts
  52. postrotate
  53. /usr/lib/rsyslog/rsyslog-rotate
  54. endscript
  55. }
  56.  
  57.  
  58.  
  59.  
  60.  
  61. ------------------------------------------------------------------
  62. service rsyslog restart
  63. ------------------------------------------------------------------
  64.  
  65. crontab -e
  66.  
  67. * * * * * /usr/sbin/logrotate /etc/logrotate.conf
  68.  
  69. -----------------------------------------------------------------
  70. tail -f /var/log/syslog | grep CRON
  71. -----------------------------------------------------------------
  72. ls -lh /var/log/syslog
  73.  
  74. ls -lh /var/log/asterisk/
  75.  
  76.  
  77.  
  78. ****************************************************************
  79. ### В папку /etc/logrotate.d добаить asterisk
  80. /var/log/asterisk/messages.log
  81. /var/log/asterisk/full.log
  82. /var/log/asterisk/security.log
  83. .
  84. {
  85. compress
  86. delaycompress
  87. nocreate
  88. nocopytruncate
  89. nomissingok
  90. rotate 6
  91. size 2M
  92. noolddir
  93. postrotate
  94. /usr/sbin/asterisk -rx 'logger reload'
  95. endscript
  96. }
  97.  
  98. /var/log/asterisk/cdr-csv/Master.csv {
  99. compress
  100. missingok
  101. delaycompress
  102. nocreate
  103. nocopytruncate
  104. rotate 253
  105. noolddir
  106. postrotate
  107. /usr/sbin/asterisk -rx 'logger reload'
  108. endscript
  109. }
  110.  
  111.  
  112. ***************************************************************
  113.  
  114.  
  115.  
  116. apt install -y mc
  117.  
  118.  
  119. apt install -y odbc-postgresql unixodbc
  120. odbcinst -q -d
  121. odbcinst -q -d -n 'PostgreSQL Unicode'
  122.  
  123. mcedit /etc/odbcinst.ini
  124. mcedit /etc/odbc.ini
  125. mcedit /etc/asterisk/cdr_adaptive_odbc.conf
  126. mcedit /etc/asterisk/res_odbc.conf
  127. mcedit /etc/asterisk/cel_odbc.conf
  128. mcedit /etc/asterisk/cdr_odbc.conf
  129. mcedit /etc/asterisk/sorcery.conf
  130.  
  131.  
  132.  
  133.  
  134.  
  135. mcedit /etc/odbcinst.ini
  136. [PostgreSQL Unicode]
  137. Description=PostgreSQL ODBC driver (Unicode version)
  138. Debug=1
  139. CommLog=1
  140. Driver = /usr/lib/x86_64-linux-gnu/odbc/psqlodbcw.so
  141. Setup = /usr/lib/x86_64-linux-gnu/odbc/libodbcpsqlS.so
  142. Driver64 = /usr/lib/x86_64-linux-gnu/odbc/psqlodbcw.so
  143. Setup64 = /usr/lib/x86_64-linux-gnu/odbc/libodbcpsqlS.so
  144. UsageCount = 2
  145.  
  146.  
  147. mcedit /etc/odbc.ini
  148. [mypostgresqldb]
  149. Description=My Postgresql sample database
  150. Driver=PostgreSQL Unicode
  151. Driver = postgresql
  152. Username = postgres
  153. Password = 1234566
  154. Servername = 10.20.7.122
  155. Database = aster117
  156. Port = 5432
  157. ReadOnly = No
  158. Protocol = 7.4+
  159. ShowOidColumn = No
  160. FakeOidIndex = No
  161. RowVersioning = No
  162. ShowSystemTables = No
  163. Fetch = Yes
  164. BoolsAsChar = Yes
  165. SSLmode = disable
  166. ConnSettings =
  167.  
  168.  
  169.  
  170. mcedit /etc/asterisk/res_odbc.conf
  171. [aster117-res_odbc]
  172. enabled=>yes
  173. dsn=>mypostgresqldb
  174. max_connections => 1
  175. pre-connect=>yes
  176. username=>postgres
  177. password=>1234566
  178. database=>aster117
  179.  
  180.  
  181.  
  182. mcedit /etc/asterisk/cdr_adaptive_odbc.conf
  183. [cdr_adaptive_connection]
  184. connection=aster117-res_odbc
  185. table=cdr
  186. loguniqueid=yes
  187. usegmtime=no
  188. alias start => calldate
  189. alias realdst => realdst
  190. alias remoteip => remoteip
  191. alias start => calldate
  192. alias hangupcause => hangupcause
  193. alias peerip => peerip
  194. alias recvip => recvip
  195. alias fromuri => fromuri
  196. alias useragent => useragent
  197. alias filename => filename
  198.  
  199.  
  200. mcedit /etc/asterisk/extconfig.conf
  201. [settings]
  202. ps_aors => odbc,aster117-res_odbc
  203. ps_aster117_publications => odbc,aster117-res_odbc
  204. ps_auths => odbc,aster117-res_odbc
  205. ps_contacts => odbc,aster117-res_odbc
  206. ps_domain_aliases => odbc,aster117-res_odbc
  207. ps_endpoint_id_ips => odbc,aster117-res_odbc
  208. ps_endpoints => odbc,aster117-res_odbc
  209. ps_globals => odbc,aster117-res_odbc
  210. ps_inbound_publications => odbc,aster117-res_odbc
  211. ps_outbound_publishes => odbc,aster117-res_odbc
  212. ps_registrations => odbc,aster117-res_odbc
  213. ps_transports => odbc,aster117-res_odbc
  214. queues => odbc,aster117-res_odbc
  215. queue_members => odbc,aster117-res_odbc
  216. musiconhold => odbc,aster117-res_odbc
  217. musiconhold_entry => odbc,aster117-res_odbc
  218.  
  219.  
  220. mcedit /etc/asterisk/sorcery.conf
  221. [test_sorcery_section]
  222. test=memory
  223.  
  224. [test_sorcery_cache]
  225. test/cache=test
  226. test=memory
  227. ; The following object mapping is the default mapping of external MWI mailbox
  228. ; objects to give persistence to the message counts.
  229. ;
  230. ;[res_mwi_external]
  231. ;mailboxes=astdb,mwi_external
  232.  
  233. ;
  234. ; The following object mappings set PJSIP objects to use realtime database mappings from extconfig
  235. ; with the table names used when automatically generating configuration from the alembic script.
  236. ;
  237. [res_pjsip]
  238. endpoint=realtime,ps_endpoints
  239. endpoint=config,pjsip.conf,criteria=type=endpoint
  240. auth=realtime,ps_auths
  241. auth=config,pjsip.conf,criteria=type=auth
  242. aor=realtime,ps_aors
  243. aor=config,pjsip.conf,criteria=type=aor
  244. ;transport=config,pjsip.conf,criteria=type=transport
  245. ;domain_alias=realtime,ps_domain_aliases
  246. contact=realtime,ps_contacts
  247.  
  248. [res_pjsip_endpoint_identifier_ip]
  249. identify=realtime,ps_endpoint_id_ips
  250.  
  251. [res_pjsip_outbound_publish]
  252. outbound-publish=realtime,ps_outbound_publishes
  253.  
  254. [res_pjsip_pubsub]
  255. inbound-publication=realtime,ps_inbound_publications
  256.  
  257. [res_pjsip_publish_asterisk]
  258. asterisk-publication=realtime,ps_asterisk_publications
  259.  
  260.  
  261. *********************************************************************
  262. systemctl stop asterisk && systemctl start asterisk && systemctl status asterisk
  263. asterisk -rvvvvvv
  264.  
  265. odbc show all
  266.  
  267. #####################################################################
  268.  
  269.  
  270. ######################################################################################
  271.  
  272.  
  273. asterisk
  274. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  275. mcedit /etc/asterisk/pjsip.conf
  276.  
  277. [transport-udp-nat]
  278. type=transport
  279. protocol=udp
  280. bind=0.0.0.0
  281. local_net=10.10.50.0/24
  282. external_media_address=109.105.165.107
  283. external_signaling_address=109.105.165.107
  284.  
  285. [acl]
  286. type=acl
  287. deny=0.0.0.0/0.0.0.0
  288. permit=176.59.192.0-176.59.223.255
  289. permit=10.0.0.0/8
  290. permit=83.102.160.66
  291. permit=109.105.165.0/24
  292.  
  293. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
  294. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
  295.  
  296. mcedit /etc/asterisk/extensions.conf
  297. [zadarma-in]
  298. exten => 620465,1,Set(CHANNEL(accountcode)=277)
  299. same => n,Goto(lk_620465_pbx,620465,1)
  300. same => n,Hangup
  301.  
  302.  
  303. [zadarma-out]
  304. exten => _XXX,1,Dial(PJSIP/${EXTEN}) ; звонки на трехзначные внутренние номера aстериска
  305.  
  306.  
  307. exten => 103,1,NoOp("Проверка, переведен ли звонок")
  308. same => n,GotoIf($["${BLINDTRANSFER}" != ""]?hangup:continue)
  309. same => n(continue),Dial(PJSIP/${EXTEN})
  310. same => n,Hangup()
  311. same => n(hangup),NoOp("Звонок переведенный - вешаем трубку")
  312. same => n,Hangup()
  313.  
  314.  
  315.  
  316.  
  317. exten => _XXX.,1,Dial(PJSIP/${EXTEN}@620465) ; звонки на номера в которых четрые и более цифр через транк 620465
  318.  
  319. ;exten => _XXX,1,Gosub(sub-devstate,${EXTEN},1)
  320. ;exten => _XXX,n,Dial(SIP/${EXTEN},90,trm)
  321. ;exten => _XXX,n,Hangup()
  322.  
  323.  
  324.  
  325.  
  326.  
  327.  
  328.  
  329.  
  330. exten => 101,1,Gosub(sub-devstate,${EXTEN},1)
  331. same => n,Mixmonitor(/home/${EXTEN}n_.${UNIQUEID}.wav,b)
  332. same => n(local_out),Dial(PJSIP/101,3,rt)
  333. same => n,GotoIfTime(18:00-08:00,mon-fri,*,*?local_out)
  334. same => n,Set(CALLERID(num)=00000000)
  335. same => n,Dial(PJSIP/241247@620465)
  336.  
  337. exten => 1,1,Set(CHANNEL(accountcode)=549)
  338. same => n,Answer
  339. same => n,MixMonitor(/home/${EXTEN}n_.${UNIQUEID}.wav,b)
  340. same => n,Queue(test_all,rt)
  341.  
  342. exten => 2,1,Set(CDR(description)=ivr:${EXTEN})
  343. same => n,MixMonitor(/home/${EXTEN}n_.${UNIQUEID}.wav,b)
  344. same => n,Dial(PJSIP/102,20,rt)
  345. ; same => n,Dial(PJSIP/101,20,rt)
  346. same => n,GotoIfTime(*,*,28-31,jul?weekend2)
  347. same => n,GotoIfTime(*,*,1-20,jan?weekend2)
  348. same => n,Dial(PJSIP/101,15,rt)
  349. same => n,Set(CALLERID(num)=73452999999)
  350. same => n,Goto(exten,1,1)
  351. same => n,Hangup
  352. same => n(weekend2),Dial(PJSIP/241247@620465,,rt)
  353. same => n,Hangup
  354.  
  355.  
  356. [sub-devstate]
  357. exten => _X.,1,Log(NOTICE, "${EXTEN} has DEVICE STATE ${DEVICE_STATE(SIP/${EXTEN})}")
  358. exten => _X.,n,GotoIf($["${DEVICE_STATE(PJSIP/${EXTEN})}" = "BUSY"]?s-BUSY,1)
  359. exten => _X.,n,GotoIf($["${DEVICE_STATE(PJSIP/${EXTEN})}" = "INUSE"]?s-BUSY,1)
  360. exten => _X.,n,GotoIf($["${DEVICE_STATE(PJSIP/${EXTEN})}" = "INVALID"]?s-INVALID,1)
  361. exten => _X.,n,GotoIf($["${DEVICE_STATE(PJSIP/${EXTEN})}" = "UNAVAILABLE"]?s-UNAVAILABLE,1)
  362. exten => _X.,n,Return()
  363. exten => s-BUSY,1,NoOp(Абонент ${EXTEN} в данный момент разговаривает)
  364. exten => s-BUSY,n,Playback(extension-is-busy)
  365. exten => s-BUSY,n,Hangup(17)
  366. exten => s-INVALID,1,NoOp(Абонент ${EXTEN} не существует)
  367. exten => s-INVALID,n,Goto(no-number,${EXTEN},1)
  368. exten => s-INVALID,n,Hangup(1)
  369. exten => s-UNAVAILABLE,1,NoOp(Абонент ${EXTEN} не доступен)
  370. exten => s-UNAVAILABLE,n,Playback(ss-noservice)
  371. exten => s-UNAVAILABLE,n,Wait(2)
  372. exten => s-UNAVAILABLE,n,Hangup(18)
  373. [no-number]
  374. exten => _X.,1,NoOp(Статус набора - ${DIALSTATUS})
  375. exten => _X.,n,Goto(invalid-number,1)
  376. exten => invalid-number,1,NoOp(Неверно набран номер)
  377. exten => invalid-number,n,Set(CDR(userfield)=No Number)
  378. exten => invalid-number,n,Playback(pbx-invalid)
  379. exten => invalid-number,n,Wait(1)
  380. exten => invalid-number,n,Hangup()
  381. exten => t,1,Playback(vm-goodbye)
  382. exten => t,n,Hangup()
  383. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
  384. #######################################################################################
  385. ########################################################################################
  386. ########################################################################################
  387.  
  388. echo "select 1" | isql -v mypostgresqldb postgres 1234566
  389.  
  390.  
  391.  
  392.  
  393.  
  394. apt remove --auto-remove nftables -y
  395. apt purge nftables -y
  396. apt update
  397. apt install fail2ban iptables iptables-persistent -y
  398. iptables -L -v
  399.  
  400. systemctl enable iptables
  401.  
  402. mcedit /etc/asterisk/logger.conf
  403. security => security
  404. console => notice,warning,error
  405. console => notice,warning,error,debug
  406. messages => notice,warning,error
  407. full => notice,warning,error,debug,verbose,dtmf,fax
  408.  
  409.  
  410.  
  411.  
  412.  
  413.  
  414.  
  415.  
  416.  
  417. fail2ban-client unban 10.10.50.16
  418. fail2ban-client unban 37.139.38.15
  419.  
  420.  
  421. iptables -nL --line-numbers
  422. iptables -L -n
  423. fail2ban-client reload
  424.  
  425.  
  426. mcedit /etc/fail2ban/filter.d/asterisk.conf
  427. #################################################################################################
  428. [INCLUDES]
  429. before = common.conf
  430.  
  431. [Definition]
  432. _daemon = asterisk
  433. __pid_re = (?:\s*\[\d+\])
  434. iso8601 = \d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d+[+-]\d{4}
  435. # All Asterisk log messages begin like this:
  436. log_prefix= (?:NOTICE|SECURITY|WARNING)%(__pid_re)s:?(?:\[C-[\da-f]*\])?:? [^:]+:\d*(?:(?: in)? [^:]+:)?
  437.  
  438. prefregex = ^%(__prefix_line)s%(log_prefix)s <F-CONTENT>.+</F-CONTENT>$
  439.  
  440. failregex = ^Registration from '[^']*' failed for '<HOST>(:\d+)?' - (?:Wrong password|Username/auth name mismatch|No matching peer found|Not a local domain|Device does not match ACL|Peer is not supposed to register|ACL error \(permit/deny\)|Not a local domain)$
  441. ^Call from '[^']*' \(<HOST>:\d+\) to extension '[^']*' rejected because extension not found in context
  442. ^(?:Host )?<HOST> (?:failed (?:to authenticate\b|MD5 authentication\b)|tried to authenticate with nonexistent user\b)
  443. ^No registration for peer '[^']*' \(from <HOST>\)$
  444. ^hacking attempt detected '<HOST>'$
  445. ^SecurityEvent="(?:FailedACL|InvalidAccountID|ChallengeResponseFailed|InvalidPassword)"(?:(?:,(?!RemoteAddress=)\w+="[^"]*")*|.*?),RemoteAddress="IPV[46]/[^/"]+/<HOST>/\d+"(?:,(?!RemoteAddress=)\w+="[^"]*")*$
  446. ^"Rejecting unknown SIP connection from <HOST>(?::\d+)?"$
  447. ^Request (?:'[^']*' )?from '(?:[^']*|.*?)' failed for '<HOST>(?::\d+)?'\s\(callid: [^\)]*\) - (?:No matching endpoint found|Not match Endpoint(?: Contact)? ACL|(?:Failed|Error) to authenticate)\s*$
  448.  
  449. ignoreregex =
  450. datepattern = {^LN-BEG}
  451. journalmatch = _SYSTEMD_UNIT=asterisk.service
  452.  
  453. [lt_journal]
  454.  
  455. # asterisk can log timestamp if logs into systemd-journal (optional part matching this timestamp, gh-2383):
  456. __extra_timestamp = (?:\[[^\]]+\]\s+)?
  457. __prefix_line = %(known/__prefix_line)s%(__extra_timestamp)s
  458.  
  459. #######################################################################################################
  460.  
  461.  
  462.  
  463. ********************************************************
  464. mcedit /etc/fail2ban/jail.local
  465.  
  466. [asterisk]
  467.  
  468. enabled = true
  469. filter = asterisk
  470. action = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp]
  471. iptables-multiport[name=asterisk-udp, port="5060,5061", protocol=udp]
  472. sendmail-whois[name=Asterisk, dest=root@localhost, sender=fail2ban@localhost]
  473. logpath = /var/log/asterisk/messages.log
  474. maxretry = 3
  475. bantime = 600100
  476. *****************************************************
  477.  
  478.  
  479.  
  480.  
  481. fail2ban-client unban 37.139.38.15
  482.  
  483.  
  484. iptables -D f2b-asterisk-tcp 1
  485. iptables -D f2b-asterisk-udp 1
  486.  
  487.  
  488.  
  489.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!