On Thu, 2009-02-12 at 17:08 -0500, Jared Geiger wrote: > I saw multiple attacks from OVH.NET IP addresses over the last few > weeks as well. I have used a few of the tips in this article to secure > PBXs before as well http://nerdvittles.com/?p=580 > (fail2ban/IPTables). > > For switchvox the root account seems to have a key, not a password to > login. You can always boot in single user mode, create a new user and > add that user to the sudoers file then disable root from being able to > login via ssh.conf. > First let me say I have never used switchvox, but if its linux based then the following should apply.
can you not just get a shell? If you can you shouldnt have to boot into single user mode unless they are doing chattr stuff to only allow editing of the password file on a secure runlevel, and this is rare that its done. /etc/passwd, /etc/shadow, /etc/group, /etc/sudoers are all just text files and its easy to append a line for new users to those files, just as its easy to use the useradd/adduser programs to add users. sshd.conf is also a text file which requires sshd to restart to take effect but this usually does not drop connections already in process. This can be as simple as /etc/init.d/sshd restart or something similar. > You should be able to then setup IPTables on Switchvox as well after > going in and creating the second account. > the problem is that you would need it to know to use sudo if it doesnt, I do not know if its smart enough to say "you arent root so let me sudo this command". -- Trixter http://www.0xdecafbad.com Bret McDanel pgp key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8AE5C721
signature.asc
Description: This is a digitally signed message part
_______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz