Changing default passwords of elastix

Published by balu sreekanth on

Elastix , which is a free forked version of asterisk pbx product comes with integrated ready to use add-ons like a2billing  ( billing module for voip/telephony ) , vtigercrm  etc.,

 

After installing we must change default passwords for elastix admin , a2billing and vitigercrm admin .

This can be done easily while installation time ( with new versions ) , or after logging into the panel with default passwords( older versions).

 

But  there was serious security bug ( i think it is patched now ) with elastix , where somebody can hack  the elastix box with the default password of built in user ‘asteriskuser’  and  able to make calls.

 

Here are the steps i followed to change astersikuser password

 

Step1 :

changing  password in database

-ssh to elastixbox with root privileges

-connect to sql  console  by typing  # mysql -u root -p

-now enter the mysql root password ( you can find this in /etc/elastix.conf  and you can even change it by typing #mysqladmin -u root -p’oldpassword‘ password ‘newpassword‘)

 

mysql> show databases;
+——————–+
| Database           |
+——————–+
| information_schema |
| asterisk           |
| asteriskcdrdb      |
| meetme             |
| mya2billing        |
| mysql              |
| roundcubedb        |
| test               |
| vtigercrm510       |
+——————–+
9 rows in set (0.00 sec)

mysql> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed

mysql> set password for ‘asteriskuser’@’localhost’ = PASSWORD(‘newpassword‘);

Step2:

change asteriskuser password in /etc/amportal.conf

now run command  # /usr/src/AMP/apply_conf.sh to apply the changes

Step3:

type #grep -r “asteriskuser” /etc/asterisk/*   to find files with asteriskuser entries and change the password to newpassword

 

[root@vm2 ]# grep -r “asteriskuser” /etc/asterisk/*
/etc/asterisk/cbmysql.conf:user=asteriskuser
/etc/asterisk/cdr_mysql.conf:user = asteriskuser
/etc/asterisk/res_mysql.conf:dbuser = asteriskuser

 

 

 

*replace newpassword with your own password

 

 

 

 

 

 

Categories: VOIP

2 Comments

Jose Tapia · March 24, 2014 at 11:55 am

Thanks for the info, good advice

Reply

Jose Tapia · November 23, 2012 at 11:20 am

Thanks for the info great advice

Reply

Leave a Reply

Your email address will not be published.

Related Posts

App Development

Easy Push notification service for Asterisk and Free PBX

    By virtue of increasingly deployed IP-PBX systems in place of traditional business phone systems around the world ,using Mobile softphones to communicate with office IP PBX has become more prevalent. One of the Read more…

App Development

Configure Click to Call for Your website

These days websites become an indispensable part of marketing strategies for a  business despite of its size. Just having a website for your  business with a contact form  may not be abundant  to gain leads  Read more…

VOIP

Asterisk: Serious Network Trouble; __sip_xmit returns error for pkt data

TIP OF THE DAY : ERROR[16336]: chan_sip.c:4271 __sip_reliable_xmit: Serious Network Trouble; __sip_xmit returns error for pkt data This  error may occur on asterisk pbx when there is some issue with sending packet to remote server Read more…