Elastix , which is a free forked version of asterisk pbx product comes with integrated ready to use add-ons like a2billing  ( billing module for voip/telephony ) , vtigercrm  etc.,

 

After installing we must change default passwords for elastix admin , a2billing and vitigercrm admin .

This can be done easily while installation time ( with new versions ) , or after logging into the panel with default passwords( older versions).

 

But  there was serious security bug ( i think it is patched now ) with elastix , where somebody can hack  the elastix box with the default password of built in user ‘asteriskuser’  and  able to make calls.

 

Here are the steps i followed to change astersikuser password

 

Step1 :

changing  password in database

-ssh to elastixbox with root privileges

-connect to sql  console  by typing  # mysql -u root -p

-now enter the mysql root password ( you can find this in /etc/elastix.conf  and you can even change it by typing #mysqladmin -u root -p’oldpassword‘ password ‘newpassword‘)

 

mysql> show databases;
+——————–+
| Database           |
+——————–+
| information_schema |
| asterisk           |
| asteriskcdrdb      |
| meetme             |
| mya2billing        |
| mysql              |
| roundcubedb        |
| test               |
| vtigercrm510       |
+——————–+
9 rows in set (0.00 sec)

mysql> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed

mysql> set password for ‘asteriskuser’@’localhost’ = PASSWORD(‘newpassword‘);

Step2:

change asteriskuser password in /etc/amportal.conf

now run command  # /usr/src/AMP/apply_conf.sh to apply the changes

Step3:

type #grep -r “asteriskuser” /etc/asterisk/*   to find files with asteriskuser entries and change the password to newpassword

 

[root@vm2 ]# grep -r “asteriskuser” /etc/asterisk/*
/etc/asterisk/cbmysql.conf:user=asteriskuser
/etc/asterisk/cdr_mysql.conf:user = asteriskuser
/etc/asterisk/res_mysql.conf:dbuser = asteriskuser

 

 

 

*replace newpassword with your own password

 

 

 

 

 

 

Categories: VOIP

2 Comments

Jose Tapia · March 24, 2014 at 11:55 am

Thanks for the info, good advice

Jose Tapia · November 23, 2012 at 11:20 am

Thanks for the info great advice

Leave a Reply

Your email address will not be published.