Asterisk Integration With Openldap

LDAP integration for Asterisk

The "light weight directory" offers a means for central user administration for your network, including VoIP data.


To integration openldap with Asterisk


First Install and Configure the Openldap Server
After Installation Asterisk
In Extconfig.config do Following Changes


;     sipusers => ldap,"dc=myDomain,dc=myDomainExt",sip
;     sippeers => ldap,"dc=myDomain,dc=myDomainExt",sip
;     extensions => ldap,"dc=myDomain,dc=myDomainExt",extensions
;     sip.conf => ldap,"dc=myDomain,dc=myDomainExt",config
;      voicemail => ldap,"dc=myDomain,dc=myDomainExt",voicemail


And In res_ldap.conf

 [_general]
; Specify one of either host and port OR url.  URL is preferred, as you can
; use more options.
;host=192.168.1.1                    ; LDAP host
;port=389                                 ;Ldap port
;url=ldap://ldap3.mydomain.com:3890
;protocol=3                          ; Version of the LDAP protocol to use; default is 3.
;basedn=MyRootDN                     ; Base DN
;user=MyDN                              ; Bind DN
;pass=MyPassword                     ; Bind password


And
[config]
;
; additionalFilter - This specifies an additional set of criteria to be used
; when querying the LDAP server.
additionalFilter=(objectClass=AstConfig)
;
filename = AstConfigFilename
category = AstConfigCategory
variable_name = AstConfigVariableName
variable_value = AstConfigVariableValue
cat_metric = AstConfigCategoryMetric
commented = AstConfigCommented


[extensions]
context  =  AstExtensionContext
exten  =  AstExtensionExten
priority = AstExtensionPriority
app = AstExtensionApplication
appdata = AstExtensionApplicationData
additionalFilter=(objectClass=AstExtension)

[sip]
name = cn
amaflags = AstAccountAMAFlags
callgroup = AstAccountCallGroup
callerid = AstAccountCallerID
directmedia = AstAccountDirectMedia
context = AstAccountContext
dtmfmode = AstAccountDTMFMode
fromuser = AstAccountFromUser
fromdomain = AstAccountFromDomain
fullcontact = AstAccountFullContact
fullcontact = gecos
host = AstAccountHost
insecure = AstAccountInsecure
mailbox = AstAccountMailbox
md5secret = realmedPassword    ; Must be an MD5 hash. Field value can start with ,{md5} but it is not required.
nat = AstAccountNAT
deny = AstAccountDeny
permit = AstAccountPermit
pickupgroup = AstAccountPickupGroup
port = AstAccountPort
qualify = AstAccountQualify
restrictcid = AstAccountRestrictCID
rtptimeout = AstAccountRTPTimeout
rtpholdtimeout = AstAccountRTPHoldTimeout
type = AstAccountType
disallow = AstAccountDisallowedCodec
allow = AstAccountAllowedCodec
MusicOnHold = AstAccountMusicOnHold
regseconds = AstAccountExpirationTimestamp
regcontext = AstAccountRegistrationContext
regexten = AstAccountRegistrationExten
CanCallForward = AstAccountCanCallForward
ipaddr = AstAccountIPAddress
defaultuser = AstAccountDefaultUser
regserver = AstAccountRegistrationServer
lastms = AstAccountLastQualifyMilliseconds
additionalFilter=(objectClass=AsteriskSIPUser)


[voicemail]
context = AstAccountContext
mailbox = AstAccountMailbox
password=AstAccountPassword
email=AstAccountEmail
pager=AstAccountPager
tz=AstAccountTz
attach=AstAccountAttach
saycid=AstAccountSaycid
dialout=AstAccountDialout
callback=AstAccountCallback
review=AstAccountReview
operator=AstAccountOperator
envelope=AstAccountEnvelope
sayduration=AstAccountSayduration
saydurationm=AstAccountSaydurationm

sendvoicemail=AstAccountSendvoicemail
delete=AstAccountDelete
forcename=AstAccountForcename
forcegreetings=AstAccountForcegreetings
hidefordir=AstAccountHidefordir
stamp=AstAccountStamp


In extensions.conf
  exten => 1234,1,LDAPget(CIDNAME=cidname/${CALLERIDNUM},${CALLERIDNUM},${CALLERIDNUM})
exten => 1234,2,SetCIDName(${CIDNAME}) 

exten => 1234,3,Dial(SIP/${EXTEN},15

Asterisk Queues Log In to Database

In order to properly manage ACD queues, it is important to be able to keep track of details of call setups and teardowns in much greater detail  than traditional call detail records provide. In order to support this,
extensive and detailed tracing of every queued call is stored in the  queue log, located (by default) in /var/log/asterisk/queue_log. 

For asterisk 1.6.1Above

Create a table queue_log in MYSQL DB

CREATE TABLE `asterisk.queue_log` (
  `id` int(10) unsigned NOT NULL auto_increment,
  `time` int(10) unsigned default NULL,
  `callid` varchar(32) NOT NULL default '',
  `queuename` varchar(32) NOT NULL default '',
  `agent` varchar(32) NOT NULL default '',
  `event` varchar(32) NOT NULL default '',
  `data` varchar(255) NOT NULL default '',

  `data1` varchar(255) NOT NULL default '',
  `data2` varchar(255) NOT NULL default '', 

  `data3` varchar(255) NOT NULL default '',
  `data4` varchar(255) NOT NULL default '',
  PRIMARY KEY (`id`)
);

mysql> select * from queue_log;
+----+------------+--------------+------------------+-------+------------+-------+
| id | time       | callid       | queuename        | agent | event      | data  |
+----+------------+--------------+------------------+-------+------------+-------+
| 1  | 1198356717 | 1198356717.0 | voipsolutions.ru | NONE  | ENTERQUEUE | |serg |
| 2  | 1198356719 | 1198356717.0 | voipsolutions.ru | NONE  | ABANDON    | 1|1|2 |
+----+------------+--------------+------------------+-------+------------+-------+ 

Data field values is separated by Pipe(|) symbols 

CREATE TABLE IF NOT EXISTS `agent_status` (
 `agentId` varchar(40) NOT NULL default '',
 `agentName` varchar(40) default NULL,
 `agentStatus` varchar(30) default NULL,
 `timestamp` timestamp NULL default NULL,
 `callid` double(18,6) unsigned default '0.000000',
 `queue` varchar(20) default NULL,
 PRIMARY KEY  (`agentId`),
 KEY `agentName` (`agentName`),
 KEY `agentStatus` (`agentStatus`,`timestamp`,`callid`),
 KEY `queue` (`queue`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;


CREATE TABLE IF NOT EXISTS `call_status` (
 `callId` double(18,6) NOT NULL,
 `callerId` varchar(13) NOT NULL,
 `status` varchar(30) NOT NULL,
 `timestamp` timestamp NULL default NULL,
 `queue` varchar(25) NOT NULL,
 `position` varchar(11) NOT NULL,
 `originalPosition` varchar(11) NOT NULL,
 `holdtime` varchar(11) NOT NULL,
 `keyPressed` varchar(11) NOT NULL,
 `callduration` int(11) NOT NULL,
 PRIMARY KEY  (`callId`),
 KEY `callerId` (`callerId`),
 KEY `status` (`status`),
 KEY `timestamp` (`timestamp`),
 KEY `queue` (`queue`),
 KEY `position` (`position`,`originalPosition`,`holdtime`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

And then Created a trigger on the DB asterisk

DROP TRIGGER IF EXISTS `asterisk`.`queueEvents`;
DELIMITER //
CREATE TRIGGER `asterisk`.`queueEvents` BEFORE INSERT ON `asterisk`.`queue_log`
FOR EACH ROW BEGIN
 IF NEW.event = 'ADDMEMBER' THEN
   INSERT INTO agent_status (agentId,agentStatus,timestamp,callid) VALUES

 (NEW.agent,'READY',NEW.time,NULL) ON DUPLICATE KEY UPDATE agentStatus = "READY", timestamp = NEW.time, callid = NULL; 
 ELSEIF NEW.event = 'REMOVEMEMBER' THEN
   INSERT INTO `agent_status` (agentId,agentStatus,timestamp,callid) VALUES 

(NEW.agent,'LOGGEDOUT',NEW.time,NULL) ON DUPLICATE KEY UPDATE agentStatus = "LOGGEDOUT", timestamp = NEW.time, callid = NULL;
 ELSEIF NEW.event = 'PAUSE' THEN
   INSERT INTO agent_status (agentId,agentStatus,timestamp,callid) VALUES

 (NEW.agent,'PAUSE',NEW.time,NULL) ON DUPLICATE KEY UPDATE agentStatus = "PAUSE", timestamp = NEW.time, callid = NULL; 
 ELSEIF NEW.event = 'UNPAUSE' THEN
   INSERT INTO `agent_status` (agentId,agentStatus,timestamp,callid) VALUES

 (NEW.agent,'READY',NEW.time,NULL) ON DUPLICATE KEY UPDATE agentStatus = "READY", timestamp = NEW.time, callid = NULL;
 ELSEIF NEW.event = 'ENTERQUEUE' THEN
   REPLACE INTO `call_status` VALUES (NEW.callid,replace(replace(substring(substring_index(NEW.data, '|', 2), length(substring_index(New.data, '|', 2 - 1)) + 1), '|', ''), '|', ''),'inQue',NEW.time,NEW.queuename,'','','','',0);
 ELSEIF NEW.event = 'CONNECT' THEN
   UPDATE `call_status` SET callid = NEW.callid,status = NEW.event,timestamp = NEW.time,queue = NEW.queuename,holdtime = 

replace(substring(substring_index(NEW.data, '|', 1), length(substring_index(NEW.data, '|', 1 - 1)) + 1), '|', '') where callid = NEW.callid;
INSERT INTO agent_status (agentId,agentStatus,timestamp,callid) VALUES(NEW.agent,NEW.event,NEW.time,NEW.callid)ON DUPLICATE KEY UPDATEagentStatus = NEW.event,timestamp = NEW.time,callid = NEW.callid;
 ELSEIF NEW.event in ('COMPLETECALLER','COMPLETEAGENT') THEN
   UPDATE `call_status` SET callid = NEW.callid,status = NEW.event,timestamp = NEW.time,queue = NEW.queuename,originalPosition =

 replace(substring(substring_index(NEW.data, '|', 3), length(substring_index(NEW.data, '|', 3 - 1)) + 1), '|', ''),holdtime = 

replace(substring(substring_index(NEW.data, '|', 1), length(substring_index(NEW.data, '|', 1 - 1)) + 1), '|', ''),callduration = replace(substring(substring_index(NEW.data, '|', 2), length(substring_index(NEW.data, '|', 2 - 1)) + 1), '|', '') 

where callid = NEW.callid;
INSERT INTO agent_status (agentId,agentStatus,timestamp,callid) VALUES (NEW.agent,NEW.event,NEW.time,NULL) ON DUPLICATE KEY 

UPDATE agentStatus = "READY", timestamp = NEW.time, callid = NULL;
 ELSEIF NEW.event in ('TRANSFER') THEN
   UPDATE `call_status` SET callid = NEW.callid,status = NEW.event,timestamp = NEW.time,queue = NEW.queuename,holdtime = replace(substring(substring_index(NEW.data, '|', 1), length(substring_index(NEW.data, '|', 1 - 1)) + 1), '|', ''),callduration =

 replace(substring(substring_index(NEW.data, '|', 3), length(substring_index(NEW.data, '|', 3 - 1)) + 1), '|', '') where callid = NEW.callid;
INSERT INTO agent_status (agentId,agentStatus,timestamp,callid) VALUES(NEW.agent,'READY',NEW.time,NULL)ON DUPLICATE KEY 

UPDATE agentStatus = "READY",timestamp = NEW.time,callid = NULL;
 ELSEIF NEW.event in ('ABANDON','EXITEMPTY') THEN 
   UPDATE `call_status` SET callid = NEW.callid,status = NEW.event,timestamp = NEW.time,queue = NEW.queuename,position = replace(substring(substring_index(NEW.data, '|', 1), length(substring_index(NEW.data, '|', 1 - 1)) + 1), '|', ''),originalPosition = 

replace(substring(substring_index(NEW.data, '|', 2), length(substring_index(NEW.data, '|', 2 - 1)) + 1), '|', ''),holdtime = replace(substring(substring_index(NEW.data, '|', 3), length(substring_index(NEW.data, '|', 3 - 1)) + 1), '|', '') 

where callid = NEW.callid;
 ELSEIF NEW.event = 'EXITWITHKEY'THEN 
   UPDATE `call_status` SET callid = NEW.callid,status = NEW.event,timestamp = NEW.time,queue = NEW.queuename,position = replace(substring(substring_index(NEW.data, '|', 2), length(substring_index(NEW.data, '|', 2 - 1)) + 1), '|', ''),keyPressed =

 replace(substring(substring_index(NEW.data, '|', 1), length(substring_index(NEW.data, '|', 1 - 1)) + 1), '|', '') where callid = NEW.callid;
 ELSEIF NEW.event = 'EXITWITHTIMEOUT' THEN 
   UPDATE `call_status` SET callid = NEW.callid,status = NEW.event,timestamp = NEW.time,queue = NEW.queuename,position = 

replace(substring(substring_index(NEW.data, '|', 1), length(substring_index(NEW.data, '|', 1 - 1)) + 1), '|', '') 

where callid = NEW.callid;
END IF;
 END
//
DELIMITER ;

Configuration of Digium TE110p with Asterisk With Difference E1 Provider

E1 is a physical layer protocol, like ethernet. It defines a 2Mbps link between two endpoints.

T1 is similar to E1. It is used in North America and is 1.544Mbps
A more in depth difference between the two can be found here

A J1 card is the Japanse version of a T1. (the tiny differences between T1 and J1 can be found here

Both T1 and E1 can be used to transmit data or voice, or a mixture of both.

For example: if an E1 is reserved for voice channels only, the 2mbit will be split into 32 64Kbps telephone channels. 30 of these channels can carry one telephone conversation each, and 2 carry signalling and timing information.

A t1 could carry 24 telephone channels, each of which can carry a telephone conversation.

Please note that in the states, its a common practice for carriers to offer fractional T1s, these have only some of the 24 channels provisoned.

Lets have a look at the supported audio operating modes:

Supported Audio Modes on E1/T1:

There are a number of protocols which can run on top of E1.
These protocols are grouped into 3 big subgroups, CAS, CCS, RBS.
Lets have a closer look on these subgroups:


a) CAS signalling

CAS stands for Channel Associated Signalling. Examples are FXS
loop start and E&M wink start. These protocols provide information such as the number that was called, and what state the call is in. They're limited in what information they can carry, and are slow to set up.

With this kind of signalling, a set of bits is used to replicate opening and closing the circuit (as if picking up the telephone receiver and pulsing digits on a rotary phone), or using tone signalling which is passed through on the voice circuits themselves

CAS is the original signaling system used by E1. In CAS, channel 16 is reserved for signaling. In recent years, the term RBS has been replaced by CAS which is now used to refer to bits that are associated with a specific channel whether it is in the T1 or E1 format.

Different subprotocols are:

- E&M

- Wink (this might be only RBS, if you know this for sure, please leave a comment.)
- Feature Group B
- Feature Group D

- FXO & FXS: this seems to only use CAS on E1's

- Ground Start
- Loop Start
- Loop Start with Disconnect Detect

CCS signalling

Common Channel signalling: A more recent kind of signalling, which resolves the problems associated with CAS signalling. In this kind of signalling, short messages are sent over the signalling channel, with more information about the call, including caller ID, type of transmission required, etc. etc.

CCS is used by either T1 or E1 and refers to a system that does not use a specific bit structure for signaling. Instead, all or part of a channel is used to pass messages between two systems to indicate how a channel is being used.

CCS is used by either T1 or E1 and refers to a system that does not use a specific bit structure for signaling. Instead, all or part of a channel is used to pass messages between two systems to indicate how a channel is being used. This type of system is commonly found in ISDN which uses a D channel to pass messages.

ISDN signalling and ss7 signalling are a subgroup of CCS signalling.

- ISDN (PRI CPE & PRI NET)

ISDN uses one channel (called the D channel) for signalling call information. On E1, this is one of the 2 signalling channels, leaving 30 channels for voice (called B channels). On T1, there aren't any spare signalling channels, so one of the voice channels is used, leaving 23 B channels for voice.

A PRI (Primary Rate ISDN) is simply an E1 or T1 with ISDN on top of it. ISDN gives fast, reliable call setup and hangup detection, and detailed information about the call. In the UK, PRI is also called ISDN30.

An important extension to ISDN is Q.SIG, which provides extra signalling information that is used when connecting PBX systems.

Currently, asterisk has limited support for Q.SIG, it can make and receive calls and retrieve some of the extra information.

- On E1, EuroISDN is the standard for ISDN signalling.

- On T1, there are different standards from different providers:

- NI1
- NI2
- 4ESS (AT&T)
- 5ESS (Lucent)
- DMS100

- SS7

RBS: Robbed Bit Signalling

RBS is the original signaling system used by T1 and provides either 2 or 4 signaling bits per channel depending on the multiframe format. In recent years, the term RBS has been replaced by CAS which is now used to refer to bits that are associated with a specific channel whether it is in the T1 or E1 format.

- E&M

- Wink
- Feature Group B
- Feature Group D

- FXO & FXS: this seems to only use RBS on T1's

- Ground Start
- Loop Start
- Loop Start with Disconnect Detect

Framing

AMI, B8ZS, and HDB3 are different types of line coding used in T1 and E1 communications systems. AMI stands for alternate mark inversion and is used in both T1 and E1 systems. B8ZS stands for Bipolar with 8 Zeros Substitution and is used in T1 systems while HDB3 stands for High-Density Bipolar 3 and is used in E1 systems.

- HDB3: High-Density Bipolar 3 -> E1 only
- AMI: Aternate Mark Inversion -> E1 and T1, the T1 version exists with both ESF (extended super frame) and SF (super frame)
- B8ZS: Bipolar with 8 Zeros Substitution -> T1 only, exists with both ESF (extended super frame) and SF (super frame)

What signalling and framing should i ask my carrier?

Timing or clock sources

A T1/E1 connection needs a timing device on one of both ends.
A T1/E1 line can be clocked internally or can be clocked by the telco.

Asterisk Compatible E1/T1 cards

available cards

Digium:

- TE110p: 1 port T1/E1 for use in 3.3 or 5 volt pci slots.
- TE205p: 2 port T1/E1 for use in 5 volt pci slots
- TE210p: 2 port T1/E1 for use in 3.3 volt pci slots
- TE405p: 4 port T1/E1 for use in 5 volt pci slots
- TE410p: 4 port T1/E1 for use in 3.3 volt pci slots
- TE406p: 2nd generation 4 port T1/E1 for use in 5 volt pci slots, with hardware DTMF recognition and echo cancellation. (now discontinued, but still supported)
- TE411p: 2nd generation 4 port T1/E1 for use in 3.3 volt pci slots, with hardware DTMF recognition and echo cancellation. (now discontinued, but still supported)
- TE407p: 3rd generation 4 port T1/E1 for use in 5 volt pci slots, with octasic hardware DTMF recognition and echo cancellation.
- TE412p: 3rd generation 4 port T1/E1 for use in 3.3 volt pci slots, with octasic hardware DTMF recognition and echo cancellation.

- Tormenta 2: Discontinued cards based on the open source project zapatatelephony
These cards were known as: Wildcard T100P, T400P, E100P, E400P

intel

- Dialogic D/41JCT-LS: quad t1/e1 board, requires additional (paid) drivers from digium to make it work.

sangoma

- A101: One port T1/E1 card
- A102 :Two port T1/E1 card
- A104: Four port T1/E1 card

varion

- V400P-E: 4 port E1 card, based on the open source zapata telephony project.
These are the same cards as the discontinued digium cards.

- V400P-T: 4 port E1 card, based on the open source zapata telephony project.
These are the same cards as the discontinued digium cards.

Eikon

- none public available yet.

What card should you pick ?

I recommend against using cards based on the tormenta project, they are way older and take up a lot more cpu. (and their development seems stalled).

The newest digium cards (TE406p and TE411p) as well as the latest firmware versions of the te405p and te410p are optimized for speed.

Only the digium TE406p and the digiun TE411p have hardware echo cancellation, causing a big difference in cpu usage. But this comes at a slightly higher cost.

If you need the 40% speed gain with on board echo cancellers, go for these cards, otherwise go for the cheaper te410p or te405p. (or the 1 or 2 port versions).

It is said on the mailinglists that the hardware echo canceller also has better quality than the echo cancellation done in software. (I can confirm nor deny this claim - it's based on a single source).

Asterisk E1/T1 channel drivers

There are two ways to get the E1/T1 cards to work:

First one is chan_zap (requires the zaptel kernel modules), this is recommended for all digium + sangoma cards.

The second one is chan_mISDN (requires the mISDN kernel patches)

This is probably only usefull for eicon cards. chan_misdn is written for BRI cards, but also supports some E1/T1 cards.

Building, installing and configuring asterisk with E1/T1 cards

We will only discuss using chan_zap for now (its the only recommended thing to do).

Tata IndiCom Provider

Cross cable with tata indicom PRI line

Few Things  need to Conform from Provider

• check with your provider if CRC is on
• signaling type
• Cross Cable or not 

 Configuration In 

     zaptel.conf

   span=1,1,0,ccs,hdb3
   bchan=1-15,17-31
   dchan=16
   loadzone=uk
   defaultzone=uk 

   zapata.conf
   [trunkgroups]

   [channels]

   language=en
   context=from-zaptel
   switchtype=euroisdn
   pridialplan=unknown
   priindication=outofband
   usecallerid=yes
   hidecallerid=no
   callwaiting=yes
   usecallingpres=yes
   threewaycalling=yes
   transfer=yes
   cancallforward=yes
   callreturn=yes
   callgroup=1
   pickupgroup=1
   immediate=no
   echotraining=800
   echocancel=yes
   echocancelwhenbridged=no
   relaxdtmf=yes
   musiconhold=default
   immediate=no
   txgain=0.0
   rxgain=0.0
   group=1
   signalling=pri_cpe
   channel=>1-15,17-31
   overlapdial=yes 

Hardware Configuration for  TE110 digium card or Sangoma A101 card 

2 CPU dual core Xeon 2.6/3.0 Ghz
4 GB RAM
15 k RPM SAS 4 disks raid 10 or 2 disks raid 1 or single disk raid 0( for recordings) or SATA disk for no recordings
1000 mbps ethernet NIC

The motherboard should have a PCI 3.3v/5v slot depending on the card or you may need to get a PCI express card or a PCI riser card, order the card after u check the PCI slots on the board 


Airtel

E1 PRI working perfectly fine..


/etc/dahdi/system.conf

loadzone = uk
defaultzone = uk
span = 1,1,0,ccs,hdb3,crc4
bchan = 1-15,17-31
dchan = 16

/etc/asterisk/chan_dahdi.conf

[trunkgroups]

[channels]
context=airtel
switchtype=euroisdn
pridialplan=unknown
;prilocaldialplan=unknown
;overlapdial=yes
signalling=pri_cpe
;rxwink=300 ; Atlas seems to use long (250ms) winks
usecallerid=yes
hidecallerid=no
callwaiting=yes
usecallingpres=yes
callwaitingcallerid=yes
threewaycalling=yes
;transfer=yes
canpark=yes
cancallforward=yes
callreturn=yes
echocancel=no
echocancelwhenbridged=no
rxgain=0.0
txgain=0.0
group=1
inbanddisconnect=yes
callgroup=1
pickupgroup=1
immediate=no
channel => 1-15,17-31  

 

FTP Server Installation and Configuration In Linux Server

Linux comes with various ftp servers to setup FTP service such as:

• proftpd - Versatile, virtual-hosting FTP daemon 
• vsftpd - The Very Secure FTP Daemon
• ftpd - FTP server
• wu-ftpd - powerful and widely used FTP server
• wzdftpd - A portable, modular, small and efficient ftp server
• pure-ftpd - Pure-FTPd FTP server

Install and Configuration of vsftpd 

In centos 

yum install vsftpd 

Configure /etc/vsftpd/vsftpd.conf

# Allow anonymous FTP?
anonymous_enable=YES
...
# The directory which vsftpd will try to change
# into after an anonymous login. (Default = /var/ftp)
anon_root=/data/directory
...
# Uncomment this to allow local users to log in.
local_enable=YES
...
# Uncomment this to enable any form of FTP write command.
# (Needed even if you want local users to be able to upload files)
write_enable=YES
...
# Uncomment to allow the anonymous FTP user to upload files. This only
# has an effect if global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
...
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
...
# Activate logging of uploads/downloads.
xferlog_enable=YES
...
# You may override where the log file goes if you like.
# The default is shown below.
xferlog_file=/var/log/vsftpd.log

...

anon_root=/data/directory   the root directory that visitors will visit

  

FTP Security  

In /etc/vsftpd/ftpusers 

 For added security, you may restrict FTP access to certain users by adding them to the list of users in the /etc/vsftpd.ftpusers file. The VSFTPD package creates this file with a number of entries for privileged users that normally shouldn't have FTP access. As FTP doesn't encrypt passwords, thereby increasing the risk of data or passwords being compromised, it is a good idea to let these entries remain and add new entries for additional security

Anonymous Upload

If you want remote users to write data to your FTP server, then you should create a write-only directory within /var/ftp/pub. This will allow your users to upload but not access other files uploaded by other users

. The commands you need are:

# mkdir /var/ftp/pub/upload
# chmod 722 /var/ftp/pub/upload

FTP Greeting Banner

Change the default greeting banner in the vsftpd.conf file to make it harder for malicious users to determine the type of system you have. The directive in this file is. 

ftpd_banner= New Banner Here

Start VSFTP 

service vsftpd start

 

 

 

Monitoring the Linux Server Using Nagios

 How to" install, configure and secure your monitoring server the most simply possible.

• Download the nagios and plugins
• Take care of the prerequisites
• Create user and group for nagios
• Install nagios
• Configure the web interface
• Compile and install nagios plugins
• Start Nagios
• Login to web interface

Download the nagios and plugins

from the website : http://www.nagios.org/download/core/thanks/

Take care of the prerequisites

yum install gcc gd

Create user and group for nagios

useradd nagios

groupadd nagios

usermod -G nagios nagios

usermod -G nagios apache

Install nagios

tar xvf nagios-3.x.x.tar.gz

cd nagios

/configure --with-command-group=nagios

make all

make install

make install-config

make install-commandmode

Configure the web interface.

make install-webconf

htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

Compile and install nagios plugins

tar xvf nagios-plugins-1.4.xx.tar.gz

cd nagios-plugins

./configure --with-nagios-user=nagios --with-nagios-group=nagios

make

make install

Start Nagios

chkconfig --add nagios

chkconfig nagios on

command line

/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

service nagios start

Login to web interface

http://localhost/nagios/

Configuration File located at /usr/local/nagios/etc/

• nagios.cfg – This is the primary Nagios configuration file where lot of global parameters that controls the nagios can be defined.
• cgi.cfg - This files has configuration information for nagios web interface.
• resource.cfg – If you have to pass some sensitive information (username, password etc.) to a plugin to monitor a specific service, you can define them here. This file is readable only by nagios user and group.

Following are the other configuration files under /usr/local/nagios/etc/objects directory:

• contacts.cfg: All the contacts who needs to be notified should be defined here. You can specify name, email address, what type of notifications they need to receive and what is the time period this particular contact should be receiving notifications etc.
• commands.cfg – All the commands to check services are defined here. You can use $HOSTNAME$ and $HOSTADDRESS$ macro on the command execution that will substitute the corresponding hostname or host ip-address automatically.
• timeperiods.cfg – Define the timeperiods. for e.g. if you want a service to be monitored only during the business hours, define a time period called businesshours and specify the hours that you would like to monitor.
• templates.cfg – Multiple host or service definition that has similar characteristics can use a template, where all the common characteristics can be defined. Use template is a time saver.
• localhost.cfg – Defines the monitoring for the local host. This is a sample configuration file that comes with nagios installation that you can use as a baseline to define other hosts that you would like to monitor.
• printer.cfg – Sample config file for printer
• switch.cfg – Sample config file for switch
• windows.cfg – Sample config file for a windows machine

 

 

 

 

 

 

Asterisk Channels Chanspy and Barging for Manager To Monitor the Agents

Allows eavesdropping on a conversation on any specified channel (this is different from ZapBarge()/ZapScan() which are bound to Zap channels only). Note that this application only listens on single channels, rather than the conversation per se, even though it does capture incoming and outgoing audio on the channel.

Chanspy([][,])

Valid Options:
- b: Only spy on channels involved in a bridged call.
- g(grp): Match only channels where their ${SPYGROUP} variable is set to contain 'grp' in an optional : delimited list.
- q: Don't play a beep when beginning to spy on a channel, or speak the selected channel name.
- r[(basename)]: Record the session to the monitor spool directory. An optional base for the filename may be specified.
  The default is 'chanspy'.    
- v([value]): Adjust the initial volume in the range from -4 to 4. A negative value refers to a quieter setting.

Since 1.4:
- w Enable 'whisper' mode, so the spying channel can talk to the spied-on channel.
- W Enable 'private whisper' mode, so the spying channel can talk to the spied-on
  channel but cannot listen to that channel.  

Since 1.6 

  -b :Only spy on channels involved in a bridged call

   -d  :Override the typical numeric DTMF functionality and instead  use DTMF to switch between spy modes

            4 -spy mode

            5 -wispher mode

            6 -Bridge mode

 -g :Only spy on channels in which one or more of the groups listed ingrp            matches one or more groups from the SPYGROUP  variable set on the channel to be spied upon.

-n :Say the name of the person being spied on if that person has recorded his/her name. If a context is             specified, then that voicemail context will be searched when retrieving the name, otherwise the default contextbe used when searching for the name (i.e. if SIP/1000 is the channel being
           spied on and no mailbox is specified, then1000 will be used when searching for the name).

-q : Don't play a beep when beginning to spy on a channel, or speak the selected channel name.

-r :Record the session to the monitor spool directory. An optional base for the filename  may be specified. The default is chanspy.

-v : Adjust the initial volume in the range from -4  to 4. A negative value refers to a quieter setting.

-o:Only listen to audio coming from this channel

-X:Allow the user to exit ChanSpy to a valid single digit numeric extension in the current context or the context specified by the SPY_EXIT_CONTEXT channel variable. The name of the last channel that was spied on will be stored in the SPY_CHANNEL variable.

-s :Skip the playback of the channel type (i.e. SIP, IAX, etc) when speaking the selected channel name

-e :Enable enforced mode, so the spying channel can only monitor extensions whose name is in the ext

-B:Instead of whispering on a single channel barge in on both channels involved in the call.

exten => 007,1,ChanSpy(SIP/${EXTEN}|dq)

Linux Monitoring Tools

Need to monitor Linux server performance? Try these built-in command and a few add-on tools. Most Linux distributions are equipped with tons of monitoring. These tools provide metrics which can be used to get information about system activities. You can use these tools to find the possible causes of a performance problem. The commands discussed below are some of the most basic commands when it comes to system analysis and debugging server

Monitoring the system:

pstree	Processes and parent-child relationships
top	Show top processes
iostat	Report CPU statistics and input/output statistics for devices and partitions.
ps -auxw	process status
uname -a	print system information
cat /proc/version	Display Linux kernel version in use.
cat /etc/redhat-release	Display Red Hat Linux Release. (also /etc/issue)
uptime	Tell how long the system has been running. Also number of users and system's load average.
w	Show who is logged on and what they are doing.
/sbin/lsmod	List all currently loaded kernel modules. Same as cat /proc/modules
/sbin/runlevel	Displays the system's current runlevel.
hostname	Displays/changes the system's node name. (Must also manually change hostname setting in /etc/sysconfig/network. Command will change entry in /etc/hosts)
service	Red Hat/Fedora command to display status of system services. Example: service --status-all Help: service --help

Process Management:

• pstree -p
  OR
• ps -auxw
  OR
• top
• kill <process-id-number>
• killall <command-name>

Memory Usage:

vmstat	Monitor virtual memory
free	Display amount of free and used memory in the system. (Also: cat /proc/meminfo)
pamp	Display/examine memory map and libraries (so). Usage: pmap pid
top	Show top processes
sar -B	Show statistics on page swapping.
time -v date	Show system page size, page faults, etc of a process during execution. Note you must fully qualify the command as "/usr/bin/time" to avoid using the bash shell command "time".
cat /proc/sys/vm/freepages	Display virtual memory "free pages". One may increase/decrease this limit: echo 300 400 500 > /proc/sys/vm/freepages
cat /proc/meminfo	Show memory size and usage.

 

  Filesystems and Storage Devices:

df -k	report filesystem disk space usage. (-k reports in Kbytes)
du -sh	Calculates file space usage for a given directory. (and everything under it) (-s option summarizes)
mount	Displays all mounted devices, their mount point, filesystem, and access. Used with command line arguments to mount file system.
cat /proc/filesystems	Display filesystems currently in use.
cat /proc/mounts	Display mounted filesystems currently in use.
showmount	Displays mount info for NFS filesystems.
cat /proc/swaps	Displays swap partition(s) size, type and quantity used.
cat /proc/ide/hda/any-file	Displays disk information held by kernel.

• cfdisk - Curses based disk partition table manipulator. (very nice)
• fdisk- Manipulate/configure the partition table.
• sfdisk - Manipulate/configure the partition table.
• fsck - Manipulate/configure the partition table. 

User Info:

who	Displays currently logged in users. Use who -uH for idle time and terminal info.
w	Displays currently logged in users and processes they are running.
whoami	Displays user id.
groups	Display groups you are part of. Use groups user-id to display groups for a given user.
set	Display all environment variables in your current environment.
id	Display user and all group ids. Use id user-id to display info for another user id.
last	Listing of most recent logins by users. Show where from, date and time of login (ftp, ssh, ...) Also see lastlog command. Show last 100 logins: last -100
history	Shell command to display previously entered commands.

Virtualization Software on CentOS using Xen

Xen is a free open source software virtual machine monitor for Intel / PowerPC architectures. It is software that runs on a host operating system and allows several guest operating systems to be run on top of the host on the same computer hardware at the same time (just like VMWare software). Luckily Installing and managing XEN is quite easy under CentOS 5 Linux.

Xen lets you create guest operating systems (*nix operating systems like Linux and FreeBSD), so called "virtual machines" or domUs, under a host operating system (dom0). Using Xen you can separate your applications into different virtual machines that are totally independent from each other (e.g. a virtual machine for a mail server, a virtual machine for a high-traffic web site, another virtual machine that serves your customers' web sites, a virtual machine for DNS, etc.), but still use the same hardware. This saves money, and what is even more important, it's more secure. If the virtual machine of your DNS server gets hacked, it has no effect on your other virtual machines. Plus, you can move virtual machines from one Xen server to the next one.

I will use CentOS 5.0 (i386) for both the host OS (dom0) and the guest OS (domU).

yum install xen virt-manager kernel-xen

chkconfig xend on

reboot

Before Reboot

Change the file /boot/grub/menu.lst then you should probably use

to default =0

After Login

type command

uname -r

2.6.18-8.1.4.el5xen

Xen commands

xm list

CentOS comes with a nice tool called virt-install with which we can create virtual machines for Xen. To start it, we simply run

virt-install

What is the name of your virtual machine? <-- vm01

How much RAM should be allocated (in megabytes)? <-- 256

What would you like to use as the disk (path)? <-- /vm/vm01.img

How large would you like the disk (/vm/vm01.img) to be (in gigabytes)? <-- 4

Would you like to enable graphics support? (yes or no) <-- no

What is the install location? <-- http://wftp.tu-chemnitz.de/pub/linux/centos/5.0/os/i386

virt-install has created the vm01 configuration file /etc/xen/vm01 for us (in dom0).

It should look like this: # Automatically generated xen

config file name = "vm01" memory = "256" disk = [ 'tap:aio:/vm/vm01.img,xvda,w', ] vif = [ 'mac=00:16:3e:13:e4:81, bridge=xenbr0', ] uuid = "5aafecf1-dd66-401d-69cc-151c1cb8ac9e" bootloader="/usr/bin/pygrub" vcpus=1 on_reboot = 'restart' on_crash = 'restart'

to login into

vm01 xm console vm01

To shut down vm01,

do this: xm shutdown vm01

To start vm01 again,

run xm create /etc/xen/vm01

If you want vm01 to start automatically at the next boot of the system,

then do

this: ln -s /etc/xen/vm01 /etc/xen/auto

Here are the most important Xen commands:

xm create -c /path/to/config - Start a virtual machine. xm shutdown - Stop a virtual machine.
xm destroy - Stop a virtual machine immediately without shutting it down. It's as if you switch off the power button.
xm list - List all running systems.
xm console - Log in on a virtual machine.

Linux BackUp Tools

If you’ve ever lost data due to a system crash, you know how crucial backing up important files can be. Here are 5 Linux Backup Solutions you should check out. I recommend you implement at least one of these Linux Backup Solutions before it’s too late.

rsync

There are tons of Linux users and administrators out there who have customized rsync scripts to handle incremental backups automatically on a daily, weekly, or monthly schedule. From the manual, rsync is described as a program that behaves in much the same way that rcp does, but has many more options and uses the rsync remote-update protocol to greatly speed up file transfers when the destination file is being updated. The rsync remote-update protocol allows rsync to transfer just the differences between two sets of files across the network connection, using an efficient checksum-search algorithm described in the technical report that accompanies this package.

In centos

yum -y install rsync xinetd

Add xinetd service to system

# chkconfig --add xinetd

Make sure xinetd running on init 3 and 5

# chkconfig --list xinetd

Enable rsync

# vi /etc/xinetd.d/rsync

Change disable = yes into disable = no

Create username and password for rsync client to use

# vi /etc/rsyncd.secrets

root:hispassword

Create configuration and shares for rsync daemon

# vi /etc/rsyncd.conf

———————-

max connections = 2

log file = /var/log/rsync.log

timeout = 300

[shares]

comment = shared data stored here

path = /home/adminname/shares

read only = false

list = yes

uid = root

gid = root

auth users = root

secrets file = /etc/rsyncd.secrets

hosts allow = mac1.hostname.com mac2.hostname.com mac3.hostname.com

———————-

Secure /etc/rsyncd.*

# chown root.root /etc/rsyncd.*

# chmod 600 /etc/rsyncd.*

Restart xinetd

# service xinetd restart

Make sure rsync now running

# chkconfig --list

testing

rsync -a -e ssh /www/backup.tar.gz root@mac2.hostname.com:/home/backup

mondorescue

Mondorescue backs up your GNU/Linux server or workstation to tape, CD-R, CD-RW, DVD-R[W], DVD+R[W], NFS or hard disk partition. In the event of catastrophic data loss, you will be able to restore all of your data [or as much as you want], from bare metal if necessary. Personally, I like using Mondorescue to create DVD disk images of my system periodically. Upon initial installation and configuration of my Linux or Windows machine, I create a DVD disk image with Mondo so that if anything ever gets screwed up, I can pop in the DVD disk and restore back to my original configuration. The mondorescue team is great and the lead developers of the project are very active on the public mailing list offering help to normal users whenever needed.

For CentOS Downloads

http://mondorescue.muskokamug.org/rhel/5/

rpm -ivh afio

rpm -ivh buffer

yum install mkisofs

rpm -ivh mindi-busybox

rpm -ivh mindi

rpm –ivh mondo

After Installation

Rum commands mondoarchive

Amanda

AMANDA, the Advanced Maryland Automatic Network Disk Archiver, is a backup system that allows the administrator to set up a single master backup server to back up multiple hosts over network to tape drives/changers or disks or optical media. Amanda uses native dump and/or GNU tar facilities and can back up a large number of workstations running multiple versions of Unix. Amanda uses Samba or Cygwin to back up Microsoft Windows desktops and servers.

For CentOS

Step 1:

yum -y install amanda*

Step 2:

after install Modify

/etc/xinetd.d/amanda

/etc/xinetd.d/amandaidx

/etc/xinetd.d/amidxtape

Change Disable = yes to Disable = no.

Step 3:

cp -r /etc/amanda/DailySet1 /etc/amanda/intra

Step 4:

Edit Your Amanda.conf file

/etc/amanda/intra/amanda.conf

Step 5:

Edit /etc/amanda/intra/disklist

Step 6:

Edit hosts file: /etc/hosts

Step 7:

Create backup directory

mkdir -p -m 770 /backup/intra/slots

chown -R amanda:disk /backup

Step 8:

Create tape File

touch /etc/amanda/intra/tapelist

Step 9:

Create slots

su - amanda

cd /backup/intra/slots

for ((i=1; $i<=15; i++)); do mkdir slot$i; done

ln -s slot1 data

Step 10:

Test virtual tapes:

/usr/sbin/ammt -f file:/backup/intra/slots status

Step 11:

Edit .amandahosts to allow communications from clients:

/var/lib/amanda/.amandahosts

Step 12:

Start service

service xinetd start

chkconfig --list

BroadCast Voice message through Asterisk

Broad casting Message through Asterisk

Creating a call file to call 1000 context default in the sip.conf file

; set the caller ID to sales call placing the call

; A correct Caller ID may be required when using some VOIP to PSTN gateway services.

;

; cat < /var/spool/asterisk/tmpoutgoing

; Channel: SIP/1000

; Callerid: sales call

; MaxRetries: 5

; RetryTime: 300

; WaitTime: 45

; Context: default

; Extension: 1234

; Priority: 1

; EOF

; mv /var/spool/asterisk/tmp01 /var/spool/asterisk/outgoing





This is a sample section from an extensions.conf file showing how to auto-dial an outbound కాల్



[default]



exten=> 1234,1,Answer()

exten => 1234,2,Wait(1)

exten => 1234,3,Background(welcome to company)         ; "play outbound msg"

exten => 1234,4,Background(preview )   ; "Press 1 to replay or 2 to acknowledge receiving this మెసేజ్ ప్రెస్ ౯ తో కాంటాక్ట్ యువర్ agent"

exten => 1,1,Goto(default ,1234,3)   ; replay message

exten => 2,1,Goto(bye,1,1) ; acknowledge message

exten => t,1,Playback(vm-goodbye) timeout  play bye

exten => t,2,hangup hangup





[bye]



exten=> 1,Playback(thank u for your valuable time)

exten=> 2,palyback(goodbye)

exten => 3,Hangup()





If you have good knowledge in agi scripting



through orignate commands



Agi scritping using agi::asterisk and net ::telenet



#!/usr/bin/perl





# Namespace Declarartion

#####################################################################################################

use Asterisk::AGI;

use Net::Telnet;



$US='_';

######################################################################################################



$AGI = new Asterisk::AGI;



 $|=1;

while() {

       chomp;

       last unless length($_);

       if ($V)

      {



               if (/^agi_(\w+)\:\s+(.*)$/)

               {

                      $AGI{$1} = $2;

               }

       }



       if (/^agi_uniqueid\:\s+(.*)$/)          {$unique_id = $1;}

       if (/^agi_channel\:\s+(.*)$/)           {$channel = $1;}

       if (/^agi_extension\:\s+(.*)$/)         {$extension = $1;}

       if (/^agi_type\:\s+(.*)$/)              {$type = $1;}

       if (/^agi_callerid\:\s+(.*)$/)          {$callerid = $1;}

       if (/^agi_context\:\s+(.*)$/)           {$context = $1;}



}







&Originate();





sub Originate

{



	$Username       = "cron";

	$Secret         = "1234";

	$MyPhone        = "SIP/1000";

	$MyPhoneEscaped = "SIP\\/1000";



	# Connect to localhost via telnet on the Asterisk manager port.

	$TelnetClient = new Net::Telnet (Timeout => 10,

									 Errmode => "die",

					  Host    => "localhost",

					  Port    => 5038);



	# Login with our username and secret.

	$TelnetClient->open  ();

	$TelnetClient->print ("Action: Login");

	$TelnetClient->print ("Username: $Username");

	$TelnetClient->print ("Secret: $Secret");

	$TelnetClient->print ("");



	# Check for login success.

	($Prematch, $Match) = $TelnetClient->waitfor ("/Message: .*/");





	if (($Prematch =~ m/Success/) && ($Match =~ m/Authentication/)) {

	  print "Good authentication.\n";

	}

	else {

	  print "Authentication failed.\n";

	  exit;

	} 





    print "Dialing $CurrentNumber...\n";

   $TelnetClient->print ("Action: Originate");

   $TelnetClient->print ("Channel: $MyPhone");

   $TelnetClient->print ("Exten: 1234");

   $TelnetClient->print ("Priority: 2");

   $TelnetClient->print ("Callerid: \"nagarjuna\" <$CurrentNumber>");

   $TelnetClient->print ("");



   ($Prematch, $Match) = $TelnetClient->waitfor ("/Message: .*/");



   if (($Match =~ m/Originate/) && ($Prematch =~ m/Success/)) {

     $OriginateSuccess = 1;

     print "Origination success.\n";

   }

   else {

     print "Origination failure.\n";

     sleep (2);

   }



	 print "Waiting...\n";



 $OnThePhone = 1;



 while ($OnThePhone) {

   ($Prematch, $Match) = $TelnetClient->waitfor (match   => "/Uniqueid: .*/",

                                                 timeout => 60);

   print "Event detected.\n";



   if (($Prematch =~ m/Hangup/) && ($Prematch =~ m/$MyPhoneEscaped/)) {

     $OnThePhone = 0;

   }

 }

}

##################################Check 200 Reply ####################################



sub checkresult {

       my ($res) = @_;

       my $retval;

       $tests++;

       chomp $res;

       if ($res =~ /^200/) {

               $res =~ /result=(-?\d+)/;

               if (!length($1)) {

                       print STDERR "FAIL ($res)\n";

                       $fail++;

               } else {

                       print STDERR "PASS ($1)\n";

                       $pass++;

               }

       }

        else {

               print STDERR "FAIL (unexpected result '$res')\n";

               $fail++;

              }

}