Re: [Astlinux-users] Passwords to change

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Marcus-

That's going to depend on what you turn on.  For a base astlinux install,
'out of the box', so to speak, there's the system root password, and the
https administrator password.  Both are changeable through the web
interface.  If you configure Asterisk to allow manager API connections, you
should pay attention there too (by default, I believe it is either off or at
least without any accounts configured- I confess, I don't have a stock
install lying at my fingertips at the moment).

In general, I tend to put any Asterisk (not just astlinux) machines inside
some sort of firewall, and only open the ports that I need to get
connections as I need them.  IAX is fairly firewall-friendly, so I try to
stick there- but there are ways of getting SIP to work through most
firewalls as well.  This limits exposure to that unknown bug that'll be
released tomorrow.  And of course, try to run the latest possible Asterisk
itself- there have been a few security holes found there, but the biggies
have been patched and included in astlinux.

-Paul

On 4/27/07, Marcus <li...@wo...> wrote:
>
> Which passwords do I need to change to secure my astlinux box once it's
> on the net?
>
> I know the default login needs changing of course, but what other
> services might need changing? I'm completely new to astlinux, so I
> don't want to get hacked within minutes of going online ;-)
>
> Are all the services configured in rc.conf or are there exceptions?
>
>
> Thanks,
>
> Marcus
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Astlinux-users mailing list
> Ast...@li...
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> pa...@kr....
>