Iso install SME Server 8

From sailpbx
Jump to: navigation, search

SARK UCS/MVP 3.1 is delivered as a self installing .iso ready to be installed onto a suitable donor machine. The commercial version of the software is marketed under the SARK and ManX brandnames. The free-to-download version is called SAIL (SME Asterisk Integration Layer). The main difference between SAIL and the commercial versions is that SARK UCS/MVP and ManX are supported by Aelintra Telecom Limited while SAIL is supported by the contribs.org community.

Installation Sequence for the SME Server 8.x based .iso

The SAIL .iso is available from here...

DOWNLOAD

  • The SAIL .iso is a modified version of SME Server 8.0.
  • SAIL/SME installation is straightforward and the SME Server wiki contains a full graphical walkthrough of a typical install HERE.
  • In order to perform the install you will need a suitable donor machine with a screen and keyboard connected for the install itself (you can remove these afterwards). Alternatively, if this is a test install, and/or you do not wish to run any hardware telephony cards, then you can install onto a VMWare VM or similar. You should familiarise yourself with the SME install sequence because it is identical to the SAIL install. the only major difference in the install is the inclusion of OSSEC host-based intrusion detection...

OSSEC

At the end of the SAIL install (after the reboot), OSSEC-HIDS will be automatically installed on your system. OSSEC will monitor your log files and help prevent dictionary type attacks on your SAIL PBX system. The install is straightforward. Below are the prompts you should expect to receive from the OSSEC installer at the SAIL PBX console.

The first prompt will require you to enter a language code (default en)

**  (en/br/cn/de/el/es/fr/it/jp/nl/pl/ru/sr/tr) [en]: en

Next prompt requires you to specify an install type. OSSEC can run in a few different modes but for this install you should reply 'local'...

1- What kind of installation do you want (server, agent, local or help)? local     
- Local installation chosen.

The default install director is /var/ossec - don't change it.

2- Setting up the installation environment.    
- Choose where to install the OSSEC HIDS [/var/ossec]: /var/ossec       
- Installation will be made at  /var/ossec .

OSSEC likes to tell you what it is doing from time to time so it needs your email address. It will usually also ask you if you wish to use an smtp server (which it will try to guess). Usually it is ok to simply say no and enter 127.0.0.1 (as long as your domain name can be resolved).

3- Configuring the OSSEC HIDS.     
3.1- Do you want e-mail notification? (y/n) [y]: y     
- What's your e-mail address? senthilvael@gmail.com      
- We found your SMTP server as: alt2.gmail-smtp-in.l.google.com.     
- Do you want to use it? (y/n) [y]: y      
--- Using SMTP server:  alt2.gmail-smtp-in.l.google.com.

OSSEC also has an integrity checker and root-kit detection tool. They both tend to generate a lot of emails and you may elect not to run them if you wish.

3.2- Do you want to run the integrity check daemon? (y/n) [y]: n      
- Running syscheck (integrity check daemon).     
3.3- Do you want to run the rootkit detection engine? (y/n) [y]: n      
- Running rootcheck (rootkit detection).

Next comes the good bit as far as the PBX is concerned. This is the Active response section. Answer yes to both the active response and firewall drop prompts.

3.4- Active response allows you to execute a specific command based  on the events received. 
- Do you want to enable active response? (y/n) [y]: y        
- Active response enabled.   
  
- By default, we can enable the host-deny and the firewall-drop responses. 
- Do you want to enable the firewall-drop response? (y/n) [y]: y        
- firewall-drop enabled (local) for levels >= 6      

- Default white list for the active response:        
- Do you want to add more IPs to the white list? (y/n)? [n]: n 

...and that's it. OSSEC will install and start... If anyone now repeatedly fires in incorrect SIP registrations, OSSEC will send you an email and automatically block the originating IP address in the PBX on-board firewall.

Logging in to SAIL

Open your browser and navigate to https://your.sme.box/sail

SAIL will challenge you for a user-id and password. The user is admin and the password is your regular server-manager administrator password.

If you get the password correct then you will be shown the SAIL 3.1 application suite where you can begin to define your PBX endpoints and behaviours.

Logging in to SME Server-manager

Open your browser and navigate to https://your.sme.box/server-manager

SME will challenge you for a user-id and password. The user is admin and the password is your regular server-manager administrator password which you allocated during the install.

If you get the password correct then you will be shown the SME server manager component from which you can manage the SME Server platform. In this application you can set system passwords and allow/deny endpoints access to the server.

PCI Setup

You MUST perform this step if you have Telephony boards installed. Simply open the PCI cards window and run the generator to discover your card(s). This will build the necessary Asterisk files to define the card(s). You can manually make changes to the files if you wish.

You must also insert two lines at the end of chan_dahdi.conf if you have a version of sail prior to 3.1.0-112.

language=en-gb
#include dahdi-channels.conf

Save the files and reboot your system.

N.B. Starting and stopping Asterisk from the console.

The SARK UCS/MVP start-up routines are quite complex. Instead of modifying the existing asterisk start-up routines (delivered as part of the asterisk install), SARK UCS/MVP runs its own routines. DO NOT attempt to start or stop SARK UCS/MVP with any of the following console commands...

     /etc/init.d/asterisk start
     /etc/init.d/safe_asterisk start
     /etc/init.d/asterisk stop
     /etc/init.d/safe_asterisk stop 

Instead you should use...

     /etc/init.d/sark start
     /etc/init.d/sark stop 

To load the DAHDI kmods and start sark do

     /etc/init.d/dahdi start
     /etc/init.d/sark start 

To stop sark and unload the DAHDI kmods do

     /etc/init.d/sark stop
     /etc/init.d/dahdi stop 

Starting and stopping Asterisk from the Sail application

There are stop/start buttons in the globals panel and the PCI cards panel. You can stop or start Asterisk by clicking these buttons. This is the preferred way to stop/start the PBX.

SAIL ISO vs SME8 ISO

The original kernel RPMs and the TRANS.TBL:

  • kernel-2.6.18-308.4.1.el5.i686.rpm
  • kernel-PAE-2.6.18-308.4.1.el5.i686.rpm
  • kernel-xen-2.6.18-308.4.1.el5.i686.rpm
  • SME/TRANS.TBL file

have been done away with and the following newer lone kernel is available in the SAIL ISOs:

  • kernel-2.6.18-308.13.1.el5.i686.rpm

This is based on the dahdi kmod versions available in the asterisk18 series of RPMs used in SAIL ISOs.

The extra RPMs that are common to both SAIL v3.1.1-22 and 4.0.0-15 ISOs (the 2 released ISOs for Asterisk v1,8) that are not in the standard SME 8 ISO are:

alsa-lib-1.0.17-1.el5.i386.rpm
asterisk-sounds-core-en-alaw-1.4.21-1_centos5.noarch.rpm
asterisk-sounds-moh-opsound-alaw-0.0-4_centos5.noarch.rpm
asterisk18-1.8.7.0-2_centos5.i386.rpm
asterisk18-addons-core-1.8.7.0-2_centos5.i386.rpm
asterisk18-addons-mysql-1.8.7.0-2_centos5.i386.rpm
asterisk18-configs-1.8.7.0-2_centos5.i386.rpm
asterisk18-core-1.8.7.0-2_centos5.i386.rpm
asterisk18-dahdi-1.8.7.0-2_centos5.i386.rpm
asterisk18-doc-1.8.7.0-2_centos5.i386.rpm
asterisk18-voicemail-1.8.7.0-2_centos5.i386.rpm
asterisknow-version-2.0.0-4_centos5.noarch.rpm
dahdi-firmware-2.0.4-1_centos5.noarch.rpm
dahdi-firmware-hx8-2.06-1_centos5.noarch.rpm
dahdi-firmware-oct6114-064-1.05.01-1_centos5.noarch.rpm
dahdi-firmware-oct6114-128-1.05.01-1_centos5.noarch.rpm
dahdi-firmware-oct6114-256-1.05.01-1_centos5.noarch.rpm
dahdi-firmware-tc400m-MR6.12-1_centos5.noarch.rpm
dahdi-firmware-te820-1.76-1_centos5.noarch.rpm
dahdi-firmware-vpmoct032-1.12.0-1_centos5.noarch.rpm
dahdi-linux-2.6.1-1_centos5.i386.rpm
dahdi-tools-2.4.1-68.el5.i386.rpm
dahdi-tools-doc-2.6.1-1_centos5.i386.rpm
fxload-2008_10_13-2.el5.i386.rpm
kernel-2.6.18-308.13.1.el5.i686.rpm
kmod-dahdi-linux-2.6.1-1_centos5.2.6.18_308.13.1.el5.i686.rpm
kmod-dahdi-linux-fwload-vpmadt032-2.6.1-1_centos5.2.6.18_308.13.1.el5.i686.rpm
libogg-1.1.3-3.el5.i386.rpm
libopenr2-1.2.0-1_centos5.i386.rpm
libpri-1.4.12-1_centos5.i386.rpm
libss7-1.0.2-1.el5.i386.rpm
libtonezone-2.6.1-1_centos5.i386.rpm
libvorbis-1.1.2-3.el5_4.4.i386.rpm
libvorbis-1.1.2-3.el5_7.6.i386.rpm
nmap-4.11-1.1.i386.rpm
nmap-5.51.6-1.el5.rfx.i386.rpm
perl-Bit-Vector-6.4-2.2.2.1.i386.rpm
perl-Carp-Clan-5.3-1.2.1.noarch.rpm
perl-Date-Calc-5.4-1.2.2.1.i386.rpm
perl-DBD-SQLite-1.14-1.el5.rf.i386.rpm
perl-File-ReadBackwards-1.04-1.2.el5.rf.noarch.rpm
perl-IO-Interface-1.04-1.el5.rf.i386.rpm
perl-IO-Socket-Multicast-1.12-1.rhel5.i386.rpm
sme-ast-en-uk-gpl-gsm-sounds-3.1.0-3.noarch.rpm
smeossec-3.2.0-4.noarch.rpm
smesailenvast18-1.0.0-1.noarch.rpm
sox-12.18.1-1.i386.rpm
tftp-server-0.49-2.el5.centos.i386.rpm
xinetd-2.3.14-10.el5.i386.rpm

The SAIL v3.1.1-22 ISO has the following extra RPMs:

sail-3.1.1-22.noarch.rpm
smesailenv-1.0.0-30.noarch.rpm

The SAIL v4.0.0-15 ISO has the following extra RPMs:

sail-4.0.0-15.noarch.rpm
smesailenv-4.0.0-6.noarch.rpm

The SAIL v4.0.0-15 ISO will have the following RPMs supercede the above:

sail-4.0.0-43.noarch.rpm
smesailenv-4.0.0-11.noarch.rpm

The errors in the latest SAIL RPMs can be fixed by comparing with the latest SAIL debs (4.0.0-52) after diligently allowing for Debian specific changes.