Iso install SME 8.0

From sailpbx
Revision as of 11:53, 10 February 2013 by Apmutha (talk | contribs) (Installation Sequence for the Centos 5.5 based .iso)
Jump to: navigation, search

SARK UCS/MVP 3.1 is delivered as a self installing .iso ready to be installed onto a suitable donor machine. The commercial version of the software is marketed under the SARK and ManX brandnames. The free-to-download version is called SAIL (SME Asterisk Integration Layer). The main difference between SAIL and the commercial versions is that SARK UCS/MVP and ManX are supported by Aelintra Telecom Limited while SAIL is supported by the contribs.org community.

Installation Sequence for the Centos 5.5 based .iso

The SAIL .iso is available from here...

DOWNLOAD

SME 8.0 + Asterisk 1.8 + SAIL 3.1.1 - 16/20 SME 8.0 + Asterisk 1.8 + SAIL 3.1.1-22

The SAIL .iso is a modified version of SME Server 8.0. SME installation is straightforward and the SME Server wiki contains a full graphical walkthrough of a typical install HERE.

In order to perform the install you will need a suitable donor machine with a screen and keyboard connected for the install itself (you can remove these afterwards). Alternatively, if this is a test install, and/or you do not wish to run any hardware telephony cards, then you can install onto a VMWare VM or similar. You should familiarise yourself with the SME install sequence because it is identical to the SAIL install. the only major difference in the install is the inclusion of OSSEC host-based intrusion detection...

OSSEC

At the end of the SAIL install (after the reboot), OSSEC-HIDS will be automatically installed on your system. OSSEC will monitor your log files and help prevent dictionary type attacks on your SAIL PBX system. The install is straightforward. Below are the prompts you should expect to receive from the OSSEC installer at the SAIL PBX console.

The first prompt will require you to enter a language code (default en)

**  (en/br/cn/de/el/es/fr/it/jp/nl/pl/ru/sr/tr) [en]: en

Next prompt requires you to specify an install type. OSSEC can run in a few different modes but for this install you should reply 'local'...

1- What kind of installation do you want (server, agent, local or help)? local     
- Local installation chosen.

The default install director is /var/ossec - don't change it.

2- Setting up the installation environment.    
- Choose where to install the OSSEC HIDS [/var/ossec]: /var/ossec       
- Installation will be made at  /var/ossec .

OSSEC likes to tell you what it is doing from time to time so it needs your email address. It will usually also ask you if you wish to use an smtp server (which it will try to guess). Usually it is ok to simply say no and enter 127.0.0.1 (as long as your domain name can be resolved).

3- Configuring the OSSEC HIDS.     
3.1- Do you want e-mail notification? (y/n) [y]: y     
- What's your e-mail address? senthilvael@gmail.com      
- We found your SMTP server as: alt2.gmail-smtp-in.l.google.com.     
- Do you want to use it? (y/n) [y]: y      
--- Using SMTP server:  alt2.gmail-smtp-in.l.google.com.

OSSEC also has an integrity checker and root-kit detection tool. They both tend to genearte a lot of emails and you may elect not to run them if you wish.

3.2- Do you want to run the integrity check daemon? (y/n) [y]: y      
- Running syscheck (integrity check daemon).     
3.3- Do you want to run the rootkit detection engine? (y/n) [y]: y      
- Running rootcheck (rootkit detection).

Next comes the good bit as far as the PBX is concerned. This is the Active response section. Answer yes to both the active response and firewall drop prompts.

3.4- Active response allows you to execute a specific command based  on the events received. 
- Do you want to enable active response? (y/n) [y]: y        
- Active response enabled.   
  
- By default, we can enable the host-deny and the firewall-drop responses. 
- Do you want to enable the firewall-drop response? (y/n) [y]: y        
- firewall-drop enabled (local) for levels >= 6      

- Default white list for the active response:        
- Do you want to add more IPs to the white list? (y/n)? [n]: n 

...and that's it. OSSEC will install and start... If anyone now repeatedly fires in incorrect SIP registrations, OSSEC will send you and email and automatically block the originating IP address in the firewall.

Logging in to SAIL

SAIL pre release 3.1

Prior to SAIL-3.1 the sail application was embedded in the SME server manager application. To use it, log into the regular SME server manager as admin.

SAIL Release 3.1.1

Open your browser and navigate to https://your.sme.box/sail

SAIL will challenge you for a user-id and password. The user is admin and the password is your regular server-manager administrator password.

If you get the password correct then you will be shown the new SAIL 3.1 application suite.

SAIL Release 3.2.0 & SAIL Release 4.0.0

From SAIL-3.2.0, the application runs its own web-server. To login, open your browser and navigate to https://your.sme.box:8443

SAIL will challenge you for a user-id and password. The user is admin and the password is asterisk. You can change the password once you've logged in.

Logging in to SME Server-manager

Open your browser and navigate to https://your.sme.box/server-manager

SME will challenge you for a user-id and password. The user is admin and the password is your regular server-manager administrator password which you allocated during the install.

If you get the password correct then you will be shown the SME server manager component from which you can manage the SME Server platform.

PCI Setup

You MUST perform this step if you have Telephony boards installed. Simply open the PCI cards window and run the generator to discover your card(s). This will build the necessary Asterisk files to define the card(s). You can manually make changs to the files if you wish.

You must also insert two lines at the end of chan_dahdi.conf if you have a version of sail prior to 3.1.0-112.

language=en-gb
#include dahdi-channels.conf

Save the files and reboot your system.

Starting and stopping Asterisk from the linux console.

The SARK UCS/MVP start-up routines are quite complex. Instead of modifying the existing asterisk start-up routines (delivered as part of the asterisk install), SARK UCS/MVP runs its own routines. DO NOT attempt to start or stop SARK UCS/MVP with any of the following console commands...

     /etc/init.d/asterisk start
     /etc/init.d/safe_asterisk start
     /etc/init.d/asterisk stop
     /etc/init.d/safe_asterisk stop 

Instead you should use...

     /etc/init.d/sark start
     /etc/init.d/sark stop 

To load the DAHDI kmods and start sark do

     /etc/init.d/dahdi start
     /etc/init.d/sark start 

To stop sark and unload the DAHDI kmods do

     /etc/init.d/sark stop
     /etc/init.d/dahdi stop 

Starting and stopping Asterisk from the Sail Browser application

There are stop/start buttons in the globals panel amd the PCI cards panel. You can stop or start Asterisk by clicking these buttons. This is the preferred way to stop/start the PBX.