Iso install SME Server 8

From sailpbx
Revision as of 20:57, 6 May 2011 by Adminwiki (talk | contribs)
Jump to: navigation, search

SARK UCS/MVP 3.1 is delivered as a self installing .iso ready to be installed onto a suitable donor machine. The commercial version of the software is marketed under the SARK and ManX brandnames. The free-to-download version is called SAIL (SME Asterisk Integration Layer). The main difference between SAIL and the commercial versions is that SARK UCS/MVP and ManX are supported by Aelintra Telecom Limited while SAIL is supported by the contribs.org community.

SAIL V2 vs SAIL V3 differences

SAIL V3.1 differs from V2.x and V3.0 in several major respects.- 

   * SV3.1 does NOT run in the SME server manager, instead it runs completely unprivileged under the regular SME apache webserver. the url is https://your.sme.box/sail
   * SV3.1 has almost all of its code in a single directory tree which makes it easier to manage and port
   * SV3.1 has no SME server dependencies
   * SV3.1 uses SQLite3 to store its data (SV2 used the SME Perl database)
   * SV3.1 uses its own in-line asterisk code generators (SV2 used the SME templating system)
   * SV3.1 has a re-engineeered AGI which makes extensive use of jump vectors and shorter instruction paths to speed up processing
   * SV3.1 is more functional than SV2 yet has about 10% fewer lines of code.
   * SV3.1 uses a new, css-driven screen layout incorporating useful cross-referencing of entities.
   * SV3.1 has no equivalent of the SV2 headers panel. Instead header information is modified in-file using the Asterisk File Edit panel.
   * SV3.1 has no Carriers Panel and a heavily simplified Carrier list. Existing carriers will be automatically converted for you during data conversion (see conversion note below).
   * SV3.1 can run natively under vanlla Centos 5 with either Apache or Lighttpd.

Installation Sequence for the SME Server 8.x based .iso

The SAIL .iso is available from here...

DOWNLOAD

The SAIL .iso is a modified version of SME Server 8.0. SME installation is straightforward and the SME Server wiki contains a full graphical walkthrough of a typical install HERE.

In order to perform the install you will need a suitable donor machine with a screen and keyboard connected for the install itself (you can remove these afterwards). Alternatively, if this is a test install, and/or you do not wish to run any hardware telephony cards, then you can install onto a VMWare VM or similar. You should familiarise yourself with the SME install sequence because it is identical to the SAIL install. the only major difference in the install is the inclusion of OSSEC host-based intrusion detection...

OSSEC

At the end of the SAIL install (after the reboot), OSSEC-HIDS will be automatically installed on your system. OSSEC will monitor your log files and help prevent dictionary type attacks on your SAIL PBX system. The install is straightforward. Below are the prompts you should expect to receive from the OSSEC installer at the SAIL PBX console.

The first prompt will require you to enter a language code (default en)

    • (en/br/cn/de/el/es/fr/it/jp/nl/pl/ru/sr/tr) [en]: en

Next prompt requires you to specify an install type. OSSEC can run in a few different modes but for this install you should reply 'local'...

1- What kind of installation do you want (server, agent, local or help)? local - Local installation chosen.

The default install director is /var/ossec - don't change it.

2- Setting up the installation environment. - Choose where to install the OSSEC HIDS [/var/ossec]: /var/ossec - Installation will be made at /var/ossec .

OSSEC likes to tell you what it is doing from time to time so it needs your email address. It will usually also ask you if you wish to use an smtp server (which it will try to guess). Usually it is ok to simply say no and enter 127.0.0.1 (as long as your domain name can be resolved).

3- Configuring the OSSEC HIDS. 3.1- Do you want e-mail notification? (y/n) [y]: y - What's your e-mail address? senthilvael@gmail.com - We found your SMTP server as: alt2.gmail-smtp-in.l.google.com. - Do you want to use it? (y/n) [y]: y --- Using SMTP server: alt2.gmail-smtp-in.l.google.com.

OSSEC also has an integrity checker and root-kit detection tool. They both tend to genearte a lot of emails and you may elect not to run them if you wish.

3.2- Do you want to run the integrity check daemon? (y/n) [y]: y - Running syscheck (integrity check daemon). 3.3- Do you want to run the rootkit detection engine? (y/n) [y]: y - Running rootcheck (rootkit detection).

Next comes the good bit as far as the PBX is concerned. This is the Active response section. Answer yes to both the active response and firewall drop prompts.

3.4- Active response allows you to execute a specific command based on the events received. For example, you can block an IP address or disable access for a specific user. More information at: http://www.ossec.net/en/manual.html#active-response - Do you want to enable active response? (y/n) [y]: y - Active response enabled. - By default, we can enable the host-deny and the firewall-drop responses. The first one will add a host to the /etc/hosts.deny and the second one will block the host on iptables (if linux) or on ipfilter (if Solaris, FreeBSD or NetBSD). - They can be used to stop SSHD brute force scans, portscans and some other forms of attacks. You can also add them to block on snort events, for example. - Do you want to enable the firewall-drop response? (y/n) [y]: y - firewall-drop enabled (local) for levels >= 6 - Default white list for the active response: - Do you want to add more IPs to the white list? (y/n)? [n]: n

...and that's it. OSSEC will install and start... If anyone now repeatedly fires in incorrect SIP registrations, OSSEC will send you and email and automatically block the originating IP address in the firewall.

Logging in to SAIL

Open your browser and navigate to https://your.sme.box/sail

SAIL will challenge you for a user-id and password. The user is admin and the password is your regular server-manager administrator password.

If you get the password correct then you will be shown the new SAIL 3.1 application suite where you will meet telephone tux.

Logging in to SME Server-manager

Open your browser and navigate to https://your.sme.box/server-manager

SME will challenge you for a user-id and password. The user is admin and the password is your regular server-manager administrator password which you allocated during the install.

If you get the password correct then you will be shown the SME server manager component from which you can manage the SME Server platform.

Turning on the AMI in Asterisk

SAIL 3.1 communicates with Asterisk across the Asterisk Manager Interface (AMI). By default, the AMI is turned off when you install Asterisk so you need to turn it on (in later sail releases, from sail-3.1.0-112, this is already done in the iso but it's still worth checking).

In the Sail application window choose Asterisk File Edit and open /etc/asterisk/manager.conf

Enable the manager by setting the enabled couplet to yes...

[general] displaysystemname = yes enabled = yes

webenabled = yes

port = 5038

Now save the file, navigate to the globals panel and stop/start Asterisk.

If you don't turn AMI on, SAIL will still run, but it won't be able to provide full functionality and it will moan at you a lot. Language prompts

The SAIL iso comes with a UK english language pack however, it needs to be set for the channels SIP & IAX. This step should not be necessary with sail releases after 3.1.0-112.

select Asterisk File Edit from the SAIL menu and modify the following files

/etc/asterisk/sark_customer_iax_header.conf /etc/asterisk/sark_customer_sip_header.conf

Simply add the following couplet at the end of each file

language=en-gb

Restart the PBX from globals panel.

You should also add a symlink at the linux console as follows...

ln -s /var/lib/asterisk/sounds/en /var/lib/asterisk/en-gb Issues with some panels giving errors

On some releases of the .iso there is a minor corruption error in some of the scripts. This was caused by the scripts being edited in Windoze in error. It manifests as a general failure when you select a panel. It can be fixed by running the following at the Linux console

dos2unix /opt/sark/www/cgi-bin/sark*

PCI Setup

You MUST perform this step if you have Telephony boards installed. Simply open the PCI cards window and run the generator to discover your card(s). This will build the necessary Asterisk files to define the card(s). You can manually make changs to the files if you wish.

You must also insert two lines at the end of chan_dahdi.conf if you have a version of sail prior to 3.1.0-112.

language=en-gb

  1. include dahdi-channels.conf

Save the files and reboot your system. N.B. Starting and stopping Asterisk from the console.

The SARK UCS/MVP start-up routines are quite complex. Instead of modifying the existing asterisk start-up routines (delivered as part of the asterisk install), SARK UCS/MVP runs its own routines. DO NOT attempt to start or stop SARK UCS/MVP with any of the following console commands... 

   * /etc/init.d/asterisk start
   * /etc/init.d/safe_asterisk start
   * /etc/init.d/asterisk stop
   * /etc/init.d/safe_asterisk stop

Instead you should use... 

   * /etc/init.d/sark start
   * /etc/init.d/sark stop

To load the DAHDI kmods and start sark do 

   * /etc/init.d/dahdi start
   * /etc/init.d/sark start

To stop sark and unload the DAHDI kmods do 

   * /etc/init.d/sark stop
   * /etc/init.d/dahdi stop

N.B. Starting and stopping Asterisk from the Sail application.

There are stop/start buttons in the globals panel amd the PCI cards panel. You can stop or start Asterisk by clicking these buttons. This is the preferred way to stop/start the PBX.

Retrieved from ‘http://sailpbx.com/mediawiki/index.php?title=Iso_install_SME_Server_8&oldid=37