Asterisk 保護密碼

tag-icon tag-icon security asterisk
Asterisk 保護密碼

我正在運行星號樹莓派3;因此,我想保護密碼。有人可以移除 SD 卡,密碼將是純文字形式!我知道我可以加密整個作業系統,但如果我能避免這樣做就好了,因為我只需要保護一個檔案。

3我想要保護的金鑰/密碼類型。到目前為止,我已經成功地從樹中保護了 2 個密碼。

無論如何,這是我舊的sip.conf未受保護的:

[general]

  keepalive=30
  bindport=5060
  ... etc

  ; Allow tls !    
  tlsenable=yes
  tlsbindaddr=0.0.0.0
  tlscertfile=/keys/asterisk.pem     ; <---- 1st key unprotected
  tlscafile=/keys/ca.crt
  tlscipher=ALL
  tlsclientmethod=tlsv1


; Peers info ---------------------------------------------
[user1]
  secret=somePassword       ; < -------- 2nd key unprotected
  type=peer
  ... etc

[user2]
  ... etc..   ; more  unprotected keys
; ----------------------------------------------------------

; elastic sip trunks used to make outbound calls -----------
[Trunk-Provider-1] ; 
  type=peer
  host=someProvider.com
  secret=plainTextPassword    ; <------------ 3rd password unprotected
  username=foo      
; ---------------------------------------------------------

這是我的新sip.conf「受保護」:

[general]

  keepalive=30
  bindport=5060
  ... etc

  ; Allow tls !       
  tlsenable=yes
  tlsbindaddr=0.0.0.0                      
  tlscertfile=/dev/shm/keys/asterisk.pem   ; <---- 1st key located on memory (/dev/shm/)
  tlscafile=/dev/shm/keys/ca.crt           ; same thing. File is on memory and NOT on disk. 
  tlscipher=ALL
  tlsclientmethod=tlsv1


; Peers info ---------------------------------------------
[user1]      
  md5secret=4a8e71480c5b1ef0a5d502a8eb98576  ; < -------- 2nd key hashed (protected)
  type=peer
  ... etc

[user2]
  ... etc..   ; more hashed keys
; ----------------------------------------------------------

; elastic sip trunks used to make outbound calls -----------
[Trunk-Provider-1] ; 
  type=peer
  host=omeProvider.com
  secret=password-Of-Provider  ; <------------ 3rd password I do not know how to protect this :/ ?
  username=foo
; ---------------------------------------------------------

所以我必須保護 3 種類型的金鑰/密碼。

  1. 憑證金鑰 用於加密呼叫的證書。我透過在電腦啟動時下載它並將它們放在記憶體中來保護它(/dev/shm/)。如果電腦關閉,檔案將會遺失。

  2. IP 電話密碼(對等) 這是電話(對等方)使用的密碼。為了保護它們,我對它們進行哈希處理。本文解釋了這是如何完成的:https://www.voip-info.org/wiki/view/Asterisk+sip+md5secret

  3. 提供者的密碼(用於撥打外線電話) 我不知道如何保護這個密碼。我考慮過將 sip.conf 檔案的位置移動到記憶體中,但這並不容易。這需要移動我認為的所有配置文件。

答案1

回答我自己的問題:

我透過建立符號連結移動了檔案 /etc/asterisk/sip.conf。 https://stackoverflow.com/a/1951752/637142

# 1. Delete /etc/asterisk/sip.conf we do not want that file on disk. It contains passwords!
rm /etc/asterisk/sip.conf

# 2. create sip.conf on memory (/dev/shm/sip.conf)
touch /dev/shm/sip.conf
... add configuration and passwords... to that file

# 3. Trick asterisk by placing a symbolic link. 
# Point file /etc/asterisk/sip.conf ---> /dev/shm/sip.conf
ln -s /dev/shm/sip.conf /etc/asterisk/sip.conf

不,當我實際訪問/etc/asterisk/sip.conf時,我正在訪問/dev/shm/sip.conf!

相關內容