vicidial.org

by **speed** » Mon Oct 19, 2009 12:42 pm

Hello @ all,

How can i change the cron user and or password?

its not good .. everbody who works with vicidial knows this standart pass.

and 1234 isn´t secure ...

please help .. thx

speed

by **mcargile** » Mon Oct 19, 2009 2:47 pm

You run these queries to change it in the db:

update user set password=PASSWORD("NEW-PASSWORD-HERE") where User='cron';
FLUSH PRIVILEGES;

making the appropriate substitution. Then you change the VARDB_pass variable in /etc/astguiclient.conf to match. That should be it.

by **brett05** » Mon Oct 19, 2009 4:24 pm

ok thanks mcargile for your answer
but what about admin in vicidial
it is needed also to change this entry in admin-->server and in admin-->phones to update all password for cron after update of it in database !
for exemple :
in admin-->server they are this setting :

Manager User: cron
Manager Secret:1234

and in admin-->phones they are this setting too :

Manager User: cron
Manager Secret:1234
DBX User:cron
DBX Pass:1234
DBY User:cron
DBY Pass:1234

we need to change them or no after when we update the database password for cron and the etc/astguiclient.conf or no?
also i think we need to change this entry also in etc/asterisk/manager.conf

by **williamconley** » Mon Oct 19, 2009 7:51 pm

hm. perhaps a script similar to the update server ip script. so all the passwords could be reset simultaneously to the correct settings ... and NOT be the "standards" any more.

by **brett05** » Mon Oct 19, 2009 8:04 pm

thanks for you post
i will say you just one thing if we use cron with 1234 is not a good thing for me i can say this a probleme of security
and for creating this script i can do it
just here i want to understand what we need to change after our update of cron password in database exactly
say me if my step is good please :
1=update user set password=PASSWORD("NEW-PASSWORD-HERE") where User='cron';
FLUSH PRIVILEGES;
2=hange the VARDB_pass variable in /etc/astguiclient.conf
3=change password cron in etc/asterisk/manager.conf
4=update all new password for cron in vicidia-->admin--> server
as

Manager User: cron
Manager Secret:1234

5=update all new password for cron in vicidia-->admin-->phones
as

Manager User: cron
Manager Secret:1234
DBX User:cron
DBX Pass:1234
DBY User:cron
DBY Pass:1234

it there any other thing to change it ?

by **williamconley** » Mon Oct 19, 2009 8:35 pm

limit your vicidial server and phone changes to those with ip matching the server being altered (in case of a cluster setup)

by **brett05** » Mon Oct 19, 2009 8:43 pm

what you mean ?
so i don't need to change any thing in admin-->phones and in admin -->server this ?

by **williamconley** » Mon Oct 19, 2009 8:46 pm

brett05 wrote:what you mean ?
so i don't need to change any thing in admin-->phones and in admin -->server this ?

No, i mean servers and phones are specific to a single ip address. if there is more than one server, you only want to change the user/pwd for ONE server and the phones on THAT server. this script would be run on/for each server individually.

so change user/pwd for server with ip xx.xx.xx.xx (not yy.yy.yy.yy) and phones assigned to that same server.

by **brett05** » Mon Oct 19, 2009 8:57 pm

ok thanks
this one i have understand it so here
so i need to change each pass/user to cron in admin-->phones and admin-->server spécific to the ip of asterisk server .
and what about the the etc/asterisk/manager.conf ?
exemple :

[general]
enabled = yes
port = 5038
bindaddr = 0.0.0.0

[cron]
secret = "newpass_cron"
read = system,call,log,verbose,command,agent,user
write = system,call,log,verbose,command,agent,user

[updatecron]
secret = "newpass_cron"
read = command
write = command

[listencron]
secret = "newpass_cron"
read = system,call,log,verbose,command,agent,user
write = command

[sendcron]
secret ="newpass_cron"
read = command
write = system,call,log,verbose,command,agent,user

it is good ?

by **speed** » Wed Oct 21, 2009 4:56 am

can anyone write a script ?

after install execute this for security changes..

thx speed

by **williamconley** » Wed Oct 21, 2009 6:34 pm

I'm quite sure someone will ... but if you want it done NOW ...

by **brett05** » Wed Oct 21, 2009 8:49 pm

Done what?

by **speed** » Thu Oct 22, 2009 3:11 am

i realy respekt you knowlege about vicidial !

but i ám not a script delveloper - that means

i cant write this skript - ok.

Its not only my problem -its a big security problem for all vicidial supporter.

some one had more knowlege because 3 years expirience - i had only 6 months ??

im learning everday but its not possible to learn all about vicidial and delveloping at the same time.

if my knowlege sufficient for delveloping the scipt then i will DO it.

but now my knowlege isnt sufficient.

but this does not alter the problem - this is a big security problem.

When anyone write a funktional script for this security problem i will donate 100 Dollar.

i hope someone had the same problem und donate a little bit.

thx speed.

by **okli** » Thu Oct 22, 2009 4:07 pm

speed wrote:...When anyone write a funktional script for this security problem i will donate 100 Dollar.

i hope someone had the same problem und donate a little bit...

This would be an appropriate place to start a bounty:
http://www.vicidial.org/VICIDIALforum/viewforum.php?f=9

vicidial.org

cron user & pass change

cron user & pass change

thanks

thanks

thanks

Re: thanks

thanks

cron user & pass change

thanks

dear mr williamconley

Re: dear mr williamconley

Who is online