FusionPBX comes preconfigured with powerful features. There are some things you might want to disable or change though.
For instance. If you have SIP phones (as opposed to using ATAs with traditional phones) they might do unexpected things. One example of this is that *8 followed by an extension is the freeswitch preconfigured intercom function that is defined in the advanced dialplan. Unfortunately on Yealink phones if this is enabled a person can call your phone with it and without you needing to accept the conversation the phone automatically answers the call and turns on your microphone - so they can hear everything that is being said in the presence of your phone without you having authorised it. So you might want to disable this. Actually, FusionPBX ships with intercom.lua in the freeswitch/scripts directory and if you set up this intercom it mutes the line of the person receiving the intercom call until they accept the call - a much safer option.
You might also want to disable the "eavesdrop" functionality provided in the advanced dialplan too.
Additionally, you might want to change the pin on the DISA dialplan entry (not in the advanced dialplan) - theoretically if you enable direct dialing from IVR and you left this as the default pin and someone knew you had a fusionpbx phone system they might be able to dial it from an IVR and make long distance phone calls at your expense because it was still using the default pin. I'm not really sure if that is possible but is it worth the risk?
While I'm at it, if you do edit your advanced dialplan and make a mess of it you'll want to restore it. For some reason my restore default button on the bottom of that screen didn't restore the default but instead left me with an empty file. I had to copy the default from /var/www/fusionpbx/includes/install/dialplan/default.xml
However, I made a big error. Before doing this I backed up my current default.xml file and left the old copy in the same directory with the extension .xml. Unfortunately freeswitch still processed the backup because it had the extension .xml and therefore my error didn't go away! So if you are going to make a backup in the same directory give it a different extension eg. .old
Note that if you to create a mess of your advanced dialplan you may generate errors when you apply settings. eg. '+OK [[error near line 4968]: unclosed'. To locate this use an editor such as nano to look at freeswitch/log/freeswitchxml.fsxml - this file is generated by freeswitch when it is processing your dialplan files. In nano CTRL-_ will allow you to enter the line number from the error message. When you have seen the line in that file you can then go back and look for the corresponding line in the advanced dialplan and fix the problem. Note that the error might not be on that line - in my case it said it was near that line but it did enable me to locate the problem.
Wednesday, November 10
Thursday, November 4
This may be a better approach to permissions
One of the most common problems observed in the FusionPBX forum are permission issues. The balance you have to achieve though is security vs. usability.
By default, the Centos ISO comes with freeswitch having an owner of freeswitch and a group of freeswitch and fusionpbx has an owner of apache and a group of daemon. As a result there are problems of interoperability between the two that have to be solved by using chmod to set permissions for group and other and by using chgrp to change the group on some directories.
One solution to this dilemma is to set the owner and group on both to be the same as each other. Accordingly you might want to try this:
chown -R apache:apache /usr/local/freeswitch
chown -R apache:apache /var/www/fusionpbx
Keep the chmod as 755 on /usr/local/freeswitch and /var/www/fusionpbx. In fact you could even try 700 or 600 if you want.
CORRECTION: you can keep 755 on fusionpbx but you need 775 on /usr/local/freeswitch. You also need to edit /etc/group and change the line "apache:x:48:" to "apache:x:48:freeswitch,apache". With this change freeswitch is able to start without needing to be run by root.
Security experts might want to comment on why doing this would be a bad idea....?
NOTE: The instructions above assume that the owner of the fusionpbx directory on your server is apache. On ubuntu and other systems it might be www-data or something else. Take a look at the existing owner of this directory and that is the owner to make use of in the instructions above. It is basically your webserver's account.
By default, the Centos ISO comes with freeswitch having an owner of freeswitch and a group of freeswitch and fusionpbx has an owner of apache and a group of daemon. As a result there are problems of interoperability between the two that have to be solved by using chmod to set permissions for group and other and by using chgrp to change the group on some directories.
One solution to this dilemma is to set the owner and group on both to be the same as each other. Accordingly you might want to try this:
chown -R apache:apache /usr/local/freeswitch
chown -R apache:apache /var/www/fusionpbx
Keep the chmod as 755 on /usr/local/freeswitch and /var/www/fusionpbx. In fact you could even try 700 or 600 if you want.
CORRECTION: you can keep 755 on fusionpbx but you need 775 on /usr/local/freeswitch. You also need to edit /etc/group and change the line "apache:x:48:" to "apache:x:48:freeswitch,apache". With this change freeswitch is able to start without needing to be run by root.
Security experts might want to comment on why doing this would be a bad idea....?
NOTE: The instructions above assume that the owner of the fusionpbx directory on your server is apache. On ubuntu and other systems it might be www-data or something else. Take a look at the existing owner of this directory and that is the owner to make use of in the instructions above. It is basically your webserver's account.
Subscribe to:
Posts (Atom)