OpenVZ – enable tun / tap / pop

Before we can use PPP in the container, we must enable the PPP kernel modules on the host system:

modprobe tun
modprobe ppp-compress-18
modprobe ppp_mppe
modprobe ppp_deflate
modprobe ppp_async
modprobe pppoatm
modprobe ppp_generic
vzctl set [VEnumber] --features ppp:on --save
vzctl set [VEnumber] --devnodes net/tun:rw --capability net_admin:on --save

Installing ModSecurity with OWASP

ModSecurity is web application firewall to secure the http server . OWASP is the modsecurity rule set that protect trojan, web defacement etc.

Following is steps to install on Linux System (or example here is running on DirectAdmin)

# Install Prerequisite
# Run this if you are in directadmin, make sure libxml2 and limxslt is installed
cd /usr/local/directadmin/custombuild
./build update
./build versions
./build libxml2
./build libxslt
./build php n

# Install Related Library
yum -y install expat-devel

# For 64bit system
ln -s /usr/lib64/libxml2.so.2 /usr/lib/libxml2.so.2

# Prepare apache environment
perl -pi -e ’s/ServerTokens Major/ServerTokens Full/’ /etc/httpd/conf/extra/httpd-default.conf
perl -pi -e ’s/ServerSignature Off/ServerSignature On/’ /etc/httpd/conf/extra/httpd-default.conf
perl -pi -e ’s/ServerSignature EMail/ServerSignature On/’ /etc/httpd/conf/extra/httpd-default.conf

#Download ModSecurity for Apache
cd /root/
https://www.modsecurity.org/tarball/2.7.7/modsecurity-apache_2.7.7.tar.gz

#Unzip and Untar
tar -zxvf modsecurity-apache_2.7.7.tar.gz

#Compile ModSecurity

cd /root/modsecurity-apache_*.*.*
./configure
make
make test
make install

#Create Config Directory
mkdir /etc/modsecurity

#At source folder of modsecurity

cp modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
cp unicode.mapping /etc/modsecurity/

#Change ModSecurity Value

# vi /etc/modsecurity/modsecurity.conf
# SecRuleEngine On
# SecRequestBodyLimit 16384000
# SecRequestBodyInMemoryLimit 16384000

perl -pi -e ‘s/SecRuleEngine DetectionOnly/SecRuleEngine On/’ /etc/modsecurity/modsecurity.conf
perl -pi -e ‘s/SecRequestBodyLimit 13107200/SecRequestBodyLimit 16384000/’ /etc/modsecurity/modsecurity.conf
perl -pi -e ‘s/SecRequestBodyInMemoryLimit 131072/SecRequestBodyInMemoryLimit 16384000/’ /etc/modsecurity/modsecurity.conf

# create files /etc/httpd/conf/extra/httpd-modsecurity.conf

vi /etc/httpd/conf/extra/httpd-modsecurity.conf

#insert following
LoadModule security2_module /usr/lib/apache/mod_security2.so

Include /etc/modsecurity/modsecurity.conf
Include “/etc/modsecurity/activated_rules/*.conf”

# at /etc/httpd/conf/httpd.conf

vi /etc/httpd/conf/httpd.conf

Include conf/extra/httpd-modsecurity.conf

# Download ModSecurity Rules
cd /root/
wget -O SpiderLabs-owasp-modsecurity-crs.tar.gz https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master –no-check-certificate

# or replace master with ver num , like v2.2.5 if want older version

tar -zxvf SpiderLabs-owasp-modsecurity-crs.tar.gz

cp -R SpiderLabs-owasp-modsecurity-crs-*/* /etc/modsecurity/

mv /etc/modsecurity/modsecurity_crs_10_setup.conf.example /etc/modsecurity/modsecurity_crs_10_setup.conf

cd /etc/modsecurity/base_rules
for f in * ; do ln -s /etc/modsecurity/base_rules/$f /etc/modsecurity/activated_rules/$f ; done
cd /etc/modsecurity/optional_rules
for f in * ; do ln -s /etc/modsecurity/optional_rules/$f /etc/modsecurity/activated_rules/$f ; done

# Include thi if not done at above
# vi /etc/apache2/mods-available/mod-security.conf
# Include “/etc/modsecurity/activated_rules/*.conf”

service httpd restart

#make sure is running by see the log and no error
tail -f /var/log/modsec_audit.log

#Done

Clear pending operation that hang

In some case, force reboot or shutdown operation hang, and cannot to perform, this is steps to clear the pending process and re-run it-

1. “xe vm-list” to get the uuid of the VM that is hung

2. “list_domains” to list the domain uuid’s so you can determine the domain # of the VM above by matching the uuids from this output with the uuid for your VM from the previous command.

3. “/opt/xensource/debug/destroy_domain -domid XX” where XX is the domain number from the previous command

4. “xe vm-reboot uuid=XXXX –force” where XXXX is the uuid from the first vm-list command for your VM. (name-label may work but didn’t work this time for me so I used the uuid)

Asterisk Call Pickup

To Pickup call that know the extension –
Just press ** + ringging ext

To Pickup call that do know know the extension, callgroup and pickup group will be use –

Following is clarification of callgroup and pickup group-
CallGroup – Category of a inbound call to specific extension. For example, Sales Department has callgroup 1 ; while Technical Department has callgroup 2

PickupGroup – Pickupgroup at extension is define which callgroup an inbound call can the extension can pickup. For example, the senario above, an extension that has pickupgroup 1, can only pickup call destinated to extension Sales Department, while pickupgroup 2 can only pickup call to extension Technical Department. While extension with PickupGroup 1,2 can pickup call destinate to both Sales and Technical Department.

Thus, usually, Receptionist have pickup group 1,2 ; while collegue in Technical Department have pickupgroup 2 and collegue in Sales Department has pickup group 1. And it give senario of Receptionist can pickup call from both department , which each individual department collegue can only pick up call from within same department only.

Pickup call with this method , by default is dial *8 , this default value can be change at FreePBX’s “Feature Codes” under Core Section.

Asterisk-FreePBX On Demand Call Recording

This is how to trigger On-Demand Call Recording, which means middle of conversations, activate the call recordings-

A. “In FreePBX, 1 – Ensure Feature Code “In-Call Asterisk Toggle Call Recording” is enabled and set to *1.

B On the General Settings page, add “wW” to “Asterisk Dial command options” making its value “trwW”. Also, add “wW” to “Asterisk Outbound Dial command options.” Hover over the labels for a full description of these options.

C On the extension, make sure “Record Incoming” and “Record Outgoing” are set to “On Demand”.”