vicidial.org

[dspaan]

Hi,

Does anyone have a simple instruction on how to patch this on a ViCibox server?

I tried this guide but it destroyed my server:
http://www.cyberciti.biz/faq/cve-2015-0 ... ent-535479

[mcargile]

Which version of Vicibox?

[mcargile]

http://support.novell.com/security/cve/ ... -0235.html

Vicibox 6 is not effected by GHOST as it is based off OpenSuSE 13.1

[klept24]

Is Vicibox 5 is also affected?

[mcargile]

Yes Vicibox 5 is vulnerable.

EDIT: And it is not likely to receive a patch as it is based off 12.3 OpenSuSE:
http://lists.opensuse.org/opensuse-secu ... 00005.html

[klept24]

how im i supposed to fix this issue ? if there is no available patch. what is the best solution for this?

[dspaan]

Which version of Vicibox?

ViciBox Redux v.3.1.15 release

[mav2287]

Is there any reason you can't upgrade the server to 13.1?

[dspaan]

For me when i did zypper up it upgraded the server from 11.3 to 12.1 but the most basic components were broken after that, MySQL and Asterisk.

[DomeDan]

I'm on 11.3 too, seams like a reinstall is what we need to do because the lifetime of 11.3 ended January 20th 2012
and this vulnerability seams too serious to just rely on whitelist: http://www.pcworld.com/article/2876572/ ... tions.html

Qualys analysts developed a proof-of-concept exploit where they sent a specially crafted email to an Exim mail server running the vulnerable version of glibc and achieved a remote shell, giving them full control.

and do not try to update only glibc, it would probably break every program that rely on glibc

[dspaan]

But if port 25 is closed how would a malicious e-mail ever reach a vicidial server?

[DomeDan]

an email is probably just one of the ways to exploit this, I guess gethostbyname is used by a few other programs in a gnu/linux system

[mcargile]

Ghost effects any program that does a DNS look up including bash, SSH, apache, asterisk, mysql, and many many many others. An upgrade is advised.

[dspaan]

Damn, how to upgrade an old vicibox full of customizations...

[mav2287]

Copy all your directories and restore them. I just had to do this a while back, totally sucks. I used SCP -r to get all the directories and then used it to restore them all

[mcargile]

You can also use the Vicidial back up utility:

TestDialer:~# /usr/share/astguiclient/ADMIN_backup.pl --help
allowed run time options:
[--db-only] = only backup the database
[--db-without-logs] = do not backup the log tables in the database
[--conf-only] = only backup the asterisk conf files
[--without-db] = do not backup the database
[--without-conf] = do not backup the conf files
[--without-web] = do not backup web files
[--without-sounds] = do not backup asterisk sounds
[--without-voicemail] = do not backup asterisk voicemail
[--without-crontab] = do not backup crontab
[--ftp-transfer] = Transfer backup to FTP server
[--debugX] = super debug
[--debug] = debug
[--test] = test

Matt pretty much wrote it to back up a Vicidial system with customizations and restore it.

[dspaan]

Yes i do use the the vicidial backup utility to backup all my servers and ftp the backups nightly but it's still a pain to move over a server or in this case upgrade it. Something always breaks.

[mav2287]

Did anyone ever write a restore utility though? That part is a pain

[mflorell]

There are a lot of different ways of restoring, and if you are in a cluster you only want to do a partial restore, so we usually try to keep that a manual process.

Here's a sample restore that we go over in our Administrator training classes:

Backup Process:
- /usr/share/astguiclient/ADMIN_backup.pl --help (to see options)
- /usr/share/astguiclient/ADMIN_backup.pl --without-web -–debugX

Restore Process:
- ls -lat /var/log/astguiclient/archive/
- cd /var/log/astguiclient/archive/
- tar xvfz 192.168.198.5_ALL_0.tar.gz
- cd var/log/astguiclient/archive/
- mv 192.168.198.5* /
- cd /
- ls -lat
- tar xvf 192.168.198.5_VOICEMAIL_0.tar
- tar xvf 192.168.198.5_CONF_0.tar
- tar xvf 192.168.198.5_BIN_0.tar
- tar xvf 192.168.198.5_LINUX_0.tar
- tar xvf 192.168.198.5_SOUNDS_0.tar
- (check for other tar files if you used other backup options)
- gunzip 192.168.198.5asterisk0.gz
- mysql asterisk
- \. 192.168.198.3asterisk0
- quit

[Workflow]

Hi Matt,

Thanks for the restore procedure!

Anyone tried to move data over from production to new server yet?

[dspaan]

Yes i did it a few times. But it's a different procedure if you restore it to the same server or to a different one with another IP address.

One thing i'm not sure about is if you extract tar files from an old vicibox 3 server to a fresh installed vicibox 6 server if it will work right away. For instance if you install the new server do you have to do the vicidial express or vicidial-install command yes or no? I always do it (never tried without that step) and if you do you have to take care you install asterisk 1.4 (i think?) and not asterisk 1.8 or your restore won't work. We also had problems with MySQL when restoring because it was a different version. My colleague had to do a lot of troubleshooting, it wasn't as simple as the steps above but maybe we also messed up along the way.

It depends on your starting situation and where you want to end up.

One more useful thing. If you want to move over your backup files from an old server to a new server i use this command to copy over the files"

nohup scp -rpC /var/log/astguiclient/archive/yourbackupfile_ALL_4.tar.gz root@yourserverip:/

Do this for each of the backup files and they will be copied to the root of the other server.

For copying over recordings you can't use the above command if there are many files, you'll get the error ' too many arguments' . I then install a program called Unison and use this command:

cd /var/spool/asterisk/monitorDONE
unison MP3 ssh://yourserverip//var/spool/asterisk/monitorDONE/MP3

To get mysql to work after moving stuff over you can try the mysql_upgrade command
You will have to use the server update ip script, server rebuild conf files, check if NTP is configured properly, update the server ip address in the server admin page, update audio store server and finally update your DNS records to point to your new server.

[mav2287]

I know this a bit off from what the last few post have been about, but I did an upgrade on a server to 13.1 this weekend. I made a backup of everything just in case before I started, but didn't need it. I had thought about going in and just using the vicibox 6 install and restoring, but I decided to try to upgrade first as it looked easier. If you go to the opensuse webpage and follow the upgrade instructions it isn't too bad. One thing worth noting though is that if you have the same experience I did you will need to re-install a few things afterwards. I had to reinstall most of the cpan modules, dahdi and asterisk perl.(that took my like 5min not a big deal at all)

[Workflow]

Hi Mav,

I've tried to upgrade from 12.1 and it was a complete mess Didn't work one bit, with my experiences, I'm not going to re-produce that on a production server.

Dspaan,

Thanks for the information here, I've taken a backup (all) using the ADMIN_backup.pl as matt said (Vicibox 4! Opensuse 12.1) and I've installed Vicibox 5.0.3 (Opensuse 12.3) with the same SVN version to see if this works, if so I might attempt to go up to V6.0.3. However, you can obtain the glibc patches on 12.3!

Will update this post anyway!