Securing Your Asterisk Server, Part 1 - page 2
The Importance of Passwords
Strong passwords are fundamental defenses against intrusion. The world is chock-full of automated password crackers that crack easy passwords in seconds. Passwords should not be words, names, places, birthdates, Social Security numbers, or pet names. In other words, nothing that will be found in a dictionary, and nothing that can be related to you in any way. Cracker dictionaries even include common misspellings. Random sequences of letters, numbers, and punctuation marks are best, no fewer than eight characters.
How do you keep track of passwords? Do yourself a favor and ignore all the bad advice about memorizing them and never writing them down. Write them down and keep them in a safe place, like your wallet or a locked drawer. You don't have to take my word for it; no less a security guru than Bruce Schneier recommends this.
First we'll take care of the more important passwords and security holes.
CentOS Linux Password
The default login on your Asterisk@Home server is user "root"; the password is "password." This is the most important password of all, because this is the key to the kingdom. Log in on the command-line of the server and run the passwd command:
# passwd Changing password for root (current) UNIX password: Enter new UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully
passwd is a standard Linux command. All the rest of the password commands are Asterisk@Home commands.
Asterisk Management Portal PasswordWhile you're still on the command line, run the passwd-maint script to change the password for the maint user, which controls AMP:
# passwd-maint ------------------------------------------- Set password for AMP web GUI and maint GUI User: maint ------------------------------------------- New password: Re-type new password: Updating password for user maint
A related user is wwwuser which also has AMP access, except it is blocked from using the Maintenance tab. Change it with this command:
Hitting Alt+F9 on the Asterisk server bypasses the root login and takes you directly to the administration console, which does all the same things as AMP, but without all the pretty graphics. You might leave this alone if you are confident in your physical security. Remember the ancient Unix security dictum: "Anyone with physical access to the box owns it." To disable it, do this:
# nano /usr/sbin/safe_asterisk CONSOLE=no