I have SecAst up and running great, and I realize that any workstation on the network can access the SecAst telnet interface. Is there a way to limit this to only my laptop? I don't want one of the end users to mess with the ban/unban interace
Asked
Active
Viewed 68 times
1 Answers
1
In general we don't recommend exposing the SecAst telnet interface beyond the local machine. You can secure the telnet interface by either:
In the secast.conf file tell the telnet interface to listen on the localhost only, and then SSH into the pbx when you need access to SecAst control.
Setup an iptables rule to allow access only from your laptop's IP (which I assume is static).
You'll find a similar issue with the web interface. You can use either .htaccess files or configure your apache server to restrict access to a single network/IP.
UPDATE:
To set SecAst to only accept connections from the computer it is running on, edit the /etc/xdg/generationd/secast.conf file and in the [network] section, set the management address as follows:
managementaddress=LocaHostIPv4
TSG
- 1,674
- 7
- 32
- 51
-
How do I setup SecAst to only accept connections from itself (the PBX that I would SSH into) – Jul 03 '14 at 20:54
-
If I could make a suggestion: add a deny/allow to secast's management port. I don't want to learn iptables. I'll try the first suggestion in the mean time. – Jul 03 '14 at 21:35