Skip to content

Instantly share code, notes, and snippets.

@Digital-Daz

Digital-Daz/install-whitelisting.sh

Last active August 14, 2019 01:09
Show Gist options
  • Save Digital-Daz/2c325684498075d486e883c82f76a317 to your computer and use it in GitHub Desktop.
Save Digital-Daz/2c325684498075d486e883c82f76a317 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
install-whitelisting.sh
#!/bin/sh
/usr/bin/wget -O- http://deb.kamailio.org/kamailiodebkey.gpg | sudo apt-key add -
/bin/echo "deb http://deb.kamailio.org/kamailio52 stretch main" > /etc/apt/sources.list.d/kamailio.list
/bin/echo "deb-src http://deb.kamailio.org/kamailio52 stretch main" >> /etc/apt/sources.list.d/kamailio.list
/usr/bin/apt update
/usr/bin/apt --assume-yes install kamailio kamailio-redis-modules kamailio-postgres-modules redis-server
/usr/bin/wget https://gist.githubusercontent.com/DigiDaz/5c2c9224bf9e94e207a6cc6026ff43c1/raw/3557017b7bc88745c946b61dbc44f146081de57c/whitelist-kamailio.cfg -O /etc/kamailio/kamailio.cfg
LOCAL_IP_V4=`fs_cli -x 'eval ${local_ip_v4}'`
/bin/sed -i "s/YYYYYYYYYY/$LOCAL_IP_V4/" /etc/kamailio/kamailio.cfg
DB_PASSWORD=$(cat /etc/fusionpbx/config.php | grep db_password | awk '{print $3}' | sed "s/['|';]//g")
/bin/sed -i "s/XXXXXXXXXX/$DB_PASSWORD/" /etc/kamailio/kamailio.cfg
/bin/sed -i "s/#RUN_KAMAILIO=yes/RUN_KAMAILIO=yes/" /etc/default/kamailio
/bin/systemctl restart kamailio.service
/bin/sed -i 's/-A INPUT -p tcp -m tcp --dport 5060:5091 -j ACCEPT/-A INPUT -p tcp -m tcp --dport 5080:5091 -j ACCEPT/' /etc/iptables/rules.v4
/bin/sed -i 's/-A INPUT -p udp -m udp --dport 5060:5091 -j ACCEPT/-A INPUT -p udp -m udp --dport 5080:5091 -j ACCEPT/' /etc/iptables/rules.v4
/bin/sed -i 's/-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT/#-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT/' /etc/iptables/rules.v4
/bin/sed -i 's/-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT/#-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT/' /etc/iptables/rules.v4
/bin/sed -i 's/-A INPUT -p tcp -m tcp --dport 7443 -j ACCEPT/#-A INPUT -p tcp -m tcp --dport 7443 -j ACCEPT/' /etc/iptables/rules.v4
/bin/sed -i 's/#-A INPUT -p tcp -m tcp --dport 7443 -j ACCEPT/#-A INPUT -p tcp -m tcp --dport 7443 -j ACCEPT\n-A INPUT -p tcp -m tcp --dport 8650 -j ACCEPT\n-A INPUT -p udp -m udp --dport 8650 -j ACCEPT/' /etc/iptables/rules.v4
echo "kamailio ALL = (root) NOPASSWD: /sbin/iptables" >> /etc/sudoers
/sbin/iptables-restore /etc/iptables/rules.v4
/usr/bin/wget https://gist.githubusercontent.com/DigiDaz/2b079169ce5d7435e8a508300acdcd43/raw/8080505e61c14ce90ce2ddae78a53fa80558da5b/reset_iptables.sh -O /usr/local/bin/reset_iptables.sh
/bin/chmod +x /usr/local/bin/reset_iptables.sh
/usr/bin/wget https://gist.githubusercontent.com/DigiDaz/1f3f8a6eb2bad1429a637e802c0f5a1b/raw/352a1b140aa163cb9cb3704acc3e0921d0cb1375/root-crontab -O /var/spool/cron/crontabs/root
/bin/chown root:crontab /var/spool/cron/crontabs/root
/bin/chmod 600 /var/spool/cron/crontabs/root
/usr/bin/wget https://gist.githubusercontent.com/DigiDaz/4096126066f654fccdf54172063b262d/raw/761a1ef77f06e737bcb47badf3f527323c9ed202/rc-local.service -O /etc/systemd/system/rc-local.service
/usr/bin/wget https://gist.githubusercontent.com/DigiDaz/76e91cd098cbf89a9f24cd8024670709/raw/e867f71e3d1674a1e71c4c56765843f7b8e66ca3/rc.local -O /etc/rc.local
/bin/chmod +x /etc/rc.local
/bin/systemctl enable rc-local
/bin/systemctl start rc-local.service
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment