Vodia PBX Posted January 21, 2010 Report Share Posted January 21, 2010 Running a PBX on a public IP address with no password is pretty very dangerous. I would like to share a little shell script with you that oes through the XML files and pulls out those accounts which are affected: #!/bin/bash # Show the passwords of all users: function get_xml() { gawk -v tag=$1 'BEGIN{regex="<" tag ">([^<]*)</" tag ">";}{ match($0, regex, m); for(i = 1;; i++) { if(!(i in m)) break; printf("%s\n",m[i]);}}' $2 } for user in users/*.xml do name=${user:6} # only the name idx=${name%.xml} # only the number type=$(get_xml type $user) if [ "$type" == extensions ]; then id=$(get_xml id $user) primary=$(get_xml alias $user) password=$(get_xml password extensions/$id.xml) if [ -z "$password" ]; then domain=$(get_xml domain $user) username=$(get_xml name user_alias/$primary.xml) domainname=$(get_xml name domains/$domain.xml) echo $username@$domainname fi fi done Please check if there are accounts that need passwords to be set. Unfortunately "marketing" required that we made it very easy for the user to change their password, so the JavaScript that checks the password quality was turned off by default. I strongly recommend to turn it on again, even it users are complaining that their password "1234" cannot be accepted any more. Quote Link to comment Share on other sites More sharing options...
hosted Posted January 27, 2010 Report Share Posted January 27, 2010 how do you turn it on? you forgot 'done' at the end of that script. Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted January 28, 2010 Author Report Share Posted January 28, 2010 Ops, edited the "done", thanks. We added a special warning flag that will show in the future if there is no web or sip passwort set. Next version will show it (3/4) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.