Empty passwords

[Vodia PBX]

Running a PBX on a public IP address with no password is pretty very dangerous. I would like to share a little shell script with you that oes through the XML files and pulls out those accounts which are affected:

 

#!/bin/bash
# Show the passwords of all users:

function get_xml()
{
 gawk -v tag=$1 'BEGIN{regex="<" tag ">([^<]*)</" tag ">";}{ match($0, regex, m); for(i = 1;; i++) { if(!(i in m)) break; printf("%s\n",m[i]);}}' $2
}

for user in users/*.xml
do
 name=${user:6} # only the name
 idx=${name%.xml} # only the number
 type=$(get_xml type $user)
 if [ "$type" == extensions ]; then
id=$(get_xml id $user)
primary=$(get_xml alias $user)
password=$(get_xml password extensions/$id.xml)
if [ -z "$password" ]; then
	domain=$(get_xml domain $user)
	username=$(get_xml name user_alias/$primary.xml)
	domainname=$(get_xml name domains/$domain.xml)
	echo $username@$domainname
fi
 fi
done

 

Please check if there are accounts that need passwords to be set. Unfortunately "marketing" required that we made it very easy for the user to change their password, so the JavaScript that checks the password quality was turned off by default. I strongly recommend to turn it on again, even it users are complaining that their password "1234" cannot be accepted any more.

[hosted]

how do you turn it on?

 

you forgot 'done' at the end of that script.

[Vodia PBX]

Ops, edited the "done", thanks.

 

We added a special warning flag that will show in the future if there is no web or sip passwort set. Next version will show it (3/4)